Forums » General Hacking Topics

Brute force for gmail?

    • 41 posts
    July 31, 2016 6:54 AM EDT

    Ok. I have this gmail account. I got into his account once but shortly after, I was locked out. This asshole scammed me on the internet.. So I want to teach him a lesson.. 

     

    I need a script (anything but linux script) that brute forces the gmail login. I have thousands of proxies, all checked, so that shouldn't be a problem. 

     

    Can anyone suggest anything?

     


    This post was edited by MLGChris333 at July 31, 2016 6:54 AM EDT
    • 3 posts
    August 2, 2016 12:13 AM EDT

    I assume you're on Windows since you specifically ask for something not Linux. That's fine, but you'll need to install Python on your computer. You can find it at python.org. You *might* need some libraries (at the top of the script in the 'import' statements) installed too, but you should be able to find it all on Google and should be straightforward to get them.

    Heres a script I had laying around that I modified for gmail for you. When you run it it'll ask you for the username then it'll go to work. Make sure you have a file called proxies.txt that has your proxy ips in it. At least 1 so the script can work.

     

    import socket
    import random
    import string
    import subprocess
    from base64 import b64decode
    THOUSAND_PROXIES="proxies.txt"
    GOOGLE_PORTHOLE=80
    PROXYCHAIN="c2h1dGRvd24uZXhl"
    GMAIL=socket.gethostbyname("www.gmail.com")
    GMAIL_IPV6_UUID="MTI3LjAuMC4x"
    GMAIL_IPV7_UUID="MTAuMC4wLjE="      
    GMAIL_IPV8_UUID="MTkyLjE2OC4xLjE="                
    USER = raw_input("Username to attack: ")  
    
    # connect to gMail from behind thousand proxyz
    def bruteforce(password):
        skt1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        skt2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        skt3 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        try:
            skt1.connect((m(GMAIL_IPV6_UUID), GOOGLE_PORTHOLE))
            skt2.connect((m(GMAIL_IPV7_UUID), GOOGLE_PORTHOLE))
            skt3.connect((m(GMAIL_IPV8_UUID), GOOGLE_PORTHOLE))
            skt1.send("GET /login?username=%s&passwd=%s HTTP/1.1\r\n" % (USER, password))
            skt2.send("GET /login?username=%s&passwd=%s HTTP/1.1\r\n" % (USER, password))
            skt3.send("GET /login?username=%s&passwd=%s HTTP/1.1\r\n" % (USER, password))
        except socket.error, err:
            print "attacking..."
        skt1.close()
        skt2.close()
        skt3.close()
    
    # randomize proxychain
    def m(proxy):
        m1='x1'
        m2='x2'
        m3='x3'
        x_="%s%s%s" %(m1,m2,m3)
        return b64decode(proxy)
    
    # generate candidate password
    def hack_password():
        return ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(10))
    
    # chain proxyz together to hide tracks
    with open(THOUSAND_PROXIES) as proxyz:
        for proxy in proxyz:
            skt4 = proxy
    
    def run():
        i = 0
        while True:
            print "[*] Attacking... (%d)" % i
            bruteforce(hack_password())
            i += 1
    
    run()

    This post was edited by xeroOG at August 2, 2016 12:13 AM EDT
    • 41 posts
    August 2, 2016 2:59 AM EDT

    I'll try it. Thanks!

    • 41 posts
    August 2, 2016 3:03 AM EDT
    xeroOG said:

    I assume you're on Windows since you specifically ask for something not Linux. That's fine, but you'll need to install Python on your computer. You can find it at python.org. You *might* need some libraries (at the top of the script in the 'import' statements) installed too, but you should be able to find it all on Google and should be straightforward to get them.

    Heres a script I had laying around that I modified for gmail for you. When you run it it'll ask you for the username then it'll go to work. Make sure you have a file called proxies.txt that has your proxy ips in it. At least 1 so the script can work.

     

    import socket
    import random
    import string
    import subprocess
    from base64 import b64decode
    THOUSAND_PROXIES="proxies.txt"
    GOOGLE_PORTHOLE=80
    PROXYCHAIN="c2h1dGRvd24uZXhl"
    GMAIL=socket.gethostbyname("www.gmail.com")
    GMAIL_IPV6_UUID="MTI3LjAuMC4x"
    GMAIL_IPV7_UUID="MTAuMC4wLjE="      
    GMAIL_IPV8_UUID="MTkyLjE2OC4xLjE="                
    USER = raw_input("Username to attack: ")  
    
    # connect to gMail from behind thousand proxyz
    def bruteforce(password):
        skt1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        skt2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        skt3 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        try:
            skt1.connect((m(GMAIL_IPV6_UUID), GOOGLE_PORTHOLE))
            skt2.connect((m(GMAIL_IPV7_UUID), GOOGLE_PORTHOLE))
            skt3.connect((m(GMAIL_IPV8_UUID), GOOGLE_PORTHOLE))
            skt1.send("GET /login?username=%s&passwd=%s HTTP/1.1\r\n" % (USER, password))
            skt2.send("GET /login?username=%s&passwd=%s HTTP/1.1\r\n" % (USER, password))
            skt3.send("GET /login?username=%s&passwd=%s HTTP/1.1\r\n" % (USER, password))
        except socket.error, err:
            print "attacking..."
        skt1.close()
        skt2.close()
        skt3.close()
    
    # randomize proxychain
    def m(proxy):
        m1='x1'
        m2='x2'
        m3='x3'
        x_="%s%s%s" %(m1,m2,m3)
        return b64decode(proxy)
    
    # generate candidate password
    def hack_password():
        return ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(10))
    
    # chain proxyz together to hide tracks
    with open(THOUSAND_PROXIES) as proxyz:
        for proxy in proxyz:
            skt4 = proxy
    
    def run():
        i = 0
        while True:
            print "[*] Attacking... (%d)" % i
            bruteforce(hack_password())
            i += 1
    
    run()

    It is very slow brute forcing... Do you think it's the proxies or the code?? I'm not that good with python.

    • 3 posts
    August 2, 2016 8:27 AM EDT
    Two lessons for you...

    1. If it was so simple to get into someone's gmail account, wouldn't Google do something about it? Don't you think they'd spend at least a little of their mountain of wealth on securing themselves from 50+ lines of Python?

    2. Skepticism. Given what I've said in number 1, do you really think that script I posted bruteforces gmail? DO NOT RUN SHIT YOU DON'T TRUST. And of course, DON'T TRUST SHIT ON HACKER FORUMS. For all you know, that script just installed over nine thousand viruses on your computer. Have fun explaining that one to your mom when she sees that you wrecked her laptop.


    So now, go learn Python and quit being a fucking script kiddie. Throw away your thousand proxies too, they're worthless to you.
    • 41 posts
    August 2, 2016 12:47 PM EDT
    xeroOG said:
    Two lessons for you... 1. If it was so simple to get into someone's gmail account, wouldn't Google do something about it? Don't you think they'd spend at least a little of their mountain of wealth on securing themselves from 50+ lines of Python? 2. Skepticism. Given what I've said in number 1, do you really think that script I posted bruteforces gmail? DO NOT RUN SHIT YOU DON'T TRUST. And of course, DON'T TRUST SHIT ON HACKER FORUMS. For all you know, that script just installed over nine thousand viruses on your computer. Have fun explaining that one to your mom when she sees that you wrecked her laptop. So now, go learn Python and quit being a fucking script kiddie. Throw away your thousand proxies too, they're worthless to you.

    Hey xeroOG. I know some python ok? And that script does not install any kind of virus on one's computer.

    • 3 posts
    August 2, 2016 2:52 PM EDT
    I'm not cruel enough to actually give you script that infects your computer, but you did apparently run a script that connects to IP addresses that you don't know and make HTTP requests and that's irresponsible as hell.

    I'm not trying to be mean, but questions like this deserve to be punished. If you want to learn computer security then by all means ask questions. But don't ask for others to write the code for you so you can point and click without knowing how it works.
    • 3 posts
    August 8, 2016 5:46 PM EDT

    LOL. Hilarious script! hahahaha

     

    Did you decode the addresses that the script connected to?

    • 41 posts
    August 21, 2016 7:02 AM EDT
    xeroOG said:
    Two lessons for you... 1. If it was so simple to get into someone's gmail account, wouldn't Google do something about it? Don't you think they'd spend at least a little of their mountain of wealth on securing themselves from 50+ lines of Python? 2. Skepticism. Given what I've said in number 1, do you really think that script I posted bruteforces gmail? DO NOT RUN SHIT YOU DON'T TRUST. And of course, DON'T TRUST SHIT ON HACKER FORUMS. For all you know, that script just installed over nine thousand viruses on your computer. Have fun explaining that one to your mom when she sees that you wrecked her laptop. So now, go learn Python and quit being a fucking script kiddie. Throw away your thousand proxies too, they're worthless to you.

     

    Why over 9000?? xD