btcinfo  

Hic inserere motto

Enumerating geth nodes for fun and profit

June 13, 2018 — shinohai

Step 1: Download GETH and build it inside a chroot.

Step 2: Fire up geth and wait for the ethereum database to load.

Step 3: Enumerate peers running misconfigured clients and rpc consoles by running an insecure instance yourself:

dibbuk# ./geth --rpc --rpcaddr 0.0.0.0 --rpcapi, db,eth,net,web3 --dev console

Step 4: Profit. I quickly found 22 nodes listening for the entire world on port 8545, ~60% of these were located on Chinese and other South Asian mining farms. For bonus lulz you can leverage the power of virtual shrimp mining to disrupt the network whilst you pilfer the funds from vulnerable wallets.

At the time of this post, the addresses below are confirmed to have received around $22 million USD in ETH liberated by enterprising crypto pirates, and the figures still climb despite warnings not to do this shit since March:

0x09d6fd506b7eb4102182d8e4d9a3d8f3dbfa499b 
0x1234567461d3f8db7496581774bd869c83d51c93 
Ox15e4cf195Offa338ce5bc59456b3e579ed1bead3 
0x397aa69c17a7cc405a3aeeeb223158109b037d5b
0x3d985fd71a21256c7d2b618ab8a1896f10f64fcd 
0x4e0603e2a27a30480e5e3a4fe548e29ef12f64be 
0x519475b31653e46d20cd09f9fdcf3b12bdacb4f5 
0x6ef57be1168628a2bd6c5788322a41265084408a 
0x7097f41f1c1847d52407c629d0e0ae0fdd24fd58 
0x72adadb447784dd7ab1f472467750fc485e4cb2d 
0x7b09ff6548f03512dfe63a09a2673b9c25476482 
0x85545528f1d72912558f9ef72296c404afd4b18d 
0x8e4fbe2673e154fe9399166e03e18f87a5754420 
0x8f760bc9bd9748fc61c7b60ea8033037f37d44d5 
0x957cd4ff9b3894fc78b5134a8dc72b032ffbc464 
0x9b11efcaaa1890f6ee52c6bb7cf8153ac5d74139 
0x9fe173573b3f3cf4aebce5fd5bef957b9a6686e8 
0xafecd96855ec6324d7cde57babb775676e560441 
0xc1e42aa688977d386a6ce15de741e3c34ff0c500 
Oxd26114cd6ee289accf82350c8d8487fedb8a0c07 
0xe386e3372e3d316ae063af50c38704ec6fba5149

Lesson: Trust your finances to garbage written in golang with a javascript console at your peril.

Tags: Bitcoin, Cryptocurrency, Insecurity, Lulz