Today I want to show you my news Cpanel cracking Tutorial, I found this way by myself (I mean the dork, not everything)
What you need:
-Cpanel brute forcing programm (I recomend Acunetix or the Cpanel perl script)
-A brain (I recomndet a good one, you'll need it for username)
-Browser
-And maybe FTP-Client (Decide what you want)
-Wordlist for passwords
What I used:
-Cpanel brute forcing programm: Acunetix
-Brain: The best
-Browser: Firefox
-Ftp-client: The default windows ftp-client
-Wordlist for passwords: I use a 26GB passlist
Dork for finding hackable sites:
site:heliohost.org
or
site:afreehosterwithcpanelsupport.com/.in/.net/...
I used http://indianew.heliohost.org
Usename:
Mostly subdomain (In my case indianew)
Port:
Mostly 2082
or
/cpanel
Password:
We'll brute force that
But you need a passlist for that
In my Video I`ll use a shorten passlist, cause I already know the password.
------------------------
Video:
http://www.multiupload.com/NORUKXMZ89
------------------------
Ok start with Tutorial:
1. Find hackable site and open the cpanel login (e.g. http://example.example.org:2082)
2. When you open the site, a Pop-up has to open, if not search for another site
3. Open Acunetix, navigate to "Authentication Tester"
4. At target URL to test: http://example.example.org:2082
5. Now create a new txt file anywhere with the username in it (You can brute force that too, but you won't find something)
6. Choose in acunetix "USername dictionary path" the file you made at step 5
7. For "Password dictionary path" use the Acunetix default list, or your own passlist
8. Now click on start
9. This may take a while
10. If you find something GREAt if not search for antoher site ot use another username or use another passlist
11. If you find something go to the cpanel site in your browser (e.g. http://example.example.org:2082 or http://example.org/cpanel)
12. Login with the username and password you found at stap 10
13. BAAAAAAAM You'r in, now you can do anything what you want with the site But I explain now some steps you should do
14. Change Password of cpanel ond also of ftp so that the target admin isn't able to login anymore and delete your deface. (After changing the password, you maybe have to re-login with new password)
15. Upload your Defacemant at the "File-Manager" or use FTP for that I'll use FTP, cause I love it , if you want to use FTP continue reading, if ya want to upload the file with file manager continue by yourself
16. Open "FTP-Accounts"
17. Change the password of every FTP-Account!!!
18. Scroll down to Special FTP-Accounts and click an "Configure FTP-Client" of /home/username goes here
19. You'll get the information of ftp username and ftp-server and port and SFTP port
20. Password is the same, which you set at 14
21. Now open a FTP-client and login with this informations, I'll use the windows default, if you want to use that too continue reading, if you use an own ftp-client use your own
22. Open CMD
23. Tip "ftp"
24. Then "open here server, which you found at step 19"
25. Then you have to tipp username, which you found at step 19
26. The password, which you set at step 14
27. Tip "cd /public_html" or whereever the index site is
28. Tip "del index.html" or what file ya want to delete (e.g. index.php, index.html,...)
27. Tip "send C:\where your deface page is" in my case "send C:\index.html"
28. The site is defaced
29. Now you should delete the log files!!!REALLY IMPORTANT!!! (I forget that in the video)
30. For that go back to cpanel Ftp Accounts and there sould be username_logs in my case indianew_logs
31. navigate to configure FTP-Client
32. Login witht that informations
33. Delete all LOGS now disconnect from server and you'r finished
---------------------------
I hope you understood a video tut also coming
What you need:
-Cpanel brute forcing programm (I recomend Acunetix or the Cpanel perl script)
-A brain (I recomndet a good one, you'll need it for username)
-Browser
-And maybe FTP-Client (Decide what you want)
-Wordlist for passwords
What I used:
-Cpanel brute forcing programm: Acunetix
-Brain: The best
-Browser: Firefox
-Ftp-client: The default windows ftp-client
-Wordlist for passwords: I use a 26GB passlist
Dork for finding hackable sites:
site:heliohost.org
or
site:afreehosterwithcpanelsupport.com/.in/.net/...
I used http://indianew.heliohost.org
Usename:
Mostly subdomain (In my case indianew)
Port:
Mostly 2082
or
/cpanel
Password:
We'll brute force that
But you need a passlist for that
In my Video I`ll use a shorten passlist, cause I already know the password.
------------------------
Video:
http://www.multiupload.com/NORUKXMZ89
------------------------
Ok start with Tutorial:
1. Find hackable site and open the cpanel login (e.g. http://example.example.org:2082)
2. When you open the site, a Pop-up has to open, if not search for another site
3. Open Acunetix, navigate to "Authentication Tester"
4. At target URL to test: http://example.example.org:2082
5. Now create a new txt file anywhere with the username in it (You can brute force that too, but you won't find something)
6. Choose in acunetix "USername dictionary path" the file you made at step 5
7. For "Password dictionary path" use the Acunetix default list, or your own passlist
8. Now click on start
9. This may take a while
10. If you find something GREAt if not search for antoher site ot use another username or use another passlist
11. If you find something go to the cpanel site in your browser (e.g. http://example.example.org:2082 or http://example.org/cpanel)
12. Login with the username and password you found at stap 10
13. BAAAAAAAM You'r in, now you can do anything what you want with the site But I explain now some steps you should do
14. Change Password of cpanel ond also of ftp so that the target admin isn't able to login anymore and delete your deface. (After changing the password, you maybe have to re-login with new password)
15. Upload your Defacemant at the "File-Manager" or use FTP for that I'll use FTP, cause I love it , if you want to use FTP continue reading, if ya want to upload the file with file manager continue by yourself
16. Open "FTP-Accounts"
17. Change the password of every FTP-Account!!!
18. Scroll down to Special FTP-Accounts and click an "Configure FTP-Client" of /home/username goes here
19. You'll get the information of ftp username and ftp-server and port and SFTP port
20. Password is the same, which you set at 14
21. Now open a FTP-client and login with this informations, I'll use the windows default, if you want to use that too continue reading, if you use an own ftp-client use your own
22. Open CMD
23. Tip "ftp"
24. Then "open here server, which you found at step 19"
25. Then you have to tipp username, which you found at step 19
26. The password, which you set at step 14
27. Tip "cd /public_html" or whereever the index site is
28. Tip "del index.html" or what file ya want to delete (e.g. index.php, index.html,...)
27. Tip "send C:\where your deface page is" in my case "send C:\index.html"
28. The site is defaced
29. Now you should delete the log files!!!REALLY IMPORTANT!!! (I forget that in the video)
30. For that go back to cpanel Ftp Accounts and there sould be username_logs in my case indianew_logs
31. navigate to configure FTP-Client
32. Login witht that informations
33. Delete all LOGS now disconnect from server and you'r finished
---------------------------
I hope you understood a video tut also coming
0 comments:
Post a Comment