Home 0P3N Blog CRACK CPANEL(B-F CONFIG)
Ready to Start Your Career?
Create Free Account
authors profile image
January 1, 2016

CRACK CPANEL(B-F CONFIG)

January 1, 2016
authors profile image
January 1, 2016
Here I am sharing the method of cracking cpanel using B-F Config Panel. First You Need to upload a shell and create a new dir there (here i named it - nepal) Big Grin Requirement: 1. .htaccess 2. jaguar.pl 3. B-F config panel Thanks to Madcode Here We Begins https://s7.postimg.org/deqhbdlff/screenshot\_247.png Upload .htaccess and jaguar.pl in same dir and change the chmod of jaguar.pl to 0755 http://s7.postimg.org/9wehezkjf/screenshot\_248.png http://s7.postimg.org/f97x6uxtn/screenshot\_249.png Now, Go back to public\_html and upload B-F config scripts there Smile Now go to (etc/passwd) Copy all the details and go back to the dir (nepal) open jaguar.pl and paste all the details After success you will got the message of DONE After that you will got the lots of .txt files in that same dir (NEPAL) http://s7.postimg.org/bqvxagwxn/screenshot\_251.png Open the page of B-F which we have uploaded earlier in public\_html and paste there the link of dir where we uploaded jaguar.pl (Nepal) http://s7.postimg.org/4oxzo9tbv/screenshot\_252.png Now after that, If you did all good you will get cpanels Good Luck http://s7.postimg.org/gs3bbu4e3/screenshot\_253.png **SCRIPTS WE NEEDED**1. .htaccess ```Options all DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any``` 2. jaguar.pl Google or pastebin it 3. BF Config Google or pastebin it Greetz : Fawad, Nirmal, Root Nepal, Nepal CYber Army Thanks I've seen a lot of these exact attacks in my current position. Symlink bombs (Symlink Race Condition) tend to not be too successful against properly configured cPanels as they A) have built in symlink bomb detection/prevention now (patched last year), and B) don't have the permissions and ownership to allow it by default since most hosts straight up disable SymLinksIfOwnerMatch at the root level because it is unnecessary due to the aforementioned permissions and ownership, however there's always someone who thinks they need 777.
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry