Main » Articles » Web Hacking » Control Panel Hacking |
Cpanel Cracking
Today I requisite to lead you my intelligence Cpanel Tutorial.
What you impoverishment: -Cpanel brute forcing programm (I recomend Acunetix or the Cpanel perl playscript) -A intelligence (I recomndet a intellectual one, you'll necessary it for username) -Browser -And maybe FTP-Client (Determine what you essential) -Wordlist for passwords What I misused: -Cpanel brute forcing programm: Acunetix -Brain: The human -Browser: Firefox -Ftp-client: The fail windows ftp-client -Wordlist for passwords: I use a 26GB passlist Dork for finding hackable sites: position:heliohost.org or site:afreehosterwithcpanelsupport.com/.in/.net/... I used http://indianew.heliohost.org Usename: Mostly subdomain (In my cover indianew) Opening: Mostly 2082 or /cpanel Password: We'll brute intensiveness that But you need a passlist for that In my Video I`ll use a shorten passlist, movement I already screw the word. LET'S START 1. Acquire hackable site and unsettled the cpanel login (e.g. http://example.warning.org:2082) 2. When you unfastened the tract, a Pop-up has to area, if not investigate for other computer 3. Opened Acunetix, navigate to "Substantiation Querier" 4. At aim URL to tryout: http://example.admonition.org:2082 5. Now create a new txt record anywhere with the username in it (You can brute validity that too, but you won't deed something) 6. Decide in acunetix "USername wordbook track" the record you prefabricated at support 5 7. For "Secret dictionary line" use the Acunetix failure recite, or your own passlist 8. Now utter on start 9. This may necessitate a time 10. If you experience something GREAt if not see for antoher parcel ot use added username or use other passlist 11. If you feat something go to the cpanel site in your application (e.g. http://example.ideal.org:2082 or http://example.org/cpanel) 12. Login with the username and countersign you pioneer at stap 10 13. BAAAAAAAM You'r in, now you can do anything what you poverty with the tract But I inform now several steps you should do 14. Difference Secret of cpanel ond also of ftp so that the target admin isn't healthy to login anymore and remove your blemish. (After changing the countersign, you maybe bang to re-login with new countersign) 15. Upload your Defacemant at the "File-Manager" or use FTP for that I'll use FTP, reason I eff it , if you want to use FTP locomote reading, if ya poverty to upload the file with enter administrator prolong by yourself 16. Unobstructed "FTP-Accounts" 17. Transfer the parole of every FTP-Account!!! 18. Holograph pile to Specific FTP-Accounts and dawn an "Configure FTP-Client" of /home/username goes here 19. You'll get the accumulation of ftp username and ftp-server and port and SFTP porthole 20. Word is the same, which you set at 14 21. Now ingenuous a FTP-client and login with this informations, I'll use the windows option, if you requirement to use that too talk representation, if you use an own ftp-client use your own 22. Unlawful CMD 23. Tip "ftp" 24. Then "artless here server, which you launch at interval 19" 25. Then you feature to tipp username, which you pioneer at locomote 19 26. The word, which you set at maneuver 14 27. Tip "cd /public_html" or whereever the index place is 28. Tip "del fact.html" or what line ya necessary to censor (e.g. forefinger.php, indicant.html,...) 27. Tip "channel C:\where your blemish page is" in my casing "send C:\index.html" 28. The parcel is damaged 29. Now you should withdraw the log files!!!Rattling Distinguished!!! (I forget that in the video) 30. For that go wager to cpanel Ftp Accounts and there should be username_logs in my soul indianew_logs 31. navigate to configure FTP-Client 32. Login with that informations 33. Remove all LOGS now disconnection from server and you'r dressed. | |
Views: 1504 | Rating: 4.0/2 |
Total comments: 0 | |