/iBrutr

iCloud Bruteforce PoC - with MultiCurl

Primary LanguageShell

Yet Another %100 Working iCloud Bruteforce PoC..

Tested on Ubuntu, Linux Mint, Windows 7 and OSX Yosemite

Disclaimer: Do whatever you want with this code as long as you give me credit (@Pr0x13) Check and make sure its legal in your country to use this tool before doing so. I'm not responsible for any damage done whatsoever to anyones iCloud account or iDevice. I Didn't exploit any accounts while writing this.

This version is (hopefully) more robust-

Features: Word-Mangling thanks to JTR

True Bruteforce (if you have a few years to wait)

Automatic Rate Limiter Sensing Feature (Hopefully won’t DDoS apple servers this time) =]

Ability to Bruteforce Apple Web Objects Server backends

Multi-Curl - huge timing performance boost

CLI

Dependencies: php5-cli php5-curl

The included wordlist is taken from 6 actual database leaks, duplicates removed and sanitized to more suit apple password requirements. Wordlist.lst I made by sorting only passwords with more than 8 characters, removed all numeric passes, removed consecutive characters (3 characters or more), removed all lowercase passwords, passwords without a capital letter and also a number. Mangle.lst is slightly different, it consists of passwords 7 characters or more, and numeric passwords removed. Depending on the charset you use for mangling you can really make use of it. Both are far from perfect and need more cleaning most likely. They are only provided as a starting point, you should really get a different wordlist. Make sure it satisfies Apple’s password requirements here https://support.apple.com/en-us/HT201303

Linux Note: If you don't already have them "sudo apt-get install php5-cli php5-curl"

Mac Note:Brew needs to be installed from here http://brew.sh/ then from terminal "brew install wget" or just compile it from source

Windows Note: Cygwin needs to be installed, and these packages added "php-curl,php-jsonc,wget" (if you get a stat error and john wont compile it will still work but without mangling),

OR manually build directory from install.sh, download external module, install curl for windows and john pre-compiled for win32/64,should be invoked like this:

C:\PHP5\php.exe -f "C:\PHP Scripts\iBrutr" -- -arg1 -arg2 -arg3

Usage:

./install.sh

(if it hangs on downloading, don’t exit just give it some time)

Choose SYSTEM to compile on the left hand side

php iBrutr

OR(while you can until a server is patched)

php MultiBrutr

example:$ php iBrutr -u username@icloud.com

example:$ php iBrutr -u username@icloud.com -t 10

example:$ php iBrutr -u username@icloud.com -r 10 (note about RandomTime) -r has preset default of minimum 3 seconds, argument sets maximum time

example:$ php iBrutr -u username@icloud.com -m

example:$ php iBrutr -u username@icloud.com -m -w wordlist.lst

example:$ php iBrutr -u username@icloud.com -w wordlist.lst

Included in tools is configmake, use that to update config file with your own server info.

This uses John the Ripper and Crunch both available under GNU Public License.

MultiBrutr is an example i wrote of abusing multi curl to brute force two different servers. Use it until one of the servers are fixed..

clean and add are some hacky pipe apps i wrote to clean a collection of wordlists utilizing pipes for the best performance. it contains a couple regex that (hopefully) satisfies Apple ID Password Requirements. Pipe it through JTRs Unique with 3 parallel pipes like this

name your wordlists 0-*.dic

Usage: -c (number of wordlists)

-m (mangle ready)

:$ php add -c 5 | php clean | ./unique wordlist.lst

:$ php add -c 5 -m | php clean | ./unique mangle.lst

                    Until Next Time-    @Pr0x13