Skip to content

Instantly share code, notes, and snippets.

@pmache
Forked from geek-at/trash.sh
Created April 2, 2021 12:50
Show Gist options
  • Save pmache/1e5ea821607508dc978b216119eb491d to your computer and use it in GitHub Desktop.
Save pmache/1e5ea821607508dc978b216119eb491d to your computer and use it in GitHub Desktop.
The script used to trash a banking phishing site
#!/bin/bash
while :; do
verf=$(cat /dev/urandom | tr -dc '0-9' | fold -w 8 | head -n 1)
pin=$(cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1)
ip=$(printf "%d.%d.%d.%d\n" "$((RANDOM % 256))" "$((RANDOM % 256))" "$((RANDOM % 256))" "$((RANDOM % 256))")
curl -s -I http://elba-app.com/Raiffeisen/ > header.txt
cookie=$(cat header.txt | grep 'Set-Cookie:' | cut -d ' ' -f 2 | cut -d ';' -f 1)
location=$(cat header.txt | grep 'location:' | cut -d ' ' -f 2 | cut -d '/' -f 1)
echo "$ip $cookie with $location"
echo "[i] Login"
curl -s "http://elba-app.com/Raiffeisen/$location/submit.php" \
-H 'Connection: keep-alive' \
-H 'Cache-Control: max-age=0' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'Origin: http://elba-app.com' \
-H "X-Forwarded-For: $ip" \
-H "CF-Connecting-IP: $ip" \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-H "Referer: http://elba-app.com/Raiffeisen/$location/login.php?" \
-H 'Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7' \
-H "Cookie: $cookie" \
--data-raw "verbot=&type=username&state_text=Salzburg&state=ELOOE-05-V-&username=ELOOE-05-V-$verf" \
--compressed \
--insecure
echo "[i] Pass"
curl -s "http://elba-app.com/Raiffeisen/$location/pass.php?" \
-H 'Connection: keep-alive' \
-H "CF-Connecting-IP: $ip" \
-H 'Cache-Control: max-age=0' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36' \
-H "X-Forwarded-For: $ip" \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-H "Referer: http://elba-app.com/Raiffeisen/$location/login.php?" \
-H 'Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7' \
-H "Cookie: $cookie" \
--compressed \
--insecure
echo "[i] hundle"
curl -s "http://elba-app.com/Raiffeisen/$location/hundle-pin.php" \
-H 'Connection: keep-alive' \
-H 'Accept: text/html, */*; q=0.01' \
-H 'X-Requested-With: XMLHttpRequest' \
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36' \
-H "Content-Type: multipart/related" \
-H "X-Forwarded-For: $ip" \
-H "CF-Connecting-IP: $ip" \
-H 'Origin: http://elba-app.com' \
-H "Referer: http://elba-app.com/Raiffeisen/$location/pass.php?" \
-H 'Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7' \
-H "Cookie: $cookie" \
--form "pin=$pin" \
--compressed \
--insecure
echo "Sent $verf with pin $pin"
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment