Author Topic: How to own websites with perl  (Read 13354 times)

ghostdog

  • Guest
on: December 20, 2010, 10:38:57 PM
This tutorial is strictly educational, dont abuse it cause your IP will be logged " Unless you use a good Proxy" !

Hi
This is a Perl script that finds " Admin" informations from almost any website.

DEMO:

Code: [Select]
ghostdog@backbox:~/Desktop$ sudo su
root@backbox:/home/ghostdog/Desktop#perl admin-site-finder.pl


Code: [Select]
                       Admin Control Panel Finder v 1
                             Coded By Ghostdog
                       website:www.backbox.org

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 Enter the website you want to scan
 e.g.: www.domaine.com or www.domaine.com/path
 --> http://??????????.17.forumer.com


 Enter the coding language of the website
 e.g.: asp, php, cfm, any
 If you don't know the launguage used in the coding then simply type ** any **
--> php

->The website: http://???????.17.forumer.com/
->Source of the website: php
->Scan of the admin control panel is progressing...


[-] Not Found <- http://???????.17.forumer.com/_admin/
[-] Not Found <- http://????????.17.forumer.com/backoffice/
 
 [+] Found -> http://??????.17.forumer.com/admin/

 
 Congratulation, this admin login page is working.

 Good luck from Ghostdog

[-] Not Found <- http://???????.17.forumer.com/administrator/
[-] Not Found <- http://???????.17.forumer.com/moderator/
[-] Not Found <- http://?????????.17.forumer.com/webadmin/
[-] Not Found <- http://???????.17.forumer.com/adminarea/
[-] Not Found <- http://???????.17.forumer.com/bb-admin/
[-] Not Found <- http://???????.17.forumer.com/adminLogin/
[-] Not Found <- http://???????.17.forumer.com/admin_area/
[-] Not Found <- http://???????.17.forumer.com/panel-administracion/
[-] Not Found <- http://???????.17.forumer.com/instadmin/
[-] Not Found <- http://???????.17.forumer.com/memberadmin/
[-] Not Found <- http://???????.17.forumer.com/administratorlogin/
[-] Not Found <- http://???????.17.forumer.com/adm/
[-] Not Found <- http://???????.17.forumer.com/admin/account.php
 
 [+] Found -> http://???????.17.forumer.com/admin/index.php

 
 Congratulation, this admin login page is working.

Good luck from Ghostdog


LINK :    http://www.megaupload.com/?d=J46S1JIV

Instructions:    #perl admin-site-finder.pl

Happy Hacking
GD
« Last Edit: January 12, 2011, 08:49:45 PM by raffaele »



clshack

  • Full Member
  • ***
  • Posts: 177
    • View Profile
    • ClsHack | Blog
Reply #1 on: December 21, 2010, 05:59:28 PM
Se il sito in questione non usa cms conosciuti questo tool può essere utile ;)

Un altro tool interessante è invece dirbuster con molte più opzioni ma anche molto più pesante circa   con i dizionari... è circa 36 mb 



greyfox

  • Guest
Reply #2 on: December 21, 2010, 06:29:26 PM
Sto sviluppando un programma in python che scansiona completamente un CMS sia come plugin, e, se trova un plugin noto cerca l'exploit nel relativo database.
Ovviamente sarà procedura standard la ricerca, ma la tua ricerca "dinamica" è molto buona per cms casalinghi.

PS: se qualcuno è interessato mi contatti.



yawn

  • Newbie
  • *
  • Posts: 4
    • View Profile
Reply #3 on: January 12, 2011, 08:31:29 PM
Sto sviluppando un programma in python che scansiona completamente un CMS sia come plugin, e, se trova un plugin noto cerca l'exploit nel relativo database.
Ovviamente sarà procedura standard la ricerca, ma la tua ricerca "dinamica" è molto buona per cms casalinghi.

PS: se qualcuno è interessato mi contatti.
hai qualche link (github o roba del genere)?

Quote
<erno> hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is.


greyfox

  • Guest
Reply #4 on: January 12, 2011, 09:16:51 PM
Lo sto ancora sviluppando...stavo pensando di mirare principalmente a joomla.
Ovviamente joomla avendo centinaia e centinaia di plugin richiede un lavoro lungo, cosi come wordpress.

PS: clshack, appena riesci mettiti in contatto che ho in mente qualcosa =)



yawn

  • Newbie
  • *
  • Posts: 4
    • View Profile
Reply #5 on: January 12, 2011, 09:23:39 PM
Lo sto ancora sviluppando...stavo pensando di mirare principalmente a joomla.
Ovviamente joomla avendo centinaia e centinaia di plugin richiede un lavoro lungo, cosi come wordpress.

PS: clshack, appena riesci mettiti in contatto che ho in mente qualcosa =)
era per dare un'occhiata al codice.. non per scaricare il tool :P

Quote
<erno> hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is.


clshack

  • Full Member
  • ***
  • Posts: 177
    • View Profile
    • ClsHack | Blog
Reply #6 on: January 12, 2011, 10:19:21 PM
io in questo tempo non ho avuto modo di andare avanti con il lavoro comunque quello che volevo creare insieme a greyfox era una alternativa a cms-explorer / plecost unendo la potenza di questi due in un unico script/software multi-thread per velocizzare le operazione ( in caso di ricerca plugin su wordpress...  utilizzando una ricerca "bruteforce" le directory da scansionare per vedere se un plugin è attivo sono circa 33 000 )



linuxshell

  • Newbie
  • *
  • Posts: 8
    • View Profile
Reply #7 on: January 28, 2013, 05:51:37 PM
Do you still have that script???
Bc Megaupload is down site....



ZEROF

  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #8 on: January 28, 2013, 07:23:37 PM
Do you still have that script???
Bc Megaupload is down site....

You can find a lot of scripts perl/python made for this but you can use some tools like Owasp Dirbuster.

Try this one :

http://pastebin.com/briQuRup


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*