Change cPanel’s email password through command line

This script will help you change any email’s account password without using cPanel, this is done through the command line. It was written in PHP but mostly uses shell commands so I guess it was easier to use elements from both worlds.

Use it at your own risk, this script requires to be executed as root and was done for educational purposes.

 <?php

// Inspired on	the following articles:
// https://cpanelgeek.wordpress.com/2015/08/26/resetting-email-account-password-from-command-line-in-cpanel/
// http://www.sudosu.in/2013/11/cpanel-bash-script-to-change-password_11.html

if (!isset($argv[1])) die("Usage: $argv[0] full@email [password]\n");

// generate random 8 character password
if (!isset($argv[2])) {
  $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!.-@';
  $argv[2] = substr(str_shuffle($chars),0,8);
}

// validate email contains at least a @ and break it
if (!preg_match("/\@/",$argv[1])) die("Invalid Email!\n");
list($name,$domain) = explode("@",trim($argv[1]));

// get domain owner
$user = trim(exec("/scripts/whoowns $domain"));
if (!$user) die("Invalid Domain!\n");

// encrypt password
$cpass = trim(exec("openssl passwd -1 '$argv[2]'"));
//echo "$name @ $domain with $argv[2] $cpass\n";

// get home folder
$path = trim(exec("grep \"^$user:\" /etc/passwd | cut -d\":\" -f6"));

// get shadow line and prepare it
$shadow = "$path/etc/$domain/shadow";
$tmpshadow = $shadow . ".tmp";
$rest = trim(exec("grep \"^$name:\" $shadow | cut -d\":\" -f3-"));
if (!$rest) die("Email $argv[1] does not exist!\n");

// create tmp shadow file without the user's email
exec("grep -v \"^$name:\" $shadow --------> $tmpshadow");
exec("chown $user:$user $tmpshadow");
exec("chmod 640 $tmpshadow");

// add the new user's password
exec("echo '$name:$cpass:$rest' >> $tmpshadow");

// swap shadow files and backup the old one
exec("mv $shadow $shadow".".".time());
exec("mv $tmpshadow $shadow");
echo "$argv[1] password changed to: $argv[2]\n";
?>

Save it as change_password.php and execute it to see how to use it: php change_password.php

PHP Generate Random Passwords

This is a small script written in PHP which will help you to generate N passwords of N length in less than 1ms 😛

Make sure you have PHP installed, then copy this code to a file called randompass.php

#!/usr/bin/php -q
<?
// no i,l,o keep passwords easy
$chars = "abcdefghjkmnpqrstuvwxyz0123456789";
$passlen = (intval($argv[1])? intval($argv[1]):6);
$passnum = (intval($argv[2])? intval($argv[2]):1);

echo "Generating $passnum passwords of $passlen letters/numbers\n";
// feed the random God :P
srand(((int)((double)microtime()*1000003)));

for ($i=1;$i<=$passnum;$i++) _gen_pass();

function _gen_pass() {
  global $chars, $passlen;
  $cnt = 1;
  while ($cnt <= $passlen) {
    $myrand = rand() % 33;
    $tmp = substr($chars, $myrand, 1);
    if (rand(0,1)) $tmp = strtoupper($tmp);
    $pass = $pass . $tmp;
    $cnt++;
  }
  echo $pass . "\n";
}

?>

Now you have the file don’t forget to make it executable:

chmod +x randompass.php

How it works? See some examples:

Usage: ./randompass.php [password_length] [password_number]

# The default execution will drop 1 password of 6 letters/numbers
./randompass.php
Generating 1 passwords of 6 letters/numbers
9hBEq1

# want 5 passwords of 12 letters/numbers ?
./randompass.php 12 5
Generating 5 passwords of 12 letters/numbers
ug5Tj8fP3w26
Tn9fnSjy2PmJ
NRqC6m8J0svn
YFQ6g3WnHH8r
ds56SnQvsBEq

That’s all, use it for what you need, don’t try to break it or find stupid bugs 😛