Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
github.com/jramnani/go-ftp
Status: Experimental
TODO:
FTP Protocol Command Summary
Log in USER username PASS password
Set the TYPE TYPE I (binary) for binary files or TYPE A (ascii) for text files
Sample Response: 200 Type set to A or I
Set Passive transfer mode PASV Computing the destination port from the actual respone (127,0,0,1,201,208) The first four octets are the IP address while the last two octets comprise the port that will be used for the data connection. To find the actual port multiply the fifth octet by 256 and then add the sixth octet to the total
Sample Response: 227 Entering Passive Mode (127,0,0,1,201,208)
Retrieve the file RETR [file] After you call RETR the data port will open and be available to download the file. RETR doesn't return immediately, but waits until you open a connection to the data port and download the file.
Sample Response: 150 opening connection
Open connection to data port Read data bytes to a file Sample Response: 226 Transfer complete
Close data port
Close the connection (optional, if you want to download multiple files in one session) QUIT
$ telnet localhost 21 220 ProFTPD 1.3.2c Server (ProFTPD Test Server) [127.0.0.1] USER 500 USER: command requires a parameter USER anonymous 331 Anonymous login ok, send your complete email address as your password PASS foo 230 Anonymous access granted, restrictions apply
TYPE I 200 Type set to I PASV 227 Entering Passive Mode (127,0,0,1,201,208).
RETR test_file.txt 150 Opening BINARY mode data connection for test_file.txt (12 bytes) 226 Transfer complete QUIT 221 Goodbye.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.