Hi everyone. I own two domains, one registered with NameCheap and one with GoDaddy. Since I own the sites I wanted to 1. Test/learn my abilities and 2. Test the security. Does anyone know how I would go about finding the cpanel and gaining access to it? Thanks.
-Grinning Veil
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
Forum Thread:
How to Hack School Website
11
Replies
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
Forum Thread:
Hacking with Ip Only Part [1] { by : Mohamed Ahmed }
5
Replies
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
How To:
Brute-Force FTP Credentials & Get Server Access
How To:
Create a Persistent Back Door in Android Using Kali Linux:
How To:
Hunt Down Social Media Accounts by Usernames with Sherlock
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
How To:
Scan for Vulnerabilities on Any Website Using Nikto
How To:
Use Ettercap to Intercept Passwords with ARP Spoofing
Tutorial:
Create Wordlists with Crunch
How To:
Target Bluetooth Devices with Bettercap
How To:
Hack WPA & WPA2 Wi-Fi Passwords with a Pixie-Dust Attack Using Airgeddon
How To:
Crack SSH Private Key Passwords with John the Ripper
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
How To:
Crack Shadow Hashes After Getting Root on a Linux System
BT Recon:
How to Snoop on Bluetooth Devices Using Kali Linux
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
How To:
Spy on Traffic from a Smartphone with Wireshark
How To:
Hack Coin-Operated Laudromat Machines for Free Wash & Dry Cycles
Hacking Windows 10:
How to Dump NTLM Hashes & Crack Windows Passwords
13 Responses
Also both are hosted on their servers not mine. Forgot to mention that.
Sorry for replying to you late. I can't seem to find the message button on the wonder how to site. The Nethunter itself(the App) can generate msfvenom payloads, perform nmap scans, connect to a wifi pineapple via OTG, and manage your kali chroot.
There are several custom tools such as https://pentest-tools.com/home
"fuzzers" are used to find hidden admin panels and the likes. From there you can brute force the login, or social engineer it.
Thanks and sorry if I'm asking dumb questions.
That's alright! Everyone begins somewhere.
For most websites, you can find your cpanel on visiting the ports 2082 and 2083. Or sometimes, you get redirected by visiting directories which require authentication.
For eg - http://victim.com:2082
Or redirect method- http://victim.com/cpanel/ http://victim.com/phpmyadmin/
You can either bruteforce the panel (the hard and time consuming way) or else try to scan the website for other vulnerabilities like sql injection, LFI, XSS, etc. and hence find the credentials for not only cpanel, but the database, the hosting server, or any other hosted service.
P.S: There's no need to be sorry bro. There's nobody who knows everything right... And we're here to help, not judge! :)
Thanks everyone for the quick replies! I found the cpanel for my namecheap domain (hosted on namecheap) with http://domain:2082 but it didn't work for the godaddy domain. /phpmyadmin or /cpanel didn't work either. Are there any other ways to try. Also if I didn't know which company is hosting it (if it were someone else's website) is there a way to find out? Lastly, you said I can scan the website. How do I do that. Thanks SO much for all of your help.
There could be a lot of solutions, to find the cpanel. Though it's rather difficult if we have zero reconnaissance about our target. First we gain info, then we decide what exploits we use. I could help better if you could share the target maybe.
Else I could suggest you other options tomorrow. I have an exam tomorrow.. I gotta study. :P
On the other hand about scanning, their are different techniques to check different vulnerabilities.
Say SQL Injection can be checked if, you have a dynamic parameter in your website's get request, add ' at the end of the value, it would show an error. For eg, in a URL, http://target.com/index.php?id=1
Add ' after 1, an error would appear. Here id is a vulnerable parameter.
But, it depends on the web application, if it is hosting such content, and also the way it sanitizes the input. First, we analyse the applications it uses, then go for exploiting the application. Again we have several exploits of different things. Could be better if you could share more information about the target. You can PM me if you like.
Happy to help! :)
Check the link I posted. Basically it brute forces through a list of directories, adding onto the site.
i.e msn.com/admin then msn.com/cpanel and so on, until it runs out of options or finds a match
I have used https://pentest-tools.com/ quite a lot and it might help bro. But, it has some problems too.
1.) If you traverse the directories of a website you don't have permission to test, is illegal.
2.) It creates the log of your computer's info, and I what I mean by that is, not only ip, they even log your mac address, track location, as their is risk for their own company, while bruteforcing the directories.
3.) You only get 40 credits a day.... URL fuzzer provides you with excellent results no doubt, but you can only perform it 4 times a day, provided you don't perform any other free-to-use scans they allow, like port scanner.
Still it is a great tool. But never let yourself at risk if you are a hacker, as you can always find better solutions! :)
P.S: I am not saying it's bad. Thumbs up to you for the post. But, their can be better options available. #NoOffense
I mean you could just code your own, but if I'm out on the go it's a nice alternative to test my own websites or such.
If you are pentesting a company, then it's perfectly fine.
What other options are there to bypass cPanel admin log in?
How do I brute force the cPanel if I may ask? I did try a couple SQL injection method and none worked
Share Your Thoughts