forked from JakeCooper/OnePlusTwoBot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGmailExploit3.py
223 lines (175 loc) · 6.25 KB
/
GmailExploit3.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
"""
based on
https://github.com/JakeCooper/
https://developers.google.com/gmail/api/quickstart/python
this will insert dots "." in the email with atleast two characters between dot
required packages (pip install):
requests, click, google-api-python-client
You will need to enable GMAIL API. You can follow the instruction from:
https://developers.google.com/gmail/api/quickstart/python
just save the client_secret.json on the same directory you are going to run the script
usage:
# send invites to your gmail
python GmailExploit3.py send_invites {your gmail address} {invite token} {cache_buster}
# read and confirm invites from your gmail
python GmailExploit3.py process_invites
"""
import httplib2
import os
import base64
import re
import time
import argparse
import click
import requests
from apiclient import discovery
import oauth2client
from oauth2client import client
from oauth2client import tools
SCOPES = 'https://www.googleapis.com/auth/gmail.readonly'
CLIENT_SECRET_FILE = 'client_secret.json'
APPLICATION_NAME = 'Gmail API Quickstart'
CONFIRM_URL_RE = re.compile(r'https://.*confirm.*\.')
INVITE_COMPLETED_RE = re.compile(r'You are in position')
SLEEP = 5.0
@click.group()
def cli():
pass
def get_credentials():
"""Gets valid user credentials from storage.
If nothing has been stored, or if the stored credentials are invalid,
the OAuth2 flow is completed to obtain the new credentials.
Returns:
Credentials, the obtained credential.
"""
credential_dir = os.path.join(os.getcwd(), '.credentials')
if not os.path.exists(credential_dir):
os.makedirs(credential_dir)
credential_path = os.path.join(credential_dir,
'gmail-quickstart.json')
store = oauth2client.file.Storage(credential_path)
credentials = store.get()
if not credentials or credentials.invalid:
flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
flow.user_agent = APPLICATION_NAME
flags = argparse.Namespace(auth_host_name='localhost',
auth_host_port=[8080, 8090],
logging_level='ERROR',
noauth_local_webserver=False)
credentials = tools.run_flow(flow, store, flags)
print 'Storing credentials to ' + credential_path
return credentials
def list_messages(service):
page_token = None
query = {
'from' : 'oneplus.net',
'after' : '2015/07/08',
'subject' : '(confirm email)',
}
query_str = ' '.join(map(lambda x: "{}:{}".format(x[0],x[1]),query.items()))
kwargs = {
'userId' : 'me',
'q' : query_str,
}
while True:
if page_token:
kwargs['pageToken'] = page_token
results = service.users().messages().list(**kwargs).execute()
if results.get('resultSizeEstimate') == 0:
break
print(kwargs, results.get('resultSizeEstimate'))
page_token = results.get('nextPageToken')
for message_data in results['messages']:
yield message_data['id']
if not page_token:
break
def get_invite_url_from_message(service, message_id):
message = service.users().messages().get(userId='me', id=message_id).execute()
for part in message['payload']['parts']:
if part['mimeType'] == 'text/plain':
m = CONFIRM_URL_RE.search(base64.urlsafe_b64decode(part['body']['data'].encode('utf-8')))
if m:
confirm_url = m.group(0).strip('.')
print(confirm_url)
return confirm_url
def confirm_invite(url):
response = requests.get(url)
INVITE_COMPLETED_RE.search
m = re.search(r'You are in position', response.content)
if m:
print('invite comfirmed')
@cli.command()
def process_invites():
credentials = get_credentials()
http = credentials.authorize(httplib2.Http())
service = discovery.build('gmail', 'v1', http=http)
for message_id in list_messages(service):
try:
url = get_invite_url_from_message(service, message_id)
if url:
print url
confirm_invite(url)
time.sleep(SLEEP)
except Exception as e:
print(e)
def send_invite(email, invite_token, cache_buster):
try:
url = "https://invites.oneplus.net/index.php"
payload = {
'r' : 'share/signup',
'success_jsonpCallback' : 'success_jsonpCallback',
'email' : email,
'koid' : invite_token,
'_' : cache_buster,
}
response = requests.get(url, params=payload)
print(response.content)
except Exception as e:
print(e)
def permu_account(account, p=1):
"""
- add dot('.') between character
- need atleast two characters between dot or it will be considered invalid email
this bring the permutation count from 2**(len(account)-1) to fibonacci(len(account)+1)
"""
yield account
for i in range(p, len(account)):
account_wd = account[:i] + '.' + account[i:]
for result in permu_account(account_wd, i+3):
yield result
@cli.command()
@click.argument('email')
@click.argument('invite_token', default='EZ3LEE')
@click.argument('cache_buster', default='1439057569199')
@click.option('--dryrun', is_flag=True)
def send_invites(email, invite_token, cache_buster, dryrun):
account, domain = email.split("@")
for i, account_wd in enumerate(permu_account(account)):
print(i, account_wd, "{}@{}".format(account_wd, domain))
if not dryrun:
send_invite("{}@{}".format(account_wd, domain), invite_token, cache_buster)
time.sleep(SLEEP)
if __name__ == '__main__':
cli()
"""
# to visualize different between 2**(len(account)-1) and fibonacci(len(account)+1)
from pylab import *
@np.vectorize
def fab_len_plus_1(l):
n = int(l+1)
n0, n1 = 0, 1
for i in xrange(n):
n0, n1 = n1, n0 + n1
return n0
@np.vectorize
def pow2_len_minus_1(l):
n = int(l-1)
return 2 ** n
l = array([12])
fab_len_plus_1(l), pow2_len_minus_1(l)
x = linspace(5, 20, 16)
semilogy(x, pow2_len_minus_1(x), 'red', label='2**')
semilogy(x, fab_len_plus_1(x), 'blue', label='fab')
legend(loc=2)
show()
"""