Friday 28 December 2012


                                                
One of our guest authors already wrote a post on "Cracking Cpanel passwords", however that method worked for some sites and did not work on others, However, recently avinash mailed me a guest post, which contained two working methods that can be used to crack a Cpanel passwords, I have tested both methods myself and they are working. However, for this method to work, The website on which your shell is uploaded should be already vulnerable to Symlink Bypass (Server Bypass).


Method 1 [Cracking CPanel Passwords]

Requirements:

1.
PHP Backdoor (Shell) installed on a server.
2. Required Files
First create two folder's, Im creating abc & xyz Now i will upload the files to do symlink and do the symlink, Next give 0755 permission to jaguar.pl and run it and put etc/passwd in it, After this will get all the config's now you are done with symlinking the server

 Now go the second folder we created and upload B_F.php and place tour symlink folder link in that And then click on start And you have you cpanels's.

ScreenShots For Furthur Explanations






Method 2 [Cracking CPanel Passwords]

Requirements:
1. Shell On The Server
2. Cpanel.py
3. Python already installed on your server.


We have to run the script from command prompt, So therefore we need to create a directory with any name let's say "a" in this case.

How to run the script?

Open command prompt and navigate to the directory where you have placed the script.

Then type cracker.py ww.site.com/abc (this will be our symlinked folder link) c:\a ( this is where it will be saved and then press enter. It will start it's work.

Next It will give you a passwords copy them all and upload a cpanel bruter and paste all the passwords in pass area, For user's go to shell and give command

ls /var/mail

And you will get all usernames paste it in user's area, And click on start.

ScreenShots For Furthur Explanations






About the Author:
Avinash is a security researcher and a blogger. He runs a blog http://www.hackerzadda.com/, where he writes about hacking. 
 
SOURCE - RAFAYHACKING
ENJOY ------------------------------------------------------------------<><><><><><><><><><><>
Categories: ,