Ameba Ownd

アプリで簡単、無料ホームページ作成

Barbara Greene's Ownd

Sickrage could not download torrent

2021.12.17 01:55






















This guide will show you how to add exceptions for those shows giving you trouble. I also go over how to enable Anime, Daily shows and other types with different naming schemes so you can fix SickRage not finding them.


SickRage runs on port by default so go into the web interface and click Shows. Choose your show here the public domain show Beverly Hillbillies that SickRage isn't currently finding episodes for and click the poster. Click the Edit button to change the pattern SickRage uses for searching torrents and usenet for the video title.


For me, the ideal setup is grabbing new content from usenet and backlog content from torrents with UsenetServer and its free VPN. You can adjust the priority of the providers by clicking on the blue double arrow and dragging them up as shown.


The SickBeard index doesn't require any user credentials and will get you a lot of fresh releases. I'm going to show you how to add custom providers first and then we'll return to this tab to sort the priority.


I am adding OZnzb as a custom search provider, this will work with any Newznab supported indexer which is most of them. You will need your API key. After you have added all your providers you will want to put them in priority order and control which will be used for daily searches new episodes that have not aired yet and backlog searches episodes that aired a while ago.


You need to put a check mark to enable the provider under Provider Priorities. I have put my OZnzb indexer first and told SickRage to only use it for daily searches. You are welcome to check backlog searches as well but because SickRage doesn't have proper failed download handling just yet, I advise you to use usenet indexers for daily searches of new episodes and torrents for old episodes. For Kickasstorrents I set it to Backlog searches only and Minimum seeders 5, you can lower the minimum seeds but you may get stalled or very slow downloads.


You can choose Confirmed downloads only to increase the quality reliability. Enable Season search fallback for grabbing entire seasons. Scroll down and click Save Changes. Post processing helps organize your files automatically.


SickRage can scan your download folder every X minutes, rename the episode and place it in the folder in which it belongs. Click the blue Post Processing button and then the Post Processing tab. Browse to the directory for SickRage to monitor.


This must be the directory your usenet downloader or torrent downloader is placing its files. Move is undesirable if you need to seed afterwards, then use Copy instead. If you don't have much space you can use a symbolic link which links from your original download directory to your final video archive folder.


Hard link is also an option on Linux and Windows but on Windows the hard link cannot span partitions. I left Postpone post processing enabled and Rename. Scroll down and check off Rename Episodes which will use the settings specified in the Episode Naming tab.


Check Unpack in case the episode is packed in rars, you will need to have an unrar program installed on your system. The tab Episode naming allow you to change how the episodes are renamed.


The default settings are fine. Uncheck Launch Browser if you don't want a browser to load each time SickRage starts up. Automatic Updates is also checked so SickRage will just autoupdate when it finds improvements. The Default indexer can be whatever you like. Scroll down and set your default TV show folder.


This should be the folder where all of your shows will end up. Click New. In your IMDB account create a list of the videos you watch and then scroll down to and right click on Export this list and copy the address.


Now Restart by going into the top right hand corner tool icon and choose Restart. You get these options, I will only cover adding a new show you do not already have in your library.


Once the injection point is found, the limit is pretty much our own imagination. I decided to exploit the instance by uploading a reverse shell and letting the victim host connect to a listening, attacker-controlled machine. The reverse shell is also in the project repository, together with the PoC code that implements this exploit, called sicksploit. Note : This exploit works only if there is at least one file to be post processed. If SickChill does not have any episode downloaded it will not execute the post processing at all, including the extra scripts, therefore not executing the payload.


Obviously, since the instance is open anyway, it is be possible to manually add a TV series episode and wait for it to be downloaded before running the exploit. As it is easy to see, SickChill does not complain and executes both the commands even though it adds extra arguments which is not a problem.


I have reported the vulnerability more than a month ago on 15th of December on the Github page of SickChill. Another interesting project that could be done, taking inspiration from this, is harvesting API keys for private trackers or Usenet logins from the configuration page, wherever these are displayed in plaintext. The amount of misconfigured services, even the most uncommon ones, is astonishing.


Simple, trivial I would say, exploits like this would allow an attacker to gain local access on hundreds of machines across the Internet. Needless to say, when configuring programs which do not have a strong security profile but also in general it is crucial not to expose such services to the Internet or -at the very least- configuring a strong authentication in front.


For any correction, feedback or question feel free to drop a mail to security [at]coolbyte[dot]eu. Disclaimer Everything that has been written or discussed here has purely educational purpose.


Knock, Knock, is SickChill home? If you have one, then you can run the script simply with: python sickown. XX is up. Additional scripts can be used, separated by Scripts are called after SickChill's own post-processing. Parameters that are passed: argv[0]: File-path to Script argv[1]: Final full path to the episode file argv[2]: Original full path of the episode file argv[3]: Show indexer ID argv[4]: Season number argv[5]: Episode number argv[6]: Episode Air Date.


It might take a few minutes to actually get executed.