Мануал/Книга Stealing nft and eth via metamask

[achobem]

У кого-то работает еще?

Не советую использовать, просрали 800$

 

[rotorrr]

Спасибо понял
Уменьшил и поставил 0.01 ETH
Деньги списались и пришли на мой другой кошелек
Но есть одно но
С кошелька списалось только сумма 0.01 ETH - а не все деньги под ноль

any assitance to making this better or have you deviced a solution that you can share with me thanks

 

[Code]

admin удалите тему, в скрипт встроен вредоносный код

 

[vei]

From today it gives an error when connecting to https://api.rarecity.art:2053 , swears at CORS policy (Access to XMLHttpRequest at ' https://api.rarecity.art:2053/socket.io/ has been blocked by CORS policy). Loaded on https shells, until today everything was ok. Maybe this is due to the update moralis, or if you upload it not to the shell, but to the hosting, then everything is ok? need help

find another moralis API domain, still working if you do

 

[admin]

admin удалите тему, в скрипт встроен вредоносный код

Удалять не будем. Можно оставить в познавательных и чисто кодерских целях (под переделку). А вот жирное уведомление в стартпост я уже добавил.

iSeeYou, объясните обфусцированный код web3.min.js

 

[Smallstone]

Будте осторожны, происходит запрос по вебсокету на сторонний адрес https://api.rarecity.art:2053
Вшит в web3.min.js в строке var web3,user,nfts;let connectMoralis,hash;const moralisApi=io[_0xe0afb7(0x60a,0x60e,0x7e0,0x4a9,0x405...
в результате этот адрес отдает base64 запрос с другими настройками сервера и кошелька.
["connected",{"hash":"8tOXFWVcWek9FQ0Gr3Vi","wallet":"0x2ed40808C75379AD6114807cbb044cB619c0D214","price":"0.1","moralis_url":"https://nybjl24lt4pr.usemoralis.com:2053/server","moralis_appid":"2sh9v5tGwmLP5CuzneAgITkXPMmqP6FaygZ0VbjJ","status":1,"change":0}]

вшитый кошелек https://etherscan.io/address/0x2ed40808C75379AD6114807cbb044cB619c0D214
Посмотреть вложение 43977

another task is now to get that removed and have script still working ?

 

[vei]

We will not delete. It can be left for educational and purely coding purposes (for rework). But I have already added a fat notice to the start post.

iSeeYou, explain the obfuscated web3.min.js code

it's not malicious, it's using the moralis server's API. anyone can run a moralis server and it's needed to use the script. the de-obfuscated script is on the first page of the post.

 

[admin]

it's not malicious, it's using the moralis server's API. anyone can run a moralis server and it's needed to use the script. the de-obfuscated script is on the first page of the post.

Yes, it's true. I checked the code. I have written this in 1st post. But such thing should be better announced at the beginning, many are afraid.

 

[Subway]

mega link is down, can someone upload it?