One of our guest authors already wrote a post on "Cracking Cpanel passwords", however that method worked for some sites and did not work on others, However, recently avinash mailed me a guest post, which contained two working methods that can be used to crack a Cpanel passwords, I have tested both methods myself and they are working. However, for this method to work, The website on which your shell is uploaded should be already vulnerable to Symlink Bypass (Server Bypass).
Method 1 [Cracking CPanel Passwords]
First create two folder's, Im creating abc & xyz Now i will upload the files to do symlink and do the symlink, Next give 0755 permission to jaguar.pl and run it and put etc/passwd in it, After this will get all the config's now you are done with symlinking the server
Now go the second folder we created and upload B_F.php and place tour symlink folder link in that And then click on start And you have you cpanels's.
ScreenShots For Furthur Explanations
1. Shell On The Server
2. Cpanel.py
3. Python already installed on your server.
We have to run the script from command prompt, So therefore we need to create a directory with any name let's say "a" in this case.
How to run the script?
Open command prompt and navigate to the directory where you have placed the script.
Then type cracker.py ww.site.com/abc (this will be our symlinked folder link) c:\a ( this is where it will be saved and then press enter. It will start it's work.
Next It will give you a passwords copy them all and upload a cpanel bruter and paste all the passwords in pass area, For user's go to shell and give command
ls /var/mail
And you will get all usernames paste it in user's area, And click on start.
ScreenShots For Furthur Explanations
Now go the second folder we created and upload B_F.php and place tour symlink folder link in that And then click on start And you have you cpanels's.
ScreenShots For Furthur Explanations
Method 2 [Cracking CPanel Passwords]
Requirements:1. Shell On The Server
2. Cpanel.py
3. Python already installed on your server.
We have to run the script from command prompt, So therefore we need to create a directory with any name let's say "a" in this case.
How to run the script?
Open command prompt and navigate to the directory where you have placed the script.
Then type cracker.py ww.site.com/abc (this will be our symlinked folder link) c:\a ( this is where it will be saved and then press enter. It will start it's work.
Next It will give you a passwords copy them all and upload a cpanel bruter and paste all the passwords in pass area, For user's go to shell and give command
ls /var/mail
And you will get all usernames paste it in user's area, And click on start.
ScreenShots For Furthur Explanations
About the Author:
Avinash is a security researcher and a blogger. He runs a blog http://www.hackerzadda.com/, where he writes about hacking.
No comments:
Post a Comment