Skip to content

Instantly share code, notes, and snippets.

@HelloKS

HelloKS/1st.html

Created January 23, 2018 07:12
Show Gist options
  • Save HelloKS/6631237f7f8f51bbd8c0b3e31b022854 to your computer and use it in GitHub Desktop.
Save HelloKS/6631237f7f8f51bbd8c0b3e31b022854 to your computer and use it in GitHub Desktop.
Download ZIP
KT ISP router usage find logic
Raw
1st.html
<meta http-equiv="refresh"content="2;url=http://접속URL/?"/>
<iframe id="f"frameborder="0"style="width:1;height:1"></iframe>
<script>document.getElementById("f").src="http://KT서버/tm/?a=FF&b=WIN&c=고유값&d=고유값&e=고유값&f=고유값&g=고유값&h="+Date.now()+"&y=0&z=0&x=1&w=2018-01-03&in=고유값&id=20180123"</script>
Raw
2nd.html
<!DOCTYPE html>
<html>
<body>
<form id="fa" method="post" target="_top">
<input type="hidden" name="c" value="고유값" />
<input type="hidden" name="f" value="고유값" />
<input type="hidden" name="o" value="" />
<input type="hidden" name="p" value="2018-01-03" />
<input type="hidden" name="a" value="FF" />
</form>
<script>
function f1(){var e,t,i,n,d,a,o,r="",c=0,f="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";for(mb=di.p1.replace(/[^A-Za-z0-9\+\/\=]/g,"");c<mb.length;)n=f.indexOf(mb.charAt(c++)),d=f.indexOf(mb.charAt(c++)),a=f.indexOf(mb.charAt(c++)),o=f.indexOf(mb.charAt(c++)),e=n<<2|d>>4,t=(15&d)<<4|a>>2,i=(3&a)<<6|o,r+=String.fromCharCode(e),64!=a&&(r+=String.fromCharCode(t)),64!=o&&(r+=String.fromCharCode(i));parent.location.href="http://"+r}function f2(e,t){var i,n,d,a,o,r,r,c;for(i=3&e.length,n=e.length-i,d=t,o=3432918353,r=461845907,c=0;n>c;)r=255&e.charCodeAt(c)|(255&e.charCodeAt(++c))<<8|(255&e.charCodeAt(++c))<<16|(255&e.charCodeAt(++c))<<24,++c,r=(65535&r)*o+(((r>>>16)*o&65535)<<16)&4294967295,r=r<<15|r>>>17,r=(65535&r)*r+(((r>>>16)*r&65535)<<16)&4294967295,d^=r,d=d<<13|d>>>19,a=5*(65535&d)+((5*(d>>>16)&65535)<<16)&4294967295,d=(65535&a)+27492+(((a>>>16)+58964&65535)<<16);switch(r=0,i){case 3:r^=(255&e.charCodeAt(c+2))<<16;case 2:r^=(255&e.charCodeAt(c+1))<<8;case 1:r^=255&e.charCodeAt(c),r=(65535&r)*o+(((r>>>16)*o&65535)<<16)&4294967295,r=r<<15|r>>>17,r=(65535&r)*r+(((r>>>16)*r&65535)<<16)&4294967295,d^=r}return d^=e.length,d^=d>>>16,d=2246822507*(65535&d)+((2246822507*(d>>>16)&65535)<<16)&4294967295,d^=d>>>13,d=3266489909*(65535&d)+((3266489909*(d>>>16)&65535)<<16)&4294967295,d^=d>>>16,d>>>0}var di={p1:"d3d3LmRvZ2RyaXAubmV0",p2:"300013416697",p3:32,p4:11502,p5:"2018-01-03",p6:1,p7:0,p8:0,I1:"UN",I2:"UN",I3:"FF",I4:-1,I5:'WIN',I6:"A2A8338890F1B8",I7:"2017-12-21",I8:0,I9:1,I10:0,t1:1516685627780,t2:0,t3:0};setTimeout(function(){function e(e){var t=a.exec(e)[1];t.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/)?(di.I1=t,d.onicecandidate=null):o&&(di.I1=t,o=0)}try{var t=window.RTCPeerConnection||window.mozRTCPeerConnection||window.webkitRTCPeerConnection,i={optional:[{RtpDataChannels:!0}]},n={iceServers:[{urls:"stun:stun.services.mozilla.com"}]},d=new t(n,i),a=/([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/,o=1}catch(r){return void(di.I1="NS")}d.onicecandidate=function(t){t.candidate&&e(t.candidate.candidate)},d.createDataChannel(""),d.createOffer(function(e){d.setLocalDescription(e,function(){},function(){})},function(){})},0),setTimeout(function(){try{var e=document.createElement("canvas"),t=e.getContext("webgl")||e.getContext("experimental-webgl"),i=t.getExtension("WEBGL_debug_renderer_info");di.I2=t.getParameter(i.UNMASKED_RENDERER_WEBGL);var n,d;n=di.I2.indexOf("ANGLE (",0),n>-1&&(n+=7,d=di.I2.indexOf("Direct",n),d>-1&&(di.I2=di.I2.substr(n,d-n))),di.I2=di.I2.replace(/\s/gi,"")}catch(a){di.I2="NS"}},0),setTimeout(function(){try{var e,t=document.createElement("canvas"),i="so.in<co> 2.0";t.setAttribute("width",300),t.setAttribute("height",200),e=t.getContext("2d"),e.textBaseline="top",e.font="14px 'Arial'",e.textBaseline="alphabetic",e.fillStyle="#f60",e.fillRect(125,1,62,20),e.fillStyle="#069",e.fillText(i,2,15),e.fillStyle="rgba(102, 204, 0, 0.7)",e.fillText(i,4,17),di.I10=f2(t.toDataURL().replace("data:image/png;base64,",""),31)}catch(n){di.I10=-1}},0),setTimeout(function(){function e(e,t){var i=0,n=50,d=0,a=setInterval(function(){e()&&(window.clearInterval(a),t(d)),i++>n&&(window.clearInterval(a),d=1,t(d))},10)}var t;if(window.webkitRequestFileSystem)window.webkitRequestFileSystem(window.TEMPORARY,1,function(){t=0},function(e){t=1});else if("IE"==di.I3&&document.documentMode>=10||"ED"==di.I3){t=0;try{window.indexedDB||(t=1)}catch(i){t=1}}else if("FF"==di.I3&&window.indexedDB){try{var n=window.indexedDB.open("test")}catch(i){t=1}"undefined"==typeof t&&e(function(){return"done"===n.readyState?1:0},function(e){e||(t=n.result?0:1)})}else if("SF"==di.I3&&window.localStorage){try{window.localStorage.setItem("test",1)}catch(i){t=1}"undefined"==typeof t&&(t=0)}e(function(){return"undefined"!=typeof t?1:0},function(){("undefined"===t?0:t?1:0)?(di.I4=1,di.I6="PV"):di.I4=0})},0);var m1=0,m2=setInterval(function(){if(m1>=10||""!==di.I6&&"UN"!==di.I1&&"UN"!==di.I2&&-1!==di.I4){clearInterval(m2);var e,t;e=window.XMLHttpRequest?new XMLHttpRequest:new ActiveXObject("Microsoft.XMLHTTP");try{t=window.performance.timing,di.t2=t.requestStart,di.t3=t.responseEnd}catch(i){di.t2=di.t3=(new Date).getTime()}e.open("GET","tms.das?a="+di.I3+"&b="+di.I5+"&c="+di.p2+"&d="+di.p3+"&e="+di.p4+"&g="+di.t1+"&h="+di.t2+"&i="+di.t3+"&l="+di.I1+"&m="+di.I7+"&n="+(1===di.I4?"PV":di.I6)+"&o="+di.I8+"&p="+di.I2+"&q="+di.I9+"&r="+di.I10,!0),e.setRequestHeader("Content-Type","application/x-www-form-urlencoded;charset=euc-kr"),e.onreadystatechange=function(){if(4==e.readyState&&200==e.status){var t=e.responseText.split(":");if("0"===t[0]){var i=document.getElementById("fa");i.o.value=t[2],i.action="nt/"+t[1]+".das",1===di.p6?i.submit():(window.open("","N_POP","width="+t[3]+"px,height="+t[4]+"px,left=0,top=0"),i.target="N_POP",i.submit(),f1())}else f1()}},e.send()}m1++},100);
</script>
</body>
</html>
Raw
2nd_beautifully.js
function f1() {
var e, t, i, n, d, a, o, r = "",
c = 0,
f = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
for (mb = di.p1.replace(/[^A-Za-z0-9\+\/\=]/g, ""); c < mb.length;) n = f.indexOf(mb.charAt(c++)), d = f.indexOf(mb.charAt(c++)), a = f.indexOf(mb.charAt(c++)), o = f.indexOf(mb.charAt(c++)), e = n << 2 | d >> 4, t = (15 & d) << 4 | a >> 2, i = (3 & a) << 6 | o, r += String.fromCharCode(e), 64 != a && (r += String.fromCharCode(t)), 64 != o && (r += String.fromCharCode(i));
parent.location.href = "http://" + r
}
function f2(e, t) {
var i, n, d, a, o, r, r, c;
for (i = 3 & e.length, n = e.length - i, d = t, o = 3432918353, r = 461845907, c = 0; n > c;) r = 255 & e.charCodeAt(c) | (255 & e.charCodeAt(++c)) << 8 | (255 & e.charCodeAt(++c)) << 16 | (255 & e.charCodeAt(++c)) << 24, ++c, r = (65535 & r) * o + (((r >>> 16) * o & 65535) << 16) & 4294967295, r = r << 15 | r >>> 17, r = (65535 & r) * r + (((r >>> 16) * r & 65535) << 16) & 4294967295, d ^= r, d = d << 13 | d >>> 19, a = 5 * (65535 & d) + ((5 * (d >>> 16) & 65535) << 16) & 4294967295, d = (65535 & a) + 27492 + (((a >>> 16) + 58964 & 65535) << 16);
switch (r = 0, i) {
case 3:
r ^= (255 & e.charCodeAt(c + 2)) << 16;
case 2:
r ^= (255 & e.charCodeAt(c + 1)) << 8;
case 1:
r ^= 255 & e.charCodeAt(c), r = (65535 & r) * o + (((r >>> 16) * o & 65535) << 16) & 4294967295, r = r << 15 | r >>> 17, r = (65535 & r) * r + (((r >>> 16) * r & 65535) << 16) & 4294967295, d ^= r
}
return d ^= e.length, d ^= d >>> 16, d = 2246822507 * (65535 & d) + ((2246822507 * (d >>> 16) & 65535) << 16) & 4294967295, d ^= d >>> 13, d = 3266489909 * (65535 & d) + ((3266489909 * (d >>> 16) & 65535) << 16) & 4294967295, d ^= d >>> 16, d >>> 0
}
var di = {
p1: "d3d3LmRvZ2RyaXAubmV0",
p2: "300013416697",
p3: 32,
p4: 11502,
p5: "2018-01-03",
p6: 1,
p7: 0,
p8: 0,
I1: "UN",
I2: "UN",
I3: "FF",
I4: -1,
I5: 'WIN',
I6: "A2A8338890F1B8",
I7: "2017-12-21",
I8: 0,
I9: 1,
I10: 0,
t1: 1516685627780,
t2: 0,
t3: 0
};
setTimeout(function() {
function e(e) {
var t = a.exec(e)[1];
t.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/) ? (di.I1 = t, d.onicecandidate = null) : o && (di.I1 = t, o = 0)
}
try {
var t = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection,
i = {
optional: [{
RtpDataChannels: !0
}]
},
n = {
iceServers: [{
urls: "stun:stun.services.mozilla.com"
}]
},
d = new t(n, i),
a = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/,
o = 1
} catch (r) {
return void(di.I1 = "NS")
}
d.onicecandidate = function(t) {
t.candidate && e(t.candidate.candidate)
}, d.createDataChannel(""), d.createOffer(function(e) {
d.setLocalDescription(e, function() {}, function() {})
}, function() {})
}, 0), setTimeout(function() {
try {
var e = document.createElement("canvas"),
t = e.getContext("webgl") || e.getContext("experimental-webgl"),
i = t.getExtension("WEBGL_debug_renderer_info");
di.I2 = t.getParameter(i.UNMASKED_RENDERER_WEBGL);
var n, d;
n = di.I2.indexOf("ANGLE (", 0), n > -1 && (n += 7, d = di.I2.indexOf("Direct", n), d > -1 && (di.I2 = di.I2.substr(n, d - n))), di.I2 = di.I2.replace(/\s/gi, "")
} catch (a) {
di.I2 = "NS"
}
}, 0), setTimeout(function() {
try {
var e, t = document.createElement("canvas"),
i = "so.in<co> 2.0";
t.setAttribute("width", 300), t.setAttribute("height", 200), e = t.getContext("2d"), e.textBaseline = "top", e.font = "14px 'Arial'", e.textBaseline = "alphabetic", e.fillStyle = "#f60", e.fillRect(125, 1, 62, 20), e.fillStyle = "#069", e.fillText(i, 2, 15), e.fillStyle = "rgba(102, 204, 0, 0.7)", e.fillText(i, 4, 17), di.I10 = f2(t.toDataURL().replace("data:image/png;base64,", ""), 31)
} catch (n) {
di.I10 = -1
}
}, 0), setTimeout(function() {
function e(e, t) {
var i = 0,
n = 50,
d = 0,
a = setInterval(function() {
e() && (window.clearInterval(a), t(d)), i++ > n && (window.clearInterval(a), d = 1, t(d))
}, 10)
}
var t;
if (window.webkitRequestFileSystem) window.webkitRequestFileSystem(window.TEMPORARY, 1, function() {
t = 0
}, function(e) {
t = 1
});
else if ("IE" == di.I3 && document.documentMode >= 10 || "ED" == di.I3) {
t = 0;
try {
window.indexedDB || (t = 1)
} catch (i) {
t = 1
}
} else if ("FF" == di.I3 && window.indexedDB) {
try {
var n = window.indexedDB.open("test")
} catch (i) {
t = 1
}
"undefined" == typeof t && e(function() {
return "done" === n.readyState ? 1 : 0
}, function(e) {
e || (t = n.result ? 0 : 1)
})
} else if ("SF" == di.I3 && window.localStorage) {
try {
window.localStorage.setItem("test", 1)
} catch (i) {
t = 1
}
"undefined" == typeof t && (t = 0)
}
e(function() {
return "undefined" != typeof t ? 1 : 0
}, function() {
("undefined" === t ? 0 : t ? 1 : 0) ? (di.I4 = 1, di.I6 = "PV") : di.I4 = 0
})
}, 0);
var m1 = 0,
m2 = setInterval(function() {
if (m1 >= 10 || "" !== di.I6 && "UN" !== di.I1 && "UN" !== di.I2 && -1 !== di.I4) {
clearInterval(m2);
var e, t;
e = window.XMLHttpRequest ? new XMLHttpRequest : new ActiveXObject("Microsoft.XMLHTTP");
try {
t = window.performance.timing, di.t2 = t.requestStart, di.t3 = t.responseEnd
} catch (i) {
di.t2 = di.t3 = (new Date).getTime()
}
e.open("GET", "tms.das?a=" + di.I3 + "&b=" + di.I5 + "&c=" + di.p2 + "&d=" + di.p3 + "&e=" + di.p4 + "&g=" + di.t1 + "&h=" + di.t2 + "&i=" + di.t3 + "&l=" + di.I1 + "&m=" + di.I7 + "&n=" + (1 === di.I4 ? "PV" : di.I6) + "&o=" + di.I8 + "&p=" + di.I2 + "&q=" + di.I9 + "&r=" + di.I10, !0), e.setRequestHeader("Content-Type", "application/x-www-form-urlencoded;charset=euc-kr"), e.onreadystatechange = function() {
if (4 == e.readyState && 200 == e.status) {
var t = e.responseText.split(":");
if ("0" === t[0]) {
var i = document.getElementById("fa");
i.o.value = t[2], i.action = "nt/" + t[1] + ".das", 1 === di.p6 ? i.submit() : (window.open("", "N_POP", "width=" + t[3] + "px,height=" + t[4] + "px,left=0,top=0"), i.target = "N_POP", i.submit(), f1())
} else f1()
}
}, e.send()
}
m1++
}, 100);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment