<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head> <!-- Does not work <meta http-equiv="Supports-Loading-Mode" content="fenced-frame"> --> <title>Fast Hack'em v.0.0.3</title></head><body><div id="eScreen" style="float:left;width:96%;margin:0px;padding:0px;font-size:14px;font-family: Monospace, Arial, sans-serif, Helvetica;"></div><div id="scratch">id:scratch Write here using w("<b>Hello</b>")</div><iframe name="ifn" id="ifd" style="width:96%;height:800px;margin:0px;padding:0px;"></iframe><script>//document.write('<script async src="tracker.js?project_key=92d0c4de-8609-4d63-ba27-3df02ccfcde9&rnd='+Math.random()+'"><\/script>');//Object.getOwnPropertyDescriptor = Object.defineProperty = Object.create = Object.entries = /*window.eval = function(e){alert(e);console.log(e)}g = Object.getOwnPropertyDescriptors;Object.getOwnPropertyDescriptors = function(o){ console.log(o); alert("g:" + o); return g(o);}*///const navigationTimings = performance.getEntriesByType("navigation")[0].transferSize;//document.write("PERF:" + (navigationTimings.transferSize));/*async function createFenced(){ const URLs = [{url:'fence.php'}]; await window.sharedStorage.worklet.addModule("worklet.js"); const resolveToConfig = window.FencedFrameConfig !== void 0; let opaqueURL = await window.sharedStorage.selectURL("ts", URLs, {resolveToConfig, keepAlive:true}); if (resolveToConfig && opaqueURL instanceof FencedFrameConfig) document.body.appendChild(Object.assign(document.createElement('fencedframe'), {mode: 'opaque-ads', config: opaqueURL, width:1000, height:800, id:'fenced'}));}*/if (window === top){ }else{ eScreen.style.width = "95%"; ifd.style.width = "3%";} function createError(){ try { nothing() //null[0](); } catch(error) { log(error.stack.toString()); }}//setTimeout(createError, 1000);function logMe(){ var logData = ` isActive: ${navigator.userActivation.isActive} hasBeenActive: ${navigator.userActivation.hasBeenActive} location: ${location.href} `; log(logData.replace(/\n/g,'<br />'));}var timer; const cmd = { get start() { timer = setInterval(logMe, 1000); return 1; }, set start(arg) { }, get stop() { clearInterval(timer); return 1; }, }; (function (){/* var eScreen = document.createElement("div");eScreen.style.width = "46%";eScreen.style.margin = "0px";eScreen.style.padding = "0px";eScreen.style.fontSize = "14px";eScreen.style.fontFamily = "Monospace, Arial, sans-serif, Helvetica";eScreen.style.float = "left";*///let iFrame = document.createElement("iframe"); ///////////////////////// Code TextAreavar eCode = document.createElement("textarea");/*eCode.onchange = function(e){ window.x = e; alert(e.isTrusted);}*/eCode.name = "taCode";eCode.style.width = "100%";eCode.rows = "20";eCode.style.backgroundColor = "#000000";eCode.style.color = "#30ee30";eCode.style.fontSize = "16px";eCode.style.padding = "5px";eCode.autofocus = true;eCode.autocorrect = "off";eCode.autocapitalize = "off";eCode.spellcheck = false;eCode.ondblclick = function(e){ var ret = eval(this.value); log(ret);}eCode.onkeydown = function(e){ if (typeof e == "undefined") e = event; if ((e.keyCode == 13 || e.keyCode == 10) && (e.metaKey || e.ctrlKey || e.shiftKey) || (e.key == "@" || e.key == "#") ) { if (e.preventDefault) e.preventDefault(); try { var ret = eval(this.value); } catch(e) { log("Error: " + e); return; } if (e.metaKey || e.ctrlKey || e.key == "@" || e.key == "#") // Log either eval or enum { if (e.shiftKey && !(e.key == "@" || e.key == "#")) log(prettyEnumObject(ret)); else if (e.altKey || e.key == "#") log(remoteSave(prettyEnumObject(ret, true))); else log(ret); } }} ///////////////////////// Code Log-Statusvar eLog = document.createElement("div");eLog.style.width = "100%";eLog.style.height = "300pt";eLog.style.margin = "0px";eLog.style.padding = "0px";eLog.style.wordWrap = "break-word";eLog.style.overflow = "scroll";eLog.style.padding = "5px";eLog.style.backgroundColor = "#000000";eLog.style.color = "#ffffff";eLog.style.border = "1px solid #eeeeee";eLog.innerHTML = "Fast Hack'em"; eScreen.appendChild(eCode);eScreen.appendChild(eLog);//document.body.appendChild(eScreen); window.log = function log(msg, append = false) { if (append) { return eLog.innerHTML += '<br />' + msg; } else { return eLog.innerHTML = msg; }}; function rot(s, i){ return void 0 === i && (i = 13), s.replace(/[A-Za-z]/g, function(c) { return String.fromCharCode(c.charCodeAt(0) + (c.toUpperCase() <= "M" ? i : -i)); });}//console.log = window.log; function enumMembers(obj) // Returns an array of Strings of the members of the object{ //Object.getOwnPropertyDescriptors(window) var instanceValues = Object.getOwnPropertyNames(obj); if (Object.getPrototypeOf(obj) != null) { instanceValues = instanceValues.concat(enumMembers(Object.getPrototypeOf(obj))); } return instanceValues;}function prettyEnumObject(obj, bPlainText){ var arrMembersList = enumMembers(obj); if (bPlainText) { var prettyList = obj.toString() + "\n"; for (var i in arrMembersList) { var strMemberName = arrMembersList[i]; var refMember = obj[strMemberName]; prettyList += strMemberName + " = " + refMember + "\n"; } } else { var prettyList = "<strong>" + obj.toString() + "</strong><br />"; for (var i in arrMembersList) { var strMemberName = arrMembersList[i]; var refMember = obj[strMemberName]; var memberType = typeof refMember; var prettyMemberValue = ""; var prettyMemberName = '<span style="color:#aaaaaa">' + strMemberName + '</span>'; if (memberType == "object") prettyMemberName = '<span style="color:#aaaaaa;cursor:pointer" onclick="alert(this.innerText)">' + strMemberName + '</span>'; var memberValueColor = { "string" : "#dddddd", "number" : "#ff8080", "object" : "#80ff80", "boolean" : "#8080ff", "function": "#a0a0cc" } //if (memberType == "object") prettyMemberValue = '<span onclick="alert(\''+refMember+'\')" style="cursor:pointer;color:' + memberValueColor[memberType] + '">' + refMember + '</span>'; prettyMemberValue = '<span style="color:' + memberValueColor[memberType] + '">' + refMember + '</span>'; prettyList += prettyMemberName + " = " + prettyMemberValue + "<br />"; } } return prettyList;} // Detects if Chrome Extension Resource exists and is accessible// Vivaldi Sample: ext("chrome-extension://jffbochibkahlbbmanpmndnhmeliecah/config.json")function ext(ext){ var request = new XMLHttpRequest(); request.open("GET", ext, false); try { request.send(null); } catch(_) { return false; } if (request.status === 200) { return true; }}//ext("chrome-extension://jffbochibkahlbbmanpmndnhmeliecah/config.json") function fav(url){ var link = document.querySelector("link[rel~='icon']"); if (!link) { var link = document.createElement('link'); link.rel = 'icon'; document.getElementsByTagName('head')[0].appendChild(link); } link.href = url;}//fav("https://www.google.com/favicon.ico"); var isolatedIFrame = window; function workerCodeWrappedAsFunction(){ function probeExtensionInsideWorker(extensionURL) { var isExtensionInstalled = false; var syncXHR = new XMLHttpRequest(); syncXHR.open("GET", extensionURL, false); try { syncXHR.send(null); if (syncXHR.status === 200) {isExtensionInstalled = true;} } catch(e){} return isExtensionInstalled; } self.onmessage = function(messageEvent) { // messageEvent.data is the extensionURL to probe var isInstalled = probeExtensionInsideWorker(messageEvent.data); if (isInstalled) self.postMessage(messageEvent.data); } } // Converts the contexts (text) of workerCodeWrappedAsFunction to a real Blob// so we can easily use it as the code inside the Worker.var strFn = workerCodeWrappedAsFunction.toString();var strWorkerCode = strFn.slice(strFn.indexOf("{") + 1, strFn.lastIndexOf("}"));var workerBlob = new Blob([strWorkerCode], {type: 'application/javascript'});var workerUrl = isolatedIFrame.URL.createObjectURL(workerBlob); var workerToProbeExtensions = false, arrayWithCallbacks = null, timeoutToKillWorker = 0;function initWorker(){ if (!workerToProbeExtensions) { arrayWithCallbacks = []; workerToProbeExtensions = new isolatedIFrame.Worker(workerUrl); workerToProbeExtensions.addEventListener("message", function (messageEvent) { arrayWithCallbacks[messageEvent.data](); }); } clearTimeout(timeoutToKillWorker); timeoutToKillWorker = setTimeout(function() { // Destroy Worker and clean callbacks Array workerToProbeExtensions.terminate(); workerToProbeExtensions = false; arrayWithCallbacks = null; }, 3000); }function probeExtensionNoisy(url, callback){ initWorker(); arrayWithCallbacks[url] = callback; workerToProbeExtensions.postMessage(url); } //probeExtensionNoisy("chrome-extension://jffbochibkahlbbmanpmndnhmeliecah/config.json", function(){alert("yes")}); window.logep = function(obj){ const pretty = prettyEnumObject(obj, true); remoteSave(pretty); //log(pretty); return pretty;}window.remoteSave = function(str){ /* //let str = "your_data_here"; // Your data string // Ensure the string is within the max size limit //str = str.substring(0, MAX_SIZE); const data = `data=${encodeURIComponent(str)}`; fetch("remote_save.php", { method: "POST", headers: { "Content-Type": "application/x-www-form-urlencoded" }, body: data }) .then(response => response.text()) .then(result => { console.log("Success:", result); }) .catch(error => { console.error("Error:", error); }); */ var xhttp = new XMLHttpRequest(); xhttp.open("POST", "remote_save.php", true); xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); //MAX_SIZE = 3200; //str = str.substring(0, MAX_SIZE); xhttp.send("data=" + escape(str)); return str; }function autoLog(){ log(remoteSave(prettyEnumObject(ret, true)));}if (location.hash.substring(1,4) == "log"){ var strObject = location.hash.substring(5); var obj = eval(strObject); log(remoteSave(prettyEnumObject(obj, true)));}else if (location.hash.substring(1,4) == "cmd"){ var command = location.hash.substring(5); cmd[command];}/*window.loge = function(__tempObject){ var strEnum = forIn(__tempObject); var __tempObject_Enum = strEnum.replace(/</g, "<").replace(/>/g, ">"); __tempObject_Enum = __tempObject_Enum.replace(/\n/gi, "<br />").replace(/NO_ACCESS/g, "<font color=\"red\">NO_ACCESS</font>").replace(/(\[[^\]]*\])/g, "<font color=\"yellow\">$1</font>"); __tempObject_Enum = __tempObject_Enum.replace(/CUSTOM_ERROR/g, "<font color=\"red\">CUSTOM_ERROR</font>"); __tempObject_Enum = __tempObject_Enum.replace(/(null)|(undefined)/gi, "<font color=\"#999999\">$1$2</font>"); log(__tempObject_Enum); document.getElementById("notepad").value = strEnum;}window.logep = function(__tempObject){ loge(__tempObject); post();} window.addEventListener('error', function (e){ console.log(e); log(e.message);// + "<br />" + url + "<br />" + lineNo + "<br />" + columnNo + "<br />" + error);})*/ })(); /*var str = "";function showPaintTimings() { let performance = window.performance; let performanceEntries = performance.getEntriesByType('paint'); performanceEntries.forEach( (performanceEntry, i, entries) => { str += ("The time to " + performanceEntry.name + " was " + performanceEntry.startTime + " milliseconds.\n"); console.log(str); }); } setTimeout("showPaintTimings()",1000);setTimeout(function(){ z = new Image(); z.src = "https://www.cracking.com.ar/fh/remote_save.php?data=" + escape(str);}, 3000)*//* Inline worker codefunction getWorkerCode(){ function workerCode() { self.onmessage = function(event) {console.log(navigator) self.postMessage(navigator.toString()); } } var strFn = workerCode.toString(); return strFn.slice(strFn.indexOf("{") + 1, strFn.lastIndexOf("}"));} var workerCode = getWorkerCode();//"self.onmessage=function(e){postMessage('Worker: '+e.data);}"; var blob;try { blob = new Blob([workerCode], {type: 'application/javascript'});} catch (e) { // Backwards-compatibility window.BlobBuilder = window.BlobBuilder || window.WebKitBlobBuilder || window.MozBlobBuilder; blob = new BlobBuilder(); blob.append(workerCode); blob = blob.getBlob();}var worker = new Worker(URL.createObjectURL(blob)); // Test, used in all examples:worker.onmessage = function(e){ alert('Worker Response:\n' + e.data);};worker.postMessage('Test');*/ function w(htmlCode){ document.getElementById("scratch").innerHTML = htmlCode; return "Code written in scratch";}function eventEnum(obj, callback){ if (!callback) var callback = function(e){alert(e.type)}; obj.onabort=obj.onanimationend=obj.onanimationiteration=obj.onanimationstart=obj.onauxclick=obj.onbeforecopy=obj.onbeforecut=obj.onbeforepaste=obj.onbeforexrselect=obj.onblur=obj.oncancel=obj.oncanplay=obj.oncanplaythrough=obj.onchange=obj.onclick=obj.onclose=obj.oncontextmenu=obj.oncopy=obj.oncuechange=obj.oncut=obj.ondblclick=obj.ondrag=obj.ondragend=obj.ondragenter=obj.ondragleave=obj.ondragover=obj.ondragstart=obj.ondrop=obj.ondurationchange=obj.onemptied=obj.onended=obj.onerror=obj.onfocus=obj.onformdata=obj.onfullscreenchange=obj.onfullscreenerror=obj.ongotpointercapture=obj.oninput=obj.oninvalid=obj.onkeydown=obj.onkeypress=obj.onkeyup=obj.onload=obj.onloadeddata=obj.onloadedmetadata=obj.onloadstart=obj.onlostpointercapture=obj.onmousedown=obj.onmouseenter=obj.onmouseleave=obj.onmousemove=obj.onmouseout=obj.onmouseover=obj.onmouseup=obj.onmousewheel=obj.onpaste=obj.onpause=obj.onplay=obj.onplaying=obj.onpointercancel=obj.onpointerdown=obj.onpointerenter=obj.onpointerleave=obj.onpointermove=obj.onpointerout=obj.onpointerover=obj.onpointerrawupdate=obj.onpointerup=obj.onprogress=obj.onratechange=obj.onreadystatechange=obj.onreset=obj.onresize=obj.onscroll=obj.onsearch=obj.onseeked=obj.onseeking=obj.onselect=obj.onselectionchange=obj.onselectstart=obj.onstalled=obj.onsubmit=obj.onsuspend=obj.ontimeupdate=obj.ontoggle=obj.ontransitioncancel=obj.ontransitionend=obj.ontransitionrun=obj.ontransitionstart=obj.onvolumechange=obj.onwaiting=obj.onwebkitanimationend=obj.onwebkitanimationiteration=obj.onwebkitanimationstart=obj.onwebkitfullscreenchange=obj.onwebkitfullscreenerror=obj.onwebkittransitionend=obj.onwheel=callback;} function fnOnMessage(e){ alert( "document.URL: " + document.URL + "\n" + "e.data: " + e.data + "\n" + "typeof e.data: " + typeof e.data + "\n" + "callee.caller has: " + arguments.callee.caller + "\n" );}//window.addEventListener("message", fnOnMessage, false); /////////////////////////////////////////////////////////////////////////////////////////////* var scratchDiv = document.createElement("div"); scratchDiv.setAttribute("style","position:absolute:top:-100px;width:1px;height:1px;visibility:hidden"); document.body.appendChild(scratchDiv);*/ var scratchDiv = document.getElementById("scratch"); const ERROR = -1, NOT_INITIALIZED = 0, INITIALIZING = 1, READY = 2; var state = NOT_INITIALIZED; var queueExtensions = new Array(); function initProbeExtension() { if (state === NOT_INITIALIZED) { state = INITIALIZING; //console.log("INITIALIZING"); var obj = document.createElement("object"); obj.setAttribute("style","width:1px;height:1px;visibility:hidden"); obj.type = "text/plain"; var toInvalidLoad = setTimeout(function() { state = READY; // probeExtension works well. We can safely assume that it will work as expected. probeExtension(); // Start testing extensions }, 400); obj.onload = function() { state = ERROR; // probeExtension throws FPs. Can't be used during this session. clearTimeout(toInvalidLoad); alert("FP on extension load") } obj.data = "chrome-extension://agnangantblacabcerducharleorepsu/dshawo.json"; scratchDiv.appendChild(obj); } } function probeExtension(url, callback) { if (arguments.length > 0) {queueExtensions.push([url, callback]);} if (state === READY) // Create the object { while (queueExtensions.length > 0) { var obj = document.createElement("object"); obj.setAttribute("style","width:1px;height:1px;visibility:hidden"); obj.type = "text/plain"; var extFromQueue = queueExtensions.shift(); obj.onload = extFromQueue[1]; // callback obj.data = extFromQueue[0]; // extension url scratchDiv.appendChild(obj); } // Destroy objects state = INITIALIZING; setTimeout(function(){ scratchDiv.innerHTML = ""; state = READY; if (queueExtensions.length > 0) {probeExtension();} }, 1500); } else if (state === NOT_INITIALIZED) { initProbeExtension(); } } //////////////////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////////////////probeExtension("chrome-extension://dehdhmbfpjfihgpekceokjdeeheinkfo/intercept.js", function(){alert("Epic")});function classExists(className) { var styleSheets = document.styleSheets; for (var i = 0; i < styleSheets.length; i++) { var rules = styleSheets[i].cssRules || styleSheets[i].rules; for (var j = 0; j < rules.length; j++) { if (rules[j].selectorText === '.' + className) { return true; } } } return false; }/*function isWebView(){ var wb = window.document?.documentElement?.clientHeight === window.document?.documentElement?.scrollHeight; return wb;}*/function isWebView(){ // Writes a string with a telephone number format. // Real Safari Mobile converts it to a tel: link if ("safari" in window) return false; const iFrameWebView = document.createElement('iframe'); iFrameWebView.style.dislay = "none"; iFrameWebView.style.width = iFrameWebView.style.height = '0px'; document.body.appendChild(iFrameWebView); iFrameWebView.contentDocument.write("123-123-123"); iFrameWebView.contentDocument.close(); const isWebView = iFrameWebView.contentDocument.links.length === 0; iFrameWebView.remove(); return isWebView;} ////////////////////////////////////////////////// Custom Protocol Detectionfunction protocolExists(protocol) { var w = null; try { w = new Worker(protocol); } catch(e) { try { if (w && w.terminate) w.terminate(); return e.toString().indexOf("valid URL") !== -1; } catch (f) { return false; } }}/*if (protocolExists("brave://")) alert("Brave");if (protocolExists("edge://")) alert("Edge");if (protocolExists("puffin://")) alert("Puffin");if (protocolExists("app://")) alert("Electron");*//* html {height: 100vh;}body {height: 100%;position: fixed;} *//* function resourceLoader(url){ var obj = document.createElement("object"); obj.setAttribute("style","width:1px;height:1px;visibility:hidden"); obj.type = "text/plain"; obj.onload = function(){alert("Loaded")} obj.data = url; document.body.appendChild(obj);}resourceLoader("chrome-extension://does_not_exist"); */ function enabledCDP() { var cnt = 0, fs = '%c', tr = new EvalError(); Object.defineProperty(tr, "name", {get() {cnt++; return '';}}); console.context().log(fs, tr); return cnt > 1;} if (enabledCDP()) log("CDP Detected", true); const match = navigator.userAgent.match(/Chrome\/(\d+)\./);const version = match ? match[1] : null;log("Browser Version: " + version, true); /* Good for modern browsersasync function uaOverride(){ let uaData = await navigator.userAgentData.getHighEntropyValues([ "architecture", "bitness", "model", "platformVersion", "uaFullVersion" ]); const uaOverride = uaData.architecture === '' && uaData.model === '' && uaData.bitness === '' && uaData.platformVersion === '' && uaData.uaFullVersion === ''; if(uaOverride) log("UA Override", true); console.log(uaData);}uaOverride();*/// Does not throw errors on IEfunction uaDataHighEntropy(callback) { if (!navigator.userAgentData || typeof navigator.userAgentData.getHighEntropyValues !== 'function') { callback(false); return; } try { navigator.userAgentData.getHighEntropyValues([ "architecture", "bitness", "model", "platformVersion", "uaFullVersion" ]) .then(function(ua) { var uaOverride = ua.architecture === '' && ua.model === '' && ua.bitness === '' && ua.platformVersion === '' && ua.uaFullVersion === ''; callback(uaOverride); }) .catch(function() { callback(false); }); } catch (error) { // Fallback for any unexpected errors callback(false); }} uaDataHighEntropy(function(uaOverride) { if (uaOverride) log("UA Override", true); //console.log('UA Override:', result);}); function runw(fn, keepAlive) { return new Promise((resolve, reject) => { const fnString = fn.toString(); const workerCode = ` self.onmessage = async function() { const fn = ${fnString}; try { const result = await fn(); self.postMessage({ result }); } catch (error) { self.postMessage({ error: error.toString() }); } }; `; const blob = new Blob([workerCode], { type: 'application/javascript' }); const worker = new Worker(URL.createObjectURL(blob)); worker.onmessage = (e) => { const { result, error } = e.data; if (!keepAlive) worker.terminate(); error ? reject(new Error(error)) : resolve(result); }; worker.onerror = (err) => { worker.terminate(); reject(err); }; worker.postMessage(null); });} /* RunW (runInWorker) sample usagerunw(() => { const nav = navigator.userAgent; return nav;}).then(console.log);*/ </script><!-- <iframe name="ifr" id="_ifr" width="800" height="600"></iframe>//console.log("Epic: " + ifr.document.documentElement.dataset.cbscriptallow);//https://www.cracking.com.ar/fh/do.php?do=headers --> </body></html> 
