[Cpanel Blog] Change All Cpanel User Passwords May,2012

Hello All,

My server was recently compromised by a hacker which installed some malware on the server, and after cleaning up, I wanted to change all users passwords on the server since many of them had be compromised. I searched around and it came down to I needed to use the api to do this couldn't find any scripts, so I took the time and throw a quick php script together to get the job done.

Hope this helps someone

You can change the password length by changing the number in this function call $pass = random_gen(12);

And you can run the code and save the passwords by doing

Code: php nameofscript.php > newpasswords.csv
PHP Code: <?

$whmusername = "root";
$whmpassword = "password";
$domain = "domain.com";


$query = "https://".$domain.":2087/json-api/listaccts";

$curl = curl_init();        
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);    
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);     
curl_setopt($curl, CURLOPT_HEADER,0);            
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);    
$header[0] = "Authorization: Basic " . base64_encode($whmusername.":".$whmpassword) . "\n\r";
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);  
curl_setopt($curl, CURLOPT_URL, $query);            
$result = curl_exec($curl);

if ($result == false) 
{
    error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");    
}
curl_close($curl);

$result = json_decode($result);

foreach ($result->acct as $acct)
{
    $user = $acct->user;
    $pass = random_gen(12);
    $query2 = "https://".$domain.":2087/json-api/passwd?user=".$user."&pass=".$pass;

    $curl2 = curl_init();        
    curl_setopt($curl2, CURLOPT_SSL_VERIFYPEER,0);    
    curl_setopt($curl2, CURLOPT_SSL_VERIFYHOST,0);     
    curl_setopt($curl2, CURLOPT_HEADER,0);            
    curl_setopt($curl2, CURLOPT_RETURNTRANSFER,1);    
    $header[0] = "Authorization: Basic " . base64_encode($whmusername.":".$whmpassword) . "\n\r";
    curl_setopt($curl2, CURLOPT_HTTPHEADER, $header);  
    curl_setopt($curl2, CURLOPT_URL, $query2);            
    $result2 = curl_exec($curl2);
    curl_close($curl2);

    $result2 = json_decode($result2);

    if($result2->passwd[0]->status == 1)
    {
        echo '"'.$user.'","'.$pass.'"'."\n";
    }
}

function random_gen($length)
{
  $random= "";
  srand((double)microtime()*1000000);
  $char_list = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
  $char_list .= "abcdefghijklmnopqrstuvwxyz";
  $char_list .= "1234567890";
  $char_list .= "!@#$%^*";
  // Add the special characters to $char_list if needed

  for($i = 0; $i < $length; $i++)  
  {    
     $random .= substr($char_list,(rand()%(strlen($char_list))), 1);  
  }  
  return $random;
} 
?>
Change All Cpanel User Passwords
Cpanel Blog Installing a UCC SSL Cert May,2012

Related Post