Ready to Start Your Career?


Author's profile image

January 1, 2016

Here I am sharing the method of cracking cpanel using B-F Config Panel. First You Need to upload a shell and create a new dir there (here i named it - nepal) Big Grin Requirement: 1. .htaccess 2. 3. B-F config panel Thanks to Madcode Here We Begins\_247.png Upload .htaccess and in same dir and change the chmod of to 0755\_248.png\_249.png Now, Go back to public\_html and upload B-F config scripts there Smile Now go to (etc/passwd) Copy all the details and go back to the dir (nepal) open and paste all the details After success you will got the message of DONE After that you will got the lots of .txt files in that same dir (NEPAL)\_251.png Open the page of B-F which we have uploaded earlier in public\_html and paste there the link of dir where we uploaded (Nepal)\_252.png Now after that, If you did all good you will get cpanels Good Luck\_253.png **SCRIPTS WE NEEDED**1. .htaccess ```Options all DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any``` 2. Google or pastebin it 3. BF Config Google or pastebin it Greetz : Fawad, Nirmal, Root Nepal, Nepal CYber Army Thanks I've seen a lot of these exact attacks in my current position. Symlink bombs (Symlink Race Condition) tend to not be too successful against properly configured cPanels as they A) have built in symlink bomb detection/prevention now (patched last year), and B) don't have the permissions and ownership to allow it by default since most hosts straight up disable SymLinksIfOwnerMatch at the root level because it is unnecessary due to the aforementioned permissions and ownership, however there's always someone who thinks they need 777.
Schedule Demo