Plesk Control Panel Credential Gatherer



The script below is one that i made a couple of years back actually during my time working as a senior dedicated server engineer over at Webfusion.

Webfusion moved from an in house custom control panel to a more commercial managed or unmanaged environment.

This move made the majority of all newly provisioned servers run Parallel’s Plesk as a control panel.

Now besides from working at Webfusion I had (have) my side business of which some of my own clients ran on the same Parallel’s Plesk control panel. So for ease of management for myself i created this little script that meant i could pull the users and passwords out of Plesk’s database with reletive ease.

Is this insecure you ask? Well, the way i implemented the script on each individual server i managed personally, it meant that to run the script, you needed to be root on the box. And if someone has root on your box, you have other things to worry about.

By design plesk stores most configuration settings, credentials etc.. within the PSA database. Of which the password is in plain text on the server.

Simply calling ‘admin’ as the username and specifying the contents on this file is enough to get you full root access to the database.

[root@server ]# mysql -u admin -p`cat /etc/psa/.psa.shadow`

Welcome to the MySQL monitor.Commands end with ; or \g.
Source distribution Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates.
Other names may be trademarks of their respective owners.

mysql>

So thats exactly what my script is doing.

After  about Plesk version 10, Parallel’s decided that maybe this is not such a great idea. And so subsequently went on to encrypt the password inside the text file. However, you could still issue the exact same command to access MYSQL.

What they still hadn’t done is encrypt the passwords for the FTP, Email and Customer accounts that it stores in the database. Which is why my script became so handy. I could quickly pull the credentials i needed when a customer required them.

In Plesk 10.3 and above i believe that they then took the decision to encrypt the contents within the database. i have yet to implement the part of the script to decrypt this.



The script can be found here:

Comments

  1. Very nice work keep it up please share information about best plesk service provider

    ReplyDelete

Post a comment

Popular posts from this blog

Null Session Domain Controller Enumeration

MS15-034: Vulnerability in HTTP.sys Could Allow Remote Code Execution

NetBIOS / NBNS Spoofing