SCRIPTACULOUS! CAPTCHA army scripts...

[chatmasta]

Hey,

I'm in the giving mood right now. But funny enough I'm not in the explaining PHP code mood....so I'll give you some scriptaculous shit but won't explain it! Luckily it's super easy.

If you haven't read Eli's CAPTCHA army post, do it now. I'm creating one of those for GMail, myspace, youtube, and metacafe. And I'm going to give each one away in this post!

NOTE: I take no responsibility for however badly you may get fucked for using these scripts. I do take responsibility, however, for how badly fucked you will be if you try to sell these or some shit like that.

Make sure you use session_start() at the top of your page!!! I used sessions to pass some information so you'll need it.

You'll need this cURL class (modified from lerch's) and signup class for each one, just put it in the top of your file or include it:

UPDATED 6/20 - (like that color bitches?!) Just changed this a bit to add the signup class.

class Curl
{            
    function setup()
    {
        $cookieJar = 'cookies.txt';
        curl_setopt($this->curl,CURLOPT_COOKIEJAR, $cookieJar); 
        curl_setopt($this->curl,CURLOPT_COOKIEFILE, $cookieJar);
        curl_setopt($this->curl,CURLOPT_AUTOREFERER, true);
        curl_setopt($this->curl,CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($this->curl,CURLOPT_RETURNTRANSFER, true);    
    }
    
    function clean($contents)
    {
        return $contents = str_replace('<script src="http://maps.google.com/maps?file=api&v=2&key=ABQIAAAAA6ElvpTmZs4PUpZpSAoK6BSHXJsp5oogWH5jZodYSc2VMsh-GBSvecccQD_seEoYLmo-SsWfitQQEw" type="text/javascript"></script>', '', $contents);
    }
    
    function get($url)
    { 
        $this->curl = curl_init($url);
        $this->setup();
        
        return $this->clean($this->request());
    }
    
    function getAll($reg,$str)
    {
        preg_match_all($reg,$str,$matches);
        return $matches[1];
    }
    
    function postForm($url, $fields, $referer='')
    {
        $this->curl = curl_init($url);
        $this->setup();
        curl_setopt($this->curl, CURLOPT_URL, $url);
        curl_setopt($this->curl, CURLOPT_POST, 1);
        curl_setopt($this->curl, CURLOPT_REFERER, $referer);
        curl_setopt($this->curl, CURLOPT_POSTFIELDS, $fields);
        return $this->request();
    }
    
    function getInfo($info)
    {
        $info = ($info == 'lasturl') ? curl_getinfo($this->curl, CURLINFO_EFFECTIVE_URL) : curl_getinfo($this->curl, $info);
        return $info;
    }
    
    function request()
    {
        return curl_exec($this->curl);
    }
}

class Signup extends Curl
{
    function random_str($length = 13, $chars = 'all')
    {
        if($chars == 'all')
            $base = 'ABCDEFGHKLMNOPQRSTWXYZabcdefghjkmnpqrstwxyz1234567890';
        elseif($chars == 'letters')
            $base = 'ABCDEFGHKLMNOPQRSTWXYZabcdefghjkmnpqrstwxyz';
        elseif($chars == 'upper')
            $base = 'ABCDEFGHKLMNOPQRSTWXYZ';
        elseif($chars == 'lower')
            $base = 'abcdefghjkmnpqrstwxyz';
        elseif($chars = 'num')
            $base = '1234567890';
        elseif($chars = 'upper_num')
            $base = 'ABCDEFGHKLMNOPQRSTWXYZ123456789';
        elseif($chars = 'lower_num')
            $base = 'abcdefghjkmnpqrstwxyz123456789';
        else { $base = $chars; }
        
        $max = strlen($base) - 1;
        $out = '';
        mt_srand((double)microtime()*1000000);
        while (strlen($out) < $length + 1)
              $out .= $base{mt_rand(0, $max)};
        return $out;
    }
}

go to next post....

 

[chatmasta]

[The text I entered was too long....]

GMAIL CLASS
Sorry some of the code is shit. I got kinda confused in the middle of it, and as a result there are some nasty workarounds. But hey, it works. :bowdown: Example code at the bottom...

UPDATED 6/20 - It now returns the email/pass so you can put it in a database or whatever.

<?php
class Gmail extends Signup
{
    var $email;
    var $password;
    var $signup = array();
    var $signup_fields = array();
    var $signup_field_t; // special
    
    // returns the captcha, but also gets all dynamic hidden fields
    function get_captcha()
    {
        $contents = $this->get('http://mail.google.com/mail/signup');
        
        // these are the fields we need to find
        // they come in two formats, both are dealt with through regex.
        $fields = array('continue', 'dsh', 'type', 'newaccounttoken', 'newaccounturl', 'newaccounttoken_audio', 'newaccounturl_audio');
        foreach($fields as $f)
        {
            $regex = "/<input type=\"hidden\" name=\"$f\" value=\"(.*?)\">/ims";
            if(preg_match($regex, $contents, $matches))
            {
                $this->signup[$f] = $matches[1];
            }
            else {
                $regex = "/<input type=\"hidden\" id=\"$f\" value=\"(.*?)\" name=\"$f\">/ims";
                preg_match($regex, $contents, $matches);
                $this->signup[$f] = $matches[1];
            }
        }
        
        // field:t is a special one, as it shows up 3 times in the POST. we'll find it with its unique surroundings
        $regex = "/<input type=\"hidden\" name=\"dsh\" value=\"(.*?)\">        <input type=\"hidden\" name=\"t\" value=\"(.*?)\">                                                     <input type=\"hidden\" name=\"t\" value=\"(.*?)\">       <input type=\"hidden\" name=\"type\" value=\"(.*?)\">       <input type=\"hidden\" name=\"t\" value=\"/ims";
        preg_match($regex, $contents, $matches);
        $this->signup['t'] = $matches[2];        
        
        // get action - watch out for picking up the language form
        $regex = "/in here<\/a>.  <\/font> <\/td> <\/tr> <\/table>    <br>  <form action=\"(.*?)\" onsubmit=\"return\(onPreCreateAccount\(\)\);\" id=\"createaccount\" name=\"createaccount\" method=\"post\">/ims";
        preg_match($regex, $contents, $matches);
        $this->signup['action'] = $matches[1];
        
        // find the CAPTCHA and return it
        $regex = "/<img width=\"200\" alt=\" Visual verification \" src=\"(.*?)\" height=\"70\">/ims";
        preg_match($regex, $contents, $matches);
        $this->signup['captcha'] = str_replace($matches[1], 'https://www.google.com/accounts/' . $matches[1], $matches[0]);

        return $this->signup;
    }
    
    function signup($captcha, $signup_fields, $email = '', $password = '')
    {
        $this->email = (empty($email)) ? $this->random_str() : $email;
        $this->password = (empty($password)) ? $this->random_str() : $password;
        $this->signup_fields[] = $signup_fields;
        
        // cleanup signup_fields.....don't even ask.
        foreach($this->signup_fields as $f => $v)
        {
            foreach($v as $a => $b)
                $this->signup_fields[$a] = $b;
        }
        
        // set special variables we need
        $this->signup_field_t = $this->signup_fields['t'];
        $this->signup['action'] = $this->signup_fields['action'];
        
        // unset the junk passed from get_captcha that we don't need anymore
        unset($this->signup_fields['captcha']);
        unset($this->signup_fields['action']);
        unset($this->signup_fields['t']); // we'll have to handle this separately
        unset($this->signup_fields[0]); // don't know why this is even here, but we don't want it
        
        // we'll need this to randomize security question (minimizes footprint), only bother with number ones
        $secq = array('What+is+your+primary+frequent+flyer+number', 'What+is+your+library+card+number', 'What+was+your+first+phone+number');
        shuffle($secq);
        
        // set the rest of the fields
        $fields =
            array(
                'service' => 'mail',
                'FirstName' => $this->random_str(7, 'lower'),
                'LastName' => $this->random_str(15, 'lower'),
                'UsernameSelector' => 'header',
                'Email' => $this->email,
                'edk' => 'gmail.com',
                'p' => '',
                'Passwd' => $this->password,
                'PasswdAgain' => $this->password,
                'rmshown' => '1',
                'smhhk' => '1',
                'nshk' => '1',
                'selection' => $secq[0],
                'ownquestion' => '',
                'IdentityAnswer' => '1' . $this->random_str(10, 'num'),
                'SecondaryEmail' => '',
                'loc' => 'US',
                'newaccountcaptcha' => $captcha,
                'program_policy_url' => 'http%3A%2F%2Fmail.google.com%2Fmail%2Fhelp%2Fprogram_policies.html',
                'privacy_policy_url' => 'http%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fprivacy.html',
                'requested_tos_location' => 'US',
                'requested_tos_language' => 'en',
                'served_tos_location' => 'US',
                'served_tos_language' => 'en',
                'submitbutton' => 'I+accept.+Create+my+account'
            );
            
        // merge all the signup fields together    
        $this->signup_fields = array_merge($fields, $this->signup_fields);
        foreach($this->signup_fields as $f => $v)
            echo "$f=$v<br />";
            
        // format signup fields (while dealing with field:t)
        $fields = '';
        foreach($this->signup_fields as $f => $v)
            $fields .= $f . '=' . $v . '&';
        for($i=1;$i<=3;$i++)
            $fields .= 't=' . $this->signup_field_t . '&';
        $fields = rtrim($fields, '&');
        
        // send final POST
        $this->postForm($this->signup['action'], $fields);
        
        $return['email'] = $this->email;
        $return['password'] = $this->password;
        return $return;
    }
}

$gmail = new Gmail;
if(empty($_POST['gmail_submitted']))
{
    echo '<h1>GMail</h1>';
    
    $signup = $gmail->get_captcha();
    echo $signup['captcha'];
    
    $_SESSION['gmail_signup'] = $signup;
    ?>
    <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
    <input type="text" name="gmail_captcha" />
    <input type="submit" name="gmail_submitted" value="go" />
    </form>
    <?php
}
else {
    echo $gmail->signup($_POST['gmail_captcha'], $_SESSION['gmail_signup']);
}
?>

That's it for now, folks. Check back here for when I get the other classes going. I may finish one tomorrow, but after that I'll be gone for about a week and won't get any done.

By the way, I think I'll also give you the script I'm going to build for reading the confirmation emails. It's all coming together now, eh? Once I give you this complete set, the possibilities are endless. Imagine having thousands of accounts for youtube, myspace, metacafe.....all email confirmed. Hell yes.

 

[chatmasta]

POST RESERVED.

 

[chatmasta]

POST RESERVED................

 

[chatmasta]

POST RESERVED.......................................

 

[chatmasta]

One more time, post reserved.

P.S. Please for the love of god, change the color of the PHP boxes. I can't stand it.

 

[chuckd1356]

This is the shit. I'm sure people will put it to good use.

lol, It cost $7 for that? I got banned for free. :/

 

[krazyjosh5]

Elis post was fucking genius. Goddamn.

 

[nis]

Just use the [ code ] tags. Without the spaces. It makes it much easier to read. No syntax-coloring though, but if you cant read code without color, don't call yourself a coder

Oh, and nice post, btw. Can't wait to read the rest.

 

[Deliguy]

nice!

Any chance we can talk about this being added to the vault section in squirt?

 

[dillinger]

Great stuff Chatmasta....I'll put this to er...good use.

 

[StarkReality]

nice!

Any chance we can talk about this being added to the vault section in squirt?

Would make a great addition, thanks for sharing it, Chatmasta ! :bowdown:

 

[chatmasta]

nice!

Any chance we can talk about this being added to the vault section in squirt?

PM me.

 

[yast]

great stuff chatmasta,thxs for the contribution !
+rep!

 

[DomainRealty]

Something I noticed..

Here's the exact output (with critical information censored):

Warning: Invalid argument supplied for foreach() in /home/*CENSORED*/gmail/go.php on line 141
service=mail
FirstName=hmgchcya
LastName=fdjftyebjxkjczbc
UsernameSelector=header
Email=*CENSORED*
edk=gmail.com
p=
Passwd=*CENSORED*
PasswdAgain=*CENSORED*
rmshown=1
smhhk=1
nshk=1
selection=What+is+your+library+card+number
ownquestion=
IdentityAnswer=185521047637
SecondaryEmail=
loc=US
newaccountcaptcha=constio
program_policy_url=http%3A%2F%2Fmail.google.com%2Fmail%2Fhelp%2Fprogram_policies.html
privacy_policy_url=http%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fprivacy.html
requested_tos_location=US
requested_tos_language=en
served_tos_location=US
served_tos_language=en
submitbutton=I+accept.+Create+my+account
Array

That PHP error shouldn't be happening in the foreach() loop, must be an error in how the variables are handled?

Jason

 

[chatmasta]

Strange, I don't get that error. Does anyone else get it?

That particular foreach loop was one that was a workaround almost, since something was strange with my system.

Try changing this line (around 139):

$this->signup_fields[] = $signup_fields;

to

$this->signup_fields = array();
$this->signup_fields[] = $signup_fields;

idk if that will work, it's something that's always confused me. :X But let me know if it does. It's kind of hard to test just because I don't see that error.

 

[chuckd1356]

I ran the script and didn't get the error. Maybe a config on your side?

 

[DomainRealty]

Nah, same thing. What version of PHP are you running on? (I'm on 5.2, may have to downgrade).

Jason

 

[chatmasta]

5.2.2

 

[Deliguy]

pm sent and +rep