├── .gitignore ├── EmailParser.py ├── GmailClicker.py ├── GmailExploit.py ├── GmailExploit2.py ├── GmailExploit3.py ├── GuerrillaMailExploit.py ├── MailinatorExploit.py ├── README.md ├── gmailbot.js ├── invite_bruteforce.py ├── lib ├── __init__.py └── guerrillamail.py └── mailinator.js /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | *.py[cod] 3 | -------------------------------------------------------------------------------- /EmailParser.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import imaplib 3 | import getpass 4 | import email.header 5 | import re 6 | import datetime 7 | import json 8 | import email 9 | import requests 10 | import time 11 | 12 | f = open("confirmations.txt", "w") 13 | 14 | EMAIL = input("Email : ") 15 | PASSWORD = input("Password : ") 16 | def processMailbox(M): 17 | M.select() 18 | typ, data = M.search(None, 'SUBJECT "Confirm your email"', '(BODY "OnePlus")') 19 | for num in data[0].split(): 20 | typ, data = M.fetch(num, '(RFC822)') 21 | msg = email.message_from_string(data[0][1].decode('utf-8')) 22 | if msg.is_multipart(): 23 | for payload in msg.get_payload(): 24 | manipulatePayload(payload) 25 | break 26 | 27 | else: 28 | manipulatePayload(msg) 29 | 30 | 31 | def manipulatePayload(payload): 32 | m = re.search('http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+\.', str(payload.get_payload(None, True))) 33 | newURL = m.group(0).rstrip(".") 34 | f.write(newURL + "\n") 35 | print("Sending confirmation request to " + newURL) 36 | res = requests.get(m.group(0).rstrip(".")) 37 | if res.status_code == 200: 38 | print("Referral sucessfully spoofed") 39 | else : 40 | print("Hamsters are dead") 41 | print() 42 | 43 | return 44 | 45 | 46 | M = imaplib.IMAP4_SSL('imap.gmail.com') 47 | 48 | try : 49 | M.login(input("Email : "), input("password : ")) 50 | except imaplib.IMAP4.error: 51 | print("LOGIN FAILED") 52 | 53 | rv, mailboxes = M.list() 54 | if rv == 'OK' : 55 | print("Selecting Mailbox Inbox") 56 | processMailbox(M) 57 | M.close() 58 | M.logout() 59 | f.close() 60 | -------------------------------------------------------------------------------- /GmailClicker.py: -------------------------------------------------------------------------------- 1 | import imaplib 2 | import string 3 | import urllib2 4 | import time 5 | import email 6 | import re 7 | import requests 8 | 9 | def processMailbox(M): 10 | M.select() 11 | typ, data = M.search(None, 'UnSeen', 'SUBJECT', '"Confirm your email"', 'FROM', 'invites@oneplus.net') 12 | mails = data[0].split() 13 | print "There are %i unseen invites!" % len(mails) 14 | for num in mails: 15 | typ, data = M.fetch(num, '(RFC822)') 16 | msg = email.message_from_string(data[0][1].decode('utf-8')) 17 | if msg.is_multipart(): 18 | for payload in msg.get_payload(): 19 | manipulatePayload(payload) 20 | break 21 | else: 22 | manipulatePayload(msg) 23 | 24 | def manipulatePayload(payload): 25 | m=re.search('http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+\.', 26 | str(payload.get_payload(None,True))) 27 | newURL = m.group(0).rstrip(".") 28 | print("Sending confirmation request to " + newURL) 29 | while True: 30 | try: 31 | res = requests.get(m.group(0).rstrip("."), timeout=1) 32 | if res.status_code == 200: 33 | print("Referral successfully spoofed") 34 | return 35 | else: 36 | print("Request failed. "+str(res.status_code)) 37 | except: 38 | continue 39 | finally: 40 | time.sleep(5) 41 | 42 | M= imaplib.IMAP4_SSL('imap.gmail.com') 43 | 44 | try: 45 | M.login('emailadress@gmail.com', "password") 46 | except imaplib.IMAP4.error: 47 | print("LOGIN FAILED") 48 | 49 | rv, mailboxes = M.list() 50 | if rv == 'OK' : 51 | print("Selecting Mailbox Inbox") 52 | while True: 53 | processMailbox(M) 54 | print "Waiting for a minute ..." 55 | time.sleep(60) 56 | M.close() 57 | M.logout() 58 | 59 | 60 | -------------------------------------------------------------------------------- /GmailExploit.py: -------------------------------------------------------------------------------- 1 | import string 2 | import urllib2 3 | import time 4 | 5 | emailList = [] 6 | attempts = 0 7 | total = 0 8 | skip = 0 9 | gmailAddress = "" 10 | inviteToken = "" 11 | 12 | def insertDots(str, at): 13 | if at == 0: 14 | emailList.append(str) 15 | return 16 | newStr = str[:at] + "." + str[at:] 17 | for i in range(at): 18 | insertDots(newStr, i) 19 | 20 | def allDots(str): 21 | for i in range(len(str)): 22 | insertDots(str, i) 23 | 24 | allDots(gmailAddress.replace(".", "")) 25 | 26 | total = len(emailList) 27 | print "Count: {}".format(total) 28 | print "List: " 29 | print emailList 30 | print 31 | 32 | for email in emailList: 33 | attempts += 1 34 | if (attempts <= skip): 35 | continue 36 | requestUrl = "https://invites.oneplus.net/index.php?r=share/signup&success_jsonpCallback&email={0}%40gmail.com&koid={1}&_=1438677876942".format(email, inviteToken) 37 | print("Sending invite to " + email + "@gmail.com ({}/{}) ...".format(attempts, total)) 38 | req = urllib2.Request(requestUrl) 39 | try: 40 | res = urllib2.urlopen(req) 41 | except urllib2.HTTPError as e: 42 | resCode = e.code 43 | print("Request Failed: {}.".format(resCode)) 44 | except urllib2.URLError as e: 45 | print("Request Failed: URL Error.") 46 | else: 47 | print("Successful Response.") 48 | time.sleep(15) -------------------------------------------------------------------------------- /GmailExploit2.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import time 3 | import random 4 | import re 5 | import string as String 6 | 7 | EMAIL = "something@gmail.com" # Your Gmail address 8 | REFERRAL_CODE = "" #5-6character reservation ID 9 | 10 | # Works but runs through same address in same order every run 11 | def dotify(address): 12 | return dotify_(address.split("@")[0].replace(".","") + "@" + address.split("@")[1]) 13 | 14 | def dotify_(string): 15 | if len(string) == 1: 16 | yield string 17 | return 18 | 19 | for rest in dotify_(string[1:]): 20 | yield string[0] + rest 21 | yield string[0] + "." + rest 22 | 23 | # Seems to be patched. Does not work 24 | def plusify(address): 25 | while True: 26 | string = ''.join(random.choice(String.ascii_uppercase + String.digits) for _ in range(32)) 27 | yield re.sub('@', '+'+string+'@', address) 28 | 29 | # Randomly place dot with following criteria: 30 | # - Not at start or end 31 | # - Atleast two characters inbetween the dot (Seems like only one character seperation is usually rejected) 32 | # High success rate as of 2015/08/08 33 | def random_dotify(address, separator=2): 34 | split = address.split('@') 35 | while True: 36 | account = split[0] 37 | index = 1 38 | while index < len(account)-1: 39 | if random.random() < 0.5: 40 | account = account[:index] + "." + account[index:] 41 | index += separator 42 | index += 1 43 | yield account + '@' + split[1] 44 | 45 | for email in random_dotify(EMAIL): 46 | requestURL = "https://invites.oneplus.net/index.php?r=share/signup&success_jsonpCallback=success_jsonpCallback&email={0}&koid={1}&_=1438677876942".format(email.replace("@", "%40"), REFERRAL_CODE) 47 | print("Sending invite to " + email) 48 | res = requests.get(requestURL) 49 | while res.status_code != 200: 50 | print("Request failed. "+str(res.status_code)) 51 | time.sleep(5) 52 | res = requests.get(requestURL) 53 | print("Successfully retrieved response") 54 | -------------------------------------------------------------------------------- /GmailExploit3.py: -------------------------------------------------------------------------------- 1 | """ 2 | based on 3 | https://github.com/JakeCooper/ 4 | https://developers.google.com/gmail/api/quickstart/python 5 | this will insert dots "." in the email with atleast two characters between dot 6 | 7 | 8 | required packages (pip install): 9 | requests, click, google-api-python-client 10 | 11 | You will need to enable GMAIL API. You can follow the instruction from: 12 | https://developers.google.com/gmail/api/quickstart/python 13 | just save the client_secret.json on the same directory you are going to run the script 14 | 15 | usage: 16 | # send invites to your gmail 17 | python GmailExploit3.py send_invites {your gmail address} {invite token} {cache_buster} 18 | 19 | # read and confirm invites from your gmail 20 | python GmailExploit3.py process_invites 21 | """ 22 | 23 | import httplib2 24 | import os 25 | import base64 26 | import re 27 | import time 28 | import argparse 29 | 30 | import click 31 | import requests 32 | 33 | from apiclient import discovery 34 | import oauth2client 35 | from oauth2client import client 36 | from oauth2client import tools 37 | 38 | 39 | SCOPES = 'https://www.googleapis.com/auth/gmail.readonly' 40 | CLIENT_SECRET_FILE = 'client_secret.json' 41 | APPLICATION_NAME = 'Gmail API Quickstart' 42 | CONFIRM_URL_RE = re.compile(r'https://.*confirm.*\.') 43 | INVITE_COMPLETED_RE = re.compile(r'You are in position') 44 | SLEEP = 5.0 45 | 46 | 47 | @click.group() 48 | def cli(): 49 | pass 50 | 51 | 52 | def get_credentials(): 53 | """Gets valid user credentials from storage. 54 | 55 | If nothing has been stored, or if the stored credentials are invalid, 56 | the OAuth2 flow is completed to obtain the new credentials. 57 | 58 | Returns: 59 | Credentials, the obtained credential. 60 | """ 61 | credential_dir = os.path.join(os.getcwd(), '.credentials') 62 | if not os.path.exists(credential_dir): 63 | os.makedirs(credential_dir) 64 | credential_path = os.path.join(credential_dir, 65 | 'gmail-quickstart.json') 66 | 67 | store = oauth2client.file.Storage(credential_path) 68 | credentials = store.get() 69 | if not credentials or credentials.invalid: 70 | flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES) 71 | flow.user_agent = APPLICATION_NAME 72 | flags = argparse.Namespace(auth_host_name='localhost', 73 | auth_host_port=[8080, 8090], 74 | logging_level='ERROR', 75 | noauth_local_webserver=False) 76 | credentials = tools.run_flow(flow, store, flags) 77 | print 'Storing credentials to ' + credential_path 78 | return credentials 79 | 80 | 81 | def list_messages(service): 82 | page_token = None 83 | query = { 84 | 'from' : 'oneplus.net', 85 | 'after' : '2015/07/08', 86 | 'subject' : '(confirm email)', 87 | } 88 | query_str = ' '.join(map(lambda x: "{}:{}".format(x[0],x[1]),query.items())) 89 | 90 | kwargs = { 91 | 'userId' : 'me', 92 | 'q' : query_str, 93 | } 94 | 95 | while True: 96 | if page_token: 97 | kwargs['pageToken'] = page_token 98 | results = service.users().messages().list(**kwargs).execute() 99 | if results.get('resultSizeEstimate') == 0: 100 | break 101 | 102 | print(kwargs, results.get('resultSizeEstimate')) 103 | page_token = results.get('nextPageToken') 104 | 105 | for message_data in results['messages']: 106 | yield message_data['id'] 107 | 108 | if not page_token: 109 | break 110 | 111 | 112 | def get_invite_url_from_message(service, message_id): 113 | message = service.users().messages().get(userId='me', id=message_id).execute() 114 | for part in message['payload']['parts']: 115 | if part['mimeType'] == 'text/plain': 116 | m = CONFIRM_URL_RE.search(base64.urlsafe_b64decode(part['body']['data'].encode('utf-8'))) 117 | if m: 118 | confirm_url = m.group(0).strip('.') 119 | print(confirm_url) 120 | return confirm_url 121 | 122 | 123 | def confirm_invite(url): 124 | response = requests.get(url) 125 | INVITE_COMPLETED_RE.search 126 | m = re.search(r'You are in position', response.content) 127 | if m: 128 | print('invite comfirmed') 129 | 130 | 131 | @cli.command() 132 | def process_invites(): 133 | credentials = get_credentials() 134 | http = credentials.authorize(httplib2.Http()) 135 | service = discovery.build('gmail', 'v1', http=http) 136 | for message_id in list_messages(service): 137 | try: 138 | url = get_invite_url_from_message(service, message_id) 139 | if url: 140 | print url 141 | confirm_invite(url) 142 | time.sleep(SLEEP) 143 | except Exception as e: 144 | print(e) 145 | 146 | 147 | def send_invite(email, invite_token, cache_buster): 148 | try: 149 | url = "https://invites.oneplus.net/index.php" 150 | payload = { 151 | 'r' : 'share/signup', 152 | 'success_jsonpCallback' : 'success_jsonpCallback', 153 | 'email' : email, 154 | 'koid' : invite_token, 155 | '_' : cache_buster, 156 | } 157 | response = requests.get(url, params=payload) 158 | print(response.content) 159 | except Exception as e: 160 | print(e) 161 | 162 | 163 | def permu_account(account, p=1): 164 | """ 165 | - add dot('.') between character 166 | - need atleast two characters between dot or it will be considered invalid email 167 | this bring the permutation count from 2**(len(account)-1) to fibonacci(len(account)+1) 168 | """ 169 | yield account 170 | for i in range(p, len(account)): 171 | account_wd = account[:i] + '.' + account[i:] 172 | for result in permu_account(account_wd, i+3): 173 | yield result 174 | 175 | 176 | @cli.command() 177 | @click.argument('email') 178 | @click.argument('invite_token', default='EZ3LEE') 179 | @click.argument('cache_buster', default='1439057569199') 180 | @click.option('--dryrun', is_flag=True) 181 | def send_invites(email, invite_token, cache_buster, dryrun): 182 | account, domain = email.split("@") 183 | for i, account_wd in enumerate(permu_account(account)): 184 | print(i, account_wd, "{}@{}".format(account_wd, domain)) 185 | if not dryrun: 186 | send_invite("{}@{}".format(account_wd, domain), invite_token, cache_buster) 187 | time.sleep(SLEEP) 188 | 189 | 190 | if __name__ == '__main__': 191 | cli() 192 | 193 | 194 | """ 195 | # to visualize different between 2**(len(account)-1) and fibonacci(len(account)+1) 196 | 197 | from pylab import * 198 | 199 | @np.vectorize 200 | def fab_len_plus_1(l): 201 | n = int(l+1) 202 | n0, n1 = 0, 1 203 | for i in xrange(n): 204 | n0, n1 = n1, n0 + n1 205 | return n0 206 | 207 | @np.vectorize 208 | def pow2_len_minus_1(l): 209 | n = int(l-1) 210 | return 2 ** n 211 | 212 | 213 | l = array([12]) 214 | fab_len_plus_1(l), pow2_len_minus_1(l) 215 | 216 | 217 | x = linspace(5, 20, 16) 218 | semilogy(x, pow2_len_minus_1(x), 'red', label='2**') 219 | semilogy(x, fab_len_plus_1(x), 'blue', label='fab') 220 | legend(loc=2) 221 | show() 222 | 223 | """ 224 | -------------------------------------------------------------------------------- /GuerrillaMailExploit.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import requests 4 | import re 5 | import time 6 | import urllib 7 | from lib.guerrillamail import GuerrillaMailSession 8 | 9 | INVITE_TOKEN = "" #5-character reservation ID 10 | EMAIL_CHECK_TIMEOUT = 60 # number of seconds to wait for the email 11 | 12 | while(True): 13 | session = GuerrillaMailSession() 14 | email_address = session.get_session_state()['email_address'] 15 | req_url = "https://invites.oneplus.net/index.php?r=share/signup&success_jsonpCallback=success_jsonpCallback&email={0}&koid={1}&_={2}".format(urllib.quote_plus(email_address), INVITE_TOKEN, str(int(time.time())*1000)) 16 | 17 | print("Sending invite to " + email_address + "...") 18 | requests.get(req_url) 19 | 20 | print("Checking mailbox for the magic email...") 21 | email_id = None 22 | for i in range(0, EMAIL_CHECK_TIMEOUT/2): 23 | email_id = session.get_email_list()[0].guid 24 | time.sleep(2) 25 | if session.get_email(email_id).subject != "Confirm your email": 26 | continue 27 | 28 | if email_id == 1: 29 | print("Couldn't find the magic email on the mailbox after " + str(EMAIL_CHECK_TIMEOUT) + " seconds!.") 30 | print("Let's try to send more invites...") 31 | print("") 32 | continue 33 | 34 | print("Found! Fetching email id " + email_id + " body...") 35 | email_body = session.get_email(email_id).body 36 | 37 | m = re.search('http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+', email_body) 38 | new_url = m.group(0).rstrip(".") 39 | print("Clicking confirmation link...") 40 | requests.get(m.group(0).rstrip(".")) 41 | print("Referral sucessfully spoofed...") 42 | print("") 43 | -------------------------------------------------------------------------------- /MailinatorExploit.py: -------------------------------------------------------------------------------- 1 | import string 2 | import random 3 | import requests 4 | import json 5 | import re 6 | import time 7 | 8 | RESERVATIONID = "" #5to6-character reservation ID 9 | APITOKEN = "" # Mailinator API Token 10 | 11 | def generateString(): 12 | return ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(32)) 13 | 14 | while(True): 15 | currentEmail = generateString() 16 | timestamp = str(int(time.time())*1000) 17 | requestURL = "https://invites.oneplus.net/index.php?r=share/signup&success_jsonpCallback=success_jsonpCallback" + \ 18 | "&email={0}%40mailinator.com&koid={1}&_={2}".format(currentEmail, RESERVATIONID, timestamp) 19 | 20 | print("Sending invite to " + currentEmail + "@mailinator.com") 21 | res = requests.get(requestURL) 22 | 23 | mailinatorInbox = "https://api.mailinator.com/api/inbox?to=" + currentEmail + "&token=" + APITOKEN 24 | print("curling " + mailinatorInbox) 25 | 26 | time.sleep(5) 27 | response = requests.get(mailinatorInbox) 28 | while not response: 29 | time.sleep(2) 30 | response = requests.get(mailinatorInbox) 31 | 32 | json_data = json.loads(response.text) 33 | 34 | emailID = None 35 | for i in range(0, 5): 36 | response = requests.get(mailinatorInbox) 37 | json_data = json.loads(response.text) 38 | 39 | for message in json_data["messages"]: 40 | if message["subject"] == "Confirm your email": 41 | emailID = message["id"] 42 | 43 | if emailID: 44 | break 45 | 46 | time.sleep(1) 47 | 48 | if not emailID: 49 | continue 50 | 51 | mailinatorMessage = "https://api.mailinator.com/api/email?id=" + emailID + "&token=" + APITOKEN 52 | response = requests.get(mailinatorMessage) 53 | json_data = json.loads(response.text) 54 | content = json_data["data"]["parts"][0]["body"] 55 | 56 | m = re.search('http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+', content) 57 | newURL = m.group(0).rstrip(".") 58 | print("Sending confirmation request to " + newURL) 59 | res = requests.get(m.group(0).rstrip(".")) 60 | print("Referral sucessfully spoofed") 61 | print() -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # OnePlusTwo 2 | 3 | ## Mailinator Exploit (no longer working) 4 | Context, Part 1: 5 | 6 | https://medium.com/@JakeCooper/how-i-hacked-the-oneplus-reservation-system-120ea1a7ad82 7 | 8 | ### Python (MailinatorExploit.py) 9 | Steps to use : 10 | 11 | 1. Fill in ```RESERVATIONID``` and ```APITOKEN``` at line 8-9 12 | 2. Download and install Requests (http://docs.python-requests.org/en/latest/) 13 | 3. Run! (`python MailinatorExploit.py`) 14 | 15 | ### Javascript (mailinator.js) 16 | 1)Fill in ```RESERVATIONID``` at line 7 17 | 2)Fill in ```APITOKEN```` at line 8 18 | 3)Run the app using the command 19 | node mailinator.js 20 | 21 | 22 | ## Gmail Exploit (no longer working) 23 | Context, Part 2: 24 | 25 | https://medium.com/@JakeCooper/so-nice-i-did-it-twice-hacking-the-oneplus-reservation-system-again-2e8226c45f9a 26 | 27 | ### Method 1 28 | 29 | 1. Fill in ```gmailAddress``` and ```inviteToken``` at line 9-10 30 | 2. Run! (`python GmailExploit.py`) 31 | 3. Click links in your gmail inbox (or add a python script to automate this) 32 | 33 | ### Method 2 34 | 1. Download and install Requests (http://docs.python-requests.org/en/latest/) 35 | 2. Run GmailExploit2.py 36 | 3. Enter your email WITH @gmail.com when prompted. 37 | 4. Enter your referral code (5-6 digits found on the end of your referral link) 38 | 5. Run EmailParser.py 39 | 6. Enter your email WITH @gmail.com. 40 | 7. Enter your password 41 | 42 | Note: EmailParser.py won't work if you have 2-step authentication ON. For the time being, disable it and then run it 43 | 44 | ### Method 3 45 | Note: You will need to enable GMAIL API: 46 | 47 | - follow the instruction from https://developers.google.com/gmail/api/quickstart/python 48 | 49 | - just save the client_secret.json on the same directory you are going to run the script 50 | 51 | 1. Run! (`python GmailExploit3.py send_invites {your gmail address} {invite token} {cache_buster} [--dryrun]`) 52 | 53 | \* [--dryrun] allow you to see the list of emails the invite will send to 54 | 55 | 2. Wait until you received the email invites. Run! (`python GmailExploit3.py process_invites`) 56 | 57 | 58 | ## GuerrillaMail Exploit (no longer working) 59 | 60 | Steps to use: 61 | 62 | 1. Fill in ```INVITE_TOKEN``` at line 9 63 | 2. (Optional) Change how long do you want to wait for the email to arrive ```EMAIL_CHECK_TIMEOUT``` at line 10 64 | 3. Download and install Requests (http://docs.python-requests.org/en/latest/) 65 | 4. Run! (`python GuerrillaMailExploit.py`) 66 | 67 | ##Additional Components 68 | 69 | ### gmailClicker - OnePlusTwo 70 | Click on the confirmation link in a gmail message 71 | 72 | Steps to use : 73 | 74 | 1. Insert your email adress and your password (line 38) 75 | 2. Install pip if it is not all done 76 | 3. Install request package -> pip install requests 77 | 4. run it 78 | 79 | ### EmailParser 80 | Parses emails and curls the confirmation link automatically. 81 | 82 | 1. Run EmailParser.py 83 | 2. Enter your email 84 | 3. Enter your password. 85 | 86 | ### Bruteforce 87 | tries to bruteforce the Oneplus invite system. 88 | 89 | Steps to use: 90 | 1. replace `email1` with your email and `password` with your password. this is used to claim the invite. 91 | 2. replace `email2` with another (or the same) email. this is the email where the invites will be sent. 92 | 3. run invite_bruteforce.py 93 | -------------------------------------------------------------------------------- /gmailbot.js: -------------------------------------------------------------------------------- 1 | //get the response from this first 2 | 3 | //get request to the html 4 | //get the mail id 5 | var https=require('https'); 6 | 7 | var apikey="Your API KEy"; 8 | var oneplusId="Your one plus token"; 9 | mailPart="your mail id";//ex:newkid@gmail.com->mailpart=>newkid 10 | mailDomain="Mail id domain";//maildomain=>@gmail.com 11 | function getRandomIntInclusive(min,max) { 12 | return Math.floor(Math.random() * (max - min + 1)) + min; 13 | } 14 | 15 | var count=1; 16 | var x=function(){ 17 | setTimeout(function () { 18 | times=getRandomIntInclusive(1,10); 19 | var mailId=''; 20 | var index=mailPart.indexOf('.'); 21 | for (var i = 0; i< mailPart.length; i++) { 22 | mailId+=mailPart.substring(i,i+1); 23 | len=getRandomIntInclusive(0,1); 24 | 25 | if(len!=0 && i!=mailPart.length-1 && i!=index && i!=index-1) 26 | mailId+='.'; 27 | }; 28 | mailId+=mailDomain; 29 | https.get("https://invites.oneplus.net/index.php?r=share/signup&success_jsonpCallback=success_jsonpCallback&email="+mailId+"&koid="+oneplusId,function(res1){ 30 | 31 | 32 | var data; 33 | res1.on('data',function(d){ 34 | data+=d; 35 | }); 36 | res1.on('end',function(e){ 37 | if(data.indexOf('success_jsonpCallback')!=-1){ 38 | console.log(mailId+' with counter value '+count); 39 | count++; 40 | }else{ 41 | console.log('randomising'); 42 | } 43 | x(); 44 | }); 45 | 46 | }); 47 | 48 | }, 0); 49 | 50 | } 51 | x(); 52 | 53 | 54 | 55 | //https://api.mailinator.com/api/inbox?to=hsdars@mailinator.com&token=203ea3b4ac404f70989f840c025b232f 56 | -------------------------------------------------------------------------------- /invite_bruteforce.py: -------------------------------------------------------------------------------- 1 | import string 2 | import random 3 | import urllib 4 | import urllib2 5 | import time 6 | import re 7 | import smtplib 8 | 9 | index = 0 10 | server = smtplib.SMTP_SSL('smtp.gmail.com', 465) 11 | 12 | class bcolors: 13 | HEADER = '\033[95m' 14 | OKBLUE = '\033[94m' 15 | OKGREEN = '\033[92m' 16 | WARNING = '\033[93m' 17 | FAIL = '\033[91m' 18 | ENDC = '\033[0m' 19 | BOLD = '\033[1m' 20 | UNDERLINE = '\033[4m' 21 | 22 | def id_generator(size, chars=string.ascii_uppercase + string.digits): 23 | return ''.join(random.choice(chars) for _ in range(size)) 24 | 25 | def mail(Code): 26 | server.login("email1", "password") 27 | #Send the mail 28 | msg = ("\n OnePlus Bot found a invite! https://invites.oneplus.net/claim/{}".format(Code)); 29 | server.sendmail("email1", "email2", msg) 30 | server.quit() 31 | print("Mail sent!") 32 | 33 | 34 | 35 | 36 | while True: 37 | index += 1 38 | s = "-"; 39 | seq = (id_generator(2),id_generator(4),id_generator(4),id_generator(4)); 40 | Raw = s.join(seq); 41 | Code1 = ("GL" + Raw) 42 | Code2 = ("IN" + Raw) 43 | requestUrl1 = "https://invites.oneplus.net/claim/{0}".format(Code1) 44 | requestUrl2 = "https://invites.oneplus.net/claim/{0}".format(Code2) 45 | print(bcolors.OKBLUE + "Attempt {}" .format(index) + bcolors.ENDC) 46 | print("Url1: https://invites.oneplus.net/claim/" + Code1) 47 | req1 = urllib2.Request(requestUrl1) 48 | res1 = urllib2.urlopen(req1) 49 | website1 = res1.read() 50 | pattern = ">You entered an invalid invite

" 51 | m1 = re.search(pattern, website1) 52 | if m1: 53 | print(bcolors.FAIL + "Invalid Invite!" + bcolors.ENDC) 54 | else: 55 | print(bcolors.OKGREEN + "Invite found!" + bcolors.ENDC) 56 | 57 | with open("log.txt", "a") as text_file: 58 | text_file.write("Invite found! | https://invites.oneplus.net/claim/{}".format(Code1)) 59 | text_file.write("\n") 60 | 61 | mail(Code1) 62 | 63 | print("Url2: https://invites.oneplus.net/claim/" + Code2) 64 | req2 = urllib2.Request(requestUrl2) 65 | res2 = urllib2.urlopen(req2) 66 | website2 = res2.read() 67 | m2 = re.search(pattern, website2) 68 | if m2: 69 | print(bcolors.FAIL + "Invalid Invite!" + bcolors.ENDC) 70 | else: 71 | print(bcolors.OKGREEN + "Invite found!" + bcolors.ENDC) 72 | 73 | with open("log.txt", "a") as text_file: 74 | text_file.write("Invite found! | https://invites.oneplus.net/claim/{}".format(Code2)) 75 | text_file.write("\n") 76 | 77 | mail(Code2) 78 | -------------------------------------------------------------------------------- /lib/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JakeCooper/OnePlusTwoBot/71b287cf02be0fc9f04d8663136b9178ba218078/lib/__init__.py -------------------------------------------------------------------------------- /lib/guerrillamail.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # Copyright Nathan Jones 2014 4 | # 5 | # This program is free software: you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation, either version 3 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program. If not, see . 17 | 18 | from __future__ import print_function 19 | 20 | import argparse 21 | from datetime import tzinfo, timedelta, datetime 22 | from time import time 23 | import json 24 | from os.path import expanduser 25 | import sys 26 | 27 | import requests 28 | 29 | 30 | # UTC timezone implementation from 31 | # http://docs.python.org/2/library/datetime.html#tzinfo-objects 32 | 33 | ZERO = timedelta(0) 34 | 35 | 36 | class UTC(tzinfo): 37 | """UTC""" 38 | # 39 | def utcoffset(self, dt): 40 | return ZERO 41 | 42 | def tzname(self, dt): 43 | return "UTC" 44 | 45 | def dst(self, dt): 46 | return ZERO 47 | 48 | 49 | utc = UTC() 50 | 51 | 52 | class GuerrillaMailException(Exception): 53 | def __init__(self, *args, **kwargs): 54 | super(GuerrillaMailException, self).__init__(*args, **kwargs) 55 | 56 | 57 | def _transform_dict(original, key_map): 58 | result = {} 59 | for (new_key, (old_key, transform_fn)) in key_map.items(): 60 | try: 61 | result[new_key] = transform_fn(original[old_key]) 62 | except KeyError: 63 | pass 64 | return result 65 | 66 | 67 | class Mail(object): 68 | @classmethod 69 | def from_response(cls, response_data): 70 | """ 71 | Factory method to create a Mail instance from a Guerrillamail response 72 | dict. 73 | """ 74 | identity = lambda x: x 75 | return Mail(**_transform_dict(response_data, { 76 | 'guid': ('mail_id', identity), 77 | 'subject': ('mail_subject', identity), 78 | 'sender': ('mail_from', identity), 79 | 'datetime': ('mail_timestamp', lambda x: datetime.utcfromtimestamp(int(x)).replace(tzinfo=utc)), 80 | 'read': ('mail_read', int), 81 | 'exerpt': ('mail_exerpt', identity), 82 | 'body': ('mail_body', identity), 83 | })) 84 | 85 | def __init__(self, guid=None, subject=None, sender=None, datetime=None, read=False, exerpt=None, body=None): 86 | self.guid = guid 87 | self.subject = subject 88 | self.sender = sender 89 | self.datetime = datetime 90 | self.read = read 91 | self.exerpt = exerpt 92 | self.body = body 93 | 94 | @property 95 | def time(self): 96 | return self.datetime.time().replace(tzinfo=self.datetime.tzinfo) if self.datetime else None 97 | 98 | 99 | SESSION_TIMEOUT_SECONDS = 3600 100 | 101 | 102 | class GuerrillaMailSession(object): 103 | """ 104 | An abstraction over a GuerrillamailClient which maintains session state. 105 | 106 | This class is not thread safe. 107 | """ 108 | def __init__(self, session_id=None, email_address=None, email_timestamp=0, **kwargs): 109 | self.client = GuerrillaMailClient(**kwargs) 110 | self.session_id = session_id 111 | self.email_timestamp = email_timestamp 112 | self.email_address = email_address 113 | 114 | def _update_session_state(self, response_data): 115 | try: 116 | self.session_id = response_data['sid_token'] 117 | except KeyError: 118 | pass 119 | try: 120 | self.email_address = response_data['email_addr'] 121 | except KeyError: 122 | pass 123 | try: 124 | self.email_timestamp = response_data['email_timestamp'] 125 | except KeyError: 126 | pass 127 | 128 | def is_expired(self): 129 | current_time = int(time()) 130 | expiry_time = self.email_timestamp + SESSION_TIMEOUT_SECONDS - 5 131 | return current_time >= expiry_time 132 | 133 | def _delegate_to_client(self, method_name, *args, **kwargs): 134 | client_method = getattr(self.client, method_name) 135 | response_data = client_method(session_id=self.session_id, *args, **kwargs) 136 | self._update_session_state(response_data) 137 | return response_data 138 | 139 | def get_session_state(self): 140 | self._ensure_valid_session(fully_populate=True) 141 | return { 142 | 'email_address': self.email_address 143 | } 144 | 145 | def set_email_address(self, address_local_part): 146 | self._delegate_to_client('set_email_address', address_local_part=address_local_part) 147 | 148 | def _renew_session(self): 149 | if self.email_address: 150 | self.set_email_address(self.email_address) 151 | else: 152 | self._delegate_to_client('get_email_address') 153 | 154 | def _ensure_valid_session(self, fully_populate=False): 155 | if self.session_id is None or self.is_expired() or fully_populate and not self.email_address: 156 | self._renew_session() 157 | if self.session_id is None: 158 | raise GuerrillaMailException('Failed to obtain session id') 159 | 160 | def get_email_list(self, offset=0): 161 | self._ensure_valid_session() 162 | response_data = self._delegate_to_client('get_email_list', offset=offset) 163 | email_list = response_data.get('list') 164 | return [Mail.from_response(e) for e in email_list] if email_list else [] 165 | 166 | def get_email(self, email_id): 167 | return Mail.from_response(self._delegate_to_client('get_email', email_id=email_id)) 168 | 169 | 170 | class GuerrillaMailClient(object): 171 | """ 172 | A client to the Guerrillamail web service API 173 | (https://www.guerrillamail.com/GuerrillaMailAPI.html). 174 | """ 175 | def __init__(self, base_url='http://api.guerrillamail.com', client_ip='127.0.0.1'): 176 | self.base_url = base_url 177 | self.client_ip = client_ip 178 | 179 | def _do_request(self, session_id, **kwargs): 180 | url = self.base_url + '/ajax.php' 181 | kwargs['ip'] = self.client_ip 182 | if session_id is not None: 183 | kwargs['sid_token'] = session_id 184 | response = requests.get(url, params=kwargs) 185 | try: 186 | response.raise_for_status() 187 | except requests.HTTPError as e: 188 | raise GuerrillaMailException(e) 189 | data = json.loads(response.text) 190 | return data 191 | 192 | def get_email_address(self, session_id=None): 193 | return self._do_request(session_id, f='get_email_address') 194 | 195 | def get_email_list(self, session_id, offset=0): 196 | if session_id is None: 197 | raise ValueError('session_id is None') 198 | return self._do_request(session_id, f='get_email_list', offset=offset) 199 | 200 | def get_email(self, email_id, session_id=None): 201 | response_data = self._do_request(session_id, f='fetch_email', email_id=email_id) 202 | if not response_data: 203 | raise GuerrillaMailException('Not found: ' + str(email_id)) 204 | return response_data 205 | 206 | def set_email_address(self, address_local_part, session_id=None): 207 | return self._do_request(session_id, f='set_email_user', email_user=address_local_part) 208 | 209 | 210 | SETTINGS_FILE = '~/.guerrillamail' 211 | 212 | 213 | def load_settings(): 214 | try: 215 | with open(expanduser(SETTINGS_FILE)) as f: 216 | return json.load(f) 217 | except IOError: 218 | return {} 219 | 220 | 221 | def save_settings(settings): 222 | with open(expanduser(SETTINGS_FILE), 'w+') as f: 223 | json.dump(settings, f, indent=4) 224 | f.write('\n') 225 | 226 | 227 | class Command(object): 228 | params = [] 229 | 230 | 231 | class GetInfoCommand(Command): 232 | name = 'info' 233 | help = 'Show information about the current session.' 234 | description = 'Show information about the current session.' 235 | 236 | def invoke(self, session, args): 237 | return 'Email: ' + session.get_session_state()['email_address'] 238 | 239 | 240 | class SetAddressCommand(Command): 241 | name = 'setaddr' 242 | help = 'Set the email address for the current session.' 243 | description = '''Set the email address for the current session. This 244 | address will be used when listing inbox contents.''' 245 | params = [{ 246 | 'name': 'address', 247 | 'help': 'an email address "local part". The domain, if provided, will be ignored.' 248 | }] 249 | 250 | def invoke(self, session, args): 251 | session.set_email_address(args.address) 252 | 253 | 254 | class ListEmailCommand(Command): 255 | name = 'list' 256 | help = 'Get the current inbox contents.' 257 | description = 'Get the contents of the inbox associated with the current session' 258 | 259 | def invoke(self, session, args): 260 | email_list = session.get_email_list() 261 | output = '' 262 | for email in email_list: 263 | output += self.format_email_summary(email) + '\n' 264 | return output 265 | 266 | def format_email_summary(self, email): 267 | unread_indicator = '*' if not email.read else ' ' 268 | email_format = u'({unread_indicator}) {email.guid:<8} {email.time} {email.sender}\n{email.subject}\n' 269 | return email_format.format(email=email, unread_indicator=unread_indicator) 270 | 271 | 272 | class GetEmailCommand(Command): 273 | name = 'get' 274 | help = 'Get an email message by id.' 275 | description = '''Get an email message by id. The requested email does not 276 | need to belong to the inbox associated with the current session.''' 277 | params = [{ 278 | 'name': 'id', 279 | 'help': 'an email id' 280 | }] 281 | 282 | def invoke(self, session, args): 283 | email = session.get_email(args.id) 284 | return self.format_email(email) 285 | 286 | def format_email(self, email): 287 | email_format = u'From: {email.sender}\nDate: {email.datetime}\nSubject: {email.subject}\n\n{email.body}\n' 288 | return email_format.format(email=email) 289 | 290 | 291 | COMMAND_TYPES = [GetInfoCommand, SetAddressCommand, ListEmailCommand, GetEmailCommand] 292 | 293 | 294 | def parse_args(args): 295 | parser = argparse.ArgumentParser(description='''Call a Guerrillamail web service. 296 | All commands operate on the current Guerrillamail session which is stored in {0}. If a session does not exist 297 | or has timed out a new one will be created.'''.format(SETTINGS_FILE)) 298 | subparsers = parser.add_subparsers(dest='command', metavar='') 299 | for Command in COMMAND_TYPES: 300 | command_parser = subparsers.add_parser(Command.name, help=Command.help, description=Command.description) 301 | for param in Command.params: 302 | param_name = param['name'] 303 | command_parser.add_argument(param_name, metavar='<{0}>'.format(param_name), help=param['help']) 304 | return parser.parse_args(args) 305 | 306 | 307 | def get_command(command_name): 308 | try: 309 | return [C() for C in COMMAND_TYPES if C.name == command_name][0] 310 | except IndexError: 311 | raise ValueError('Invalid command: ' + command_name) 312 | 313 | 314 | def update_settings(settings, session): 315 | settings['session_id'] = session.session_id 316 | settings['email_timestamp'] = session.email_timestamp 317 | settings['email_address'] = session.email_address 318 | 319 | 320 | def main(*args): 321 | args = parse_args(args) 322 | settings = load_settings() 323 | session = GuerrillaMailSession(**settings) 324 | try: 325 | output = get_command(args.command).invoke(session, args) 326 | except GuerrillaMailException as e: 327 | print(e.message, file=sys.stderr) 328 | else: 329 | if output is not None: 330 | print(output) 331 | update_settings(settings, session) 332 | save_settings(settings) 333 | 334 | 335 | if __name__ == '__main__': 336 | main(*sys.argv[1:]) 337 | -------------------------------------------------------------------------------- /mailinator.js: -------------------------------------------------------------------------------- 1 | //get the response from this first 2 | 3 | //get request to the html 4 | //get the mail id 5 | var https=require('https'); 6 | 7 | var apikey="Your Mailinator Api Key"; 8 | var oneplusId="Your one plus token"; 9 | x=function(){ 10 | console.log('inside'); 11 | https.get('https://www.mailinator.com', function(res) { 12 | var data; 13 | res.on('data', function(d) { 14 | data+=d; 15 | }); 16 | res.on('end',function(da){ 17 | var index=(data.indexOf("'); 20 | var bslash=subst.indexOf('>'); 21 | var mailId=(data.substring(index+bslash+1,index+bslash+slashIndex)); 22 | mailId=mailId.replace('',''); 23 | mailId=mailId.split('').join(''); 24 | mailId=mailId.trim(); 25 | var indexStr=mailId.indexOf('@mailinator.com'); 26 | mailId=mailId.substring(0,indexStr)+'@mailinator.com'; 27 | console.log(mailId); 28 | https.get("https://invites.oneplus.net/index.php?r=share/signup&success_jsonpCallback=success_jsonpCallback&email="+mailId+"&koid="+oneplusId,function(res1){ 29 | setTimeout(function () { 30 | https.get("https://api.mailinator.com/api/inbox?to=" + mailId + "&token="+apikey,function(res2){ 31 | //console.log(res2); 32 | var data1=''; 33 | res2.on('data', function(d) { 34 | data1+=d; 35 | }); 36 | res2.on('end',function(da){ 37 | data1=(JSON.parse(data1)); 38 | var id=(data1.messages[data1.messages.length-1].id); 39 | 40 | 41 | 42 | https.get("https://api.mailinator.com/api/email?id="+id+"&token="+apikey,function(res3){ 43 | 44 | var data1=''; 45 | res3.on('data', function(d) { 46 | data1+=d; 47 | }); 48 | res3.on('end',function(da){ 49 | data1=(JSON.parse(data1)); 50 | 51 | 52 | 53 | var content=data1.data.parts[0].body; 54 | var contIndex=content.indexOf('https:'); 55 | var string_url=content.substring(contIndex,contIndex+68); 56 | https.get(string_url,function(res3){ 57 | console.log('ended'); 58 | x(); 59 | }); 60 | 61 | 62 | }); 63 | }); 64 | 65 | }); 66 | 67 | }); 68 | 69 | }, 5000); 70 | 71 | 72 | }); 73 | }) 74 | }).on('error', function(e) { 75 | console.error(e); 76 | }); 77 | } 78 | x(); 79 | 80 | 81 | 82 | //https://api.mailinator.com/api/inbox?to=hsdars@mailinator.com&token=203ea3b4ac404f70989f840c025b232f --------------------------------------------------------------------------------