The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Change All Cpanel User Passwords

Discussion in 'Security' started by acidstudioz, May 11, 2012.

  1. acidstudioz

    acidstudioz Active Member

    Joined:
    Feb 13, 2006
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Hello All,

    My server was recently compromised by a hacker which installed some malware on the server, and after cleaning up, I wanted to change all users passwords on the server since many of them had be compromised. I searched around and it came down to I needed to use the api to do this couldn't find any scripts, so I took the time and throw a quick php script together to get the job done.

    Hope this helps someone

    You can change the password length by changing the number in this function call $pass = random_gen(12);

    And you can run the code and save the passwords by doing

    Code:
    php nameofscript.php > newpasswords.csv

    PHP:
    <?

    $whmusername "root";
    $whmpassword "password";
    $domain "domain.com";


    $query "https://".$domain.":2087/json-api/listaccts";

    $curl curl_init();        
    curl_setopt($curlCURLOPT_SSL_VERIFYPEER,0);    
    curl_setopt($curlCURLOPT_SSL_VERIFYHOST,0);     
    curl_setopt($curlCURLOPT_HEADER,0);            
    curl_setopt($curlCURLOPT_RETURNTRANSFER,1);    
    $header[0] = "Authorization: Basic " base64_encode($whmusername.":".$whmpassword) . "\n\r";
    curl_setopt($curlCURLOPT_HTTPHEADER$header);  
    curl_setopt($curlCURLOPT_URL$query);            
    $result curl_exec($curl);

    if (
    $result == false
    {
        
    error_log("curl_exec threw error \"" curl_error($curl) . "\" for $query");    
    }
    curl_close($curl);

    $result json_decode($result);

    foreach (
    $result->acct as $acct)
    {
        
    $user $acct->user;
        
    $pass random_gen(12);
        
    $query2 "https://".$domain.":2087/json-api/passwd?user=".$user."&pass=".$pass;

        
    $curl2 curl_init();        
        
    curl_setopt($curl2CURLOPT_SSL_VERIFYPEER,0);    
        
    curl_setopt($curl2CURLOPT_SSL_VERIFYHOST,0);     
        
    curl_setopt($curl2CURLOPT_HEADER,0);            
        
    curl_setopt($curl2CURLOPT_RETURNTRANSFER,1);    
        
    $header[0] = "Authorization: Basic " base64_encode($whmusername.":".$whmpassword) . "\n\r";
        
    curl_setopt($curl2CURLOPT_HTTPHEADER$header);  
        
    curl_setopt($curl2CURLOPT_URL$query2);            
        
    $result2 curl_exec($curl2);
        
    curl_close($curl2);

        
    $result2 json_decode($result2);

        if(
    $result2->passwd[0]->status == 1)
        {
            echo 
    '"'.$user.'","'.$pass.'"'."\n";
        }
    }

    function 
    random_gen($length)
    {
      
    $random"";
      
    srand((double)microtime()*1000000);
      
    $char_list "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
      
    $char_list .= "abcdefghijklmnopqrstuvwxyz";
      
    $char_list .= "1234567890";
      
    $char_list .= "!@#$%^*";
      
    // Add the special characters to $char_list if needed

      
    for($i 0$i $length$i++)  
      {    
         
    $random .= substr($char_list,(rand()%(strlen($char_list))), 1);  
      }  
      return 
    $random;

    ?>
     
    #1 acidstudioz, May 11, 2012
    Last edited: May 11, 2012
  2. koky_cola

    koky_cola Member

    Joined:
    Mar 11, 2010
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    You can change all the passwords of the cpanel and ftp accounts on the server by this script :

    1- creat sh file with the name chpass.sh
    touch chpass.sh

    2- open the chpass.sh file and put this lines in it , then save it
    Code:
    ls -1 /var/cpanel/users | while read user; do 
    pass=`</dev/urandom tr -dc "A-Za-z0-9*-/+.*=_\|\\#" | head -c16`
    echo "$user $pass" >> passwords.txt
    /scripts/realchpass $user $pass
    /scripts/ftpupdate
    done
    
    3- then change the permission of the file
    Code:
    chmod +x chpass.sh
    
    4- then Run the script
    Code:
    sh chpass.sh
    
    this script will change all the passwords of cpanel and ftp accounts , and with creat text file with the name " passwords.txt" contains the new passwords

    so after runing the script just cat the file to see the passwords
    Code:
    cat  passwords.txt
    

    Regards ,
    Ahmed kholief .
     
Loading...

Share This Page