Bruteforcing cpanel

SilentKiller44
6 years ago

0

I was trying to find my college website admin login panel and then I find the cpanel login page of the website. Is it possible to bruteforce the cpanel.

19replies
7voices
290views
x2600
6 years ago

0

I am assuming you have permission to be doing such activities. If that’s the case, here’s my answer:

Theoretically, yes. Is it plausible? That’s another story. It really depends on the security restrictions in place.

Ghostboy-287 [ghost-287]
6 years ago | edited 6 years ago

3

i know that you are a good guy and that if u ll find a vulnerability you’ll report it them :)

if i was you, i ll check the type of the website first (if it’s wordpress, joomla….)
if wordpress i ll use wpscan or Wordpresscan (wpscan written on python+some features) to search vulnerabilities that i can exploit
if joomla i’ll use joomlavs/JoomlaScan
i ll search for vulnerabilities and info using nikto
i’ll also check for any sql vulnerabilities that are really frequent in college/university websites == this will allow me to get all the database and with some luck i’ll find the admin user and password on it

knowing that teachers have in some cases access to the website, i can do what we call a social engineering , i’ll send them an email where for example i ask a question about a lesson and i ll join an encrypted payload (a clean payload in a pdf, doc, image …) and when it will open it i ll get access to his pc, and here i ll check passwords that he saved in firefox for example and check if there are the one that i search (college website password) otherwise i ll configure a keylogger (to see all what he writes) and when it will access to the website with his username and password i ll receive them :) , or i can also send another payload to the admin from the teacher’s email (he will trust it ) :)
…. be creative :)

with the bruteforce it’s possible that it takes days or even weeks and in the end you won’t get any results.

SilentKiller44
6 years ago

0

I checked the website it doesn’t have wordpress, joomla or any other CMS. They just uploaded some html and css pages and there is no backend. Website login panel is through cpanel. But there is an email address and I like those above attack techniques provided by you.

Smyler [WHGhost]
6 years ago

0

Just don’t forget to not do anything illegal.

SilentKiller44
6 years ago

0

Yes I will take care of that

dloser
6 years ago

0

We trust you completely.


0

and yeah take care
in my country most of thing are legal , and they are so noob in this domain :) so I almost allow myself almost everything

Smyler [WHGhost]
6 years ago

1

And moral never stops you? Personally, what stops me form doing things is my ethic, and only then the laws. Laws are like computer in some points: they are a set of rules to make a society behave in a certain way just like a program is a set of instruction to control a computer. Laws can be hacked too if you really know what you are doing, so the limit has to first be your ethic. Laws come next, but should still be respected.


0

my moral will stop me when i ll do something wrong.

i dont destroy anything,
i dont create any trouble
i dont edit anything (information or other)
i notify the owner when I find a problem or something suspicious.

and when I want to test some things, I create a backup of what I find, I test what I want and I put everything back in as I found it.
because otherwise it won’t be possible, no one will let you test things on their servers. and to learn a lot more you have to try, you have to dare or you’ll just turn around in the same circle.

GreyHat

x2600
6 years ago

0

@dloser I second your comment. Unlimited trust.

Darwin [DIDIx13]
6 years ago | edited 6 years ago

0

I agree but only with your last message @ghost-287 I consider myself as a GreyHat too but ethics is a huge part about our “job”

x2600
6 years ago

1

@DIDIx13 This could actually make for an interesting discussion. Traditionally, they labels of white hat, grey hat, and black hat have been used to categorize hackers based on the actions and motives of hackers. The question an element that has emerged in recent years, though; it is one that your post suggests. Are the labels a form of admonishment to act a certain way? Do our actions produce our labels or do our labels produce our actions? And if the latter is true, doesn’t that undermine the free nature of hackerdom?

What are your thoughts?

Darwin [DIDIx13]
6 years ago

0

My english is too poor to pronounce all of my thoughts about labels and everything. Sorry @x2600 :(

Btw I could easily explain myself if we meet one time, but writing sigh

And, what are your thoughts ? I’m interested too :)

SilentKiller44
6 years ago

0

What I think is with great power comes great responsibility and as a hacker you should use that power wisely

x2600
6 years ago

0

@SilentKiller44 That’s a sound ethical take on the whole thing. What would you say the responsibility of each type of hacker is? Also, would you say that when you have a particular label (like grey hat), that you’re responsibility is to act like a grey hat hacker would?

x2600
6 years ago

3

@DIDIx13 I like the idea of everyone fitting into particular groups (like white hats, grey hats, and black hats), but I think people shift from one hat to another as time goes on, or as circumstances change.

About responsibility: For me, my biggest apprehension in accepting the newer hacker culture is that we’re supporting an age of “penetration testers,” and not an age of new hackers. The rich and deep culture that hackers experience may change so much that it will be unrecognizable. I mentioned to a coworker once that I was interested in computer security, or the lack thereof. He immediately got excited and said “Oh… you mean like kali linux.” You can guess my expression. The majority of people new to hackerdom don’t know anything beyond a linux distro, and they’re missing out on the depth of the culture. So responsibility is great, but my opinion is that hackerdom is best seen in shades of grey.

Darwin [DIDIx13]
6 years ago

0

Hmm I will quote this thank you @x2600 (actually I’ve never used a Linux distro or Ubuntu for a client that’s all but I really should get the hell out of windows. )

Mugi [Mugiwara27]
6 years ago

0

@x2600 glad that people thinking this way still exist in this world! Let’s hope the whole hacking culture won’t die with the time

x2600
6 years ago

0

@Mugiwara27 Yes, let’s hope, my friend.

You must be logged in to reply to this discussion. Login
1 of 20

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss