The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cpanel password

Discussion in 'General Discussion' started by unkn0wn, Feb 23, 2007.

  1. unkn0wn

    unkn0wn Guest

    i am a new user of cPanel
    i have 3 questions
    in adminstration login page
    when i entered my user and password , where my user & pass called from ?
    i mean where is the user&pass of cpanel in my host , /var/cpanel/xxx ?
    is it encrypted ?
    another question :
    when a hacker inside into one host , the first thing that he looking for is :
    /var/cpanel/accounting.log ~> to access another site on my server :(
    so how i can stop him ?
    he easily 'cat' the accounting.log and access to another sites on the server
    last question :
    can the hacker access the user&pass of the cpanel WITH OUT root access ?
    #1 unkn0wn, Feb 23, 2007
    Last edited by a moderator: Feb 23, 2007
  2. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Apr 7, 2006
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    It's a system level account. The username and password are in /etc/shadow for Linux systems and /etc/master.passwd on FreeBSD
    Change the perms on the file to be readable by root only. This is fixed in the EDGE version of cpanel (can't recall if fixed in other builds).
    Yes, in a variety of ways:

    1. Man in the middle attacks.
    2. Exploiting a security hole in 3rdparty software, which includes any web applications (e.g. WordPress, phpBB, MoveableType, etc).
  3. unkn0wn

    unkn0wn Guest

    thanks for answers , really complete and brief ...
    one more question :
    if hacker get Root access in my server ( by exploiting the kernel ) , then can he access to my cpanel password ?
    (except cracking the /etc/shadow by john the ripper , because this is the hard way !)
    so , is any another way except what i said to access my cpanel password ?
    if YES , can u explain me how ? and how i can block that way ?
    thanks again ...
    #3 unkn0wn, Mar 17, 2007
    Last edited by a moderator: Mar 17, 2007
  4. Lyttek

    Lyttek Well-Known Member

    Jan 2, 2004
    Likes Received:
    Trophy Points:
    If a hacker gets root access, your cpanel password is the *least* of your worries at that point...
  5. unkn0wn

    unkn0wn Guest

    sure , but...
    let me explain u :
    the hacker REALLY gets root access in server & changed my cPanel password !!!
    of course now i get back it (forgot password)
    and now i want to know how the hacker got cPanel password ?
    (except cracking the /etc/shadow)
    SO ?
  6. unkn0wn

    unkn0wn Guest

    no waY ???
  7. jugo

    jugo Active Member

    Nov 23, 2005
    Likes Received:
    Trophy Points:
    I have a feeling unkn0wn is trying a little bit of hacking of his own.
  8. unkn0wn

    unkn0wn Guest

    nice guess ! ;)
    but really listen to me :D
    i got root access from a server last night ( as i said by exploiting the kernel 2.6.10 with tinnes )
    ( i also video taped it )
    now i am root and i can do ...
    but i want to know how i can access to cpanel password
    i know here is NOT hacking site but i thought that if i ask it here , ...
    anyway , my goal is learning !
    thanQ :-*
    #8 unkn0wn, Mar 18, 2007
    Last edited by a moderator: Mar 18, 2007

Share This Page