Critical Vulnerability Discovered in uTorrent

**Logitech** · 25.08.08, 16:55

Originally Posted by Aurion

won't hurt anybody for sure

This is what allmost everyone says.
After you know one and other you will become something they refferer to "Grey Hat".

If I should think of the best possible way to hide sometime in a torrent.

Just make a torrent file for example. Step Brothers.

Find a way that the server.exe file is not showed in the file list and not counted to the complete file size.
And when it download the server.exe file that is counted by the trowed away download(don't know what the real name is).

When you do something like this It will look like you just downloaded some corrupt bytes while you actually downloaded server.exe

If you do it like this (or slight different) the .torrent file won't be like 12mb and you don't have to find somekind of way to compress the torrent file.

[offtopic]Aurion leave reppy alone. LEAVE HIM ALONE.
He haven't done you anything LEAVE HIM ALONE. [/offtopic]

**Aurion** · 25.08.08, 19:43

Find a way that the server.exe file is not showed in the file list and not counted to the complete file size.
And when it download the server.exe file that is counted by the trowed away download(don't know what the real name is)

and that way should be called ??

I do want to get into this part especially that reducing a .torrent file size to a normal 20~100kbs is something great (for sure when it also includes those bad bytes known as the shellcode) and challengeable that every coder should learn...

If you do it like this (or slight different) the .torrent file won't be like 12mb and you don't have to find somekind of way to compress the torrent file

Good Boy,you got to understand me now

[offtopic]Aurion leave reppy alone. LEAVE HIM ALONE.
He haven't done you anything LEAVE HIM ALONE. [/offtopic]

I didn't do anything to hom Boy !! Im just sad to leave such a decent Username

**anon** · 25.08.08, 20:52

Originally Posted by Logitech

This is what allmost everyone says.
After you know one and other you will become something they refferer to "Grey Hat".

Originally Posted by Wikipedia

A grey hat, in the hacking community, refers to a skilled hacker who sometimes acts legally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.

Yes, it would more or less apply to this exploit and how we plan to use it...

If I should think of the best possible way to hide sometime in a torrent.

Just make a torrent file for example. Step Brothers.

Find a way that the server.exe file is not showed in the file list and not counted to the complete file size.
And when it download the server.exe file that is counted by the trowed away download(don't know what the real name is).

When you do something like this It will look like you just downloaded some corrupt bytes while you actually downloaded server.exe

If you do it like this (or slight different) the .torrent file won't be like 12mb and you don't have to find somekind of way to compress the torrent file.

Like "wasted" data in uT, but having it being recorded to the HDD and run from there? It's a nice idea, if it's possible.

[offtopic]Aurion leave re**y alone. LEAVE HIM ALONE.]
He haven't done you anything LEAVE HIM ALONE. [/offtopic]

It's too late man

Au has won the battle

@Aurion: it depends on the torrent's size. .torrent metadata can weight as little as 242B or as much as 142kB (in this case, the extra shellcode KBs will surely pass unnoticed

)

**Aurion** · 25.08.08, 23:54

Originally Posted by anon

It's too late man

Au has won the battle

LOL Hell yeah,he got wated already

@Aurion: it depends on the torrent's size. .torrent metadata can weight as little as 242B or as much as 142kB (in this case, the extra shellcode KBs will surely pass unnoticed

)

hmm,sounds like its going to happen soon,that what I meant earlier guys,just to get the main .torrent file's fram to a lesser size than the shellcode's itself,so that a normal .torrent file would flow among trackers,downloadable,injected with that shellcode in just a few bytes to get unnoticed

**anon** · 26.08.08, 23:24

Say our shellcode's size is 8kB. Here's when it'd be noticeable:

(the torrent's content is 36KB)

And here's when it wouldn't

(torrent's content = 28.4GB)

**Aurion** · 27.08.08, 01:28

for sure,the difference is such a noticeable big one,oh well.. but still it can be compressed by somehow,anon I do believe that everything could be done regarding PC sneaks-in/backdoors

**anon** · 27.08.08, 01:32

But it's already 8kB, and it's written in Assemb-
oh wait, I didn't try UPXing it, which would make it even smaller.

[PI]

**Logitech** · 27.08.08, 09:14

but if you try upxing the torrent/ injected file it can be that the file maybe stop with working.

It happened to be before.
I packed a .dll that was recognized and then the main program that used that .dll couldn't read it anymore.

**anon** · 27.08.08, 14:04

Originally Posted by Logitech

I packed a .dll that was recognized and then the main program that used that .dll couldn't read it anymore.

Did your packing program strip the relocation tables from the DLL?
Like 99% of programs won't work if those are removed...

**Logitech** · 27.08.08, 17:28

The .dll just have to be in the same dictory as the main program.
Maybe you know the program WPE PRO.

**anon** · 27.08.08, 17:54

Originally Posted by Logitech

The .dll just have to be in the same dictory as the main program.

Yes, I knew this

I meant that if you enable the option "strip reloc tables" in your packing program, the app using the (now packed) DLL most likely won't work.
So you can disable that option to increase compatibility while still being able to compress the .dll

Maybe you know the program WPE PRO.

Winsock packet editor?

**Logitech** · 27.08.08, 20:46

Originally Posted by anon

Winsock packet editor?

yea, that is it.
I use it for a online game I often play.
It's funny what you can do with a packet editor when used good

.

**anon** · 27.08.08, 20:48

Oh yes, I do ;/
Specially in those where like 90% of the processing is done client-side: the weakest weapon can hit for 99999 damage, you can teleport, etc...