Bitcoin / Crypto Node
aka bitcoind, crypto
A Bitcoin (or similar) full node — P2P on 8333 and a JSON-RPC interface on 8332. If RPC is exposed with weak creds you can query the node and, where a wallet is loaded, read balances and addresses.
Ports
| Port | Proto | Notes |
|---|---|---|
8333 | tcp | P2P network |
8332 | tcp | JSON-RPC |
Fingerprint
- P2P version handshake on 8333
- RPC returns node info to getblockchaininfo/getnetworkinfo
Key files
| Path | Holds | Sensitive |
|---|---|---|
~/.bitcoin/bitcoin.conf | rpcuser / rpcpassword | sensitive |
wallet.dat | private keys | sensitive |
Exploitation primitives
- P2P node enumeration (version, peers) on 8333
- Exposed RPC (8332) with weak rpcuser/rpcpassword → query the node
- If a wallet is loaded, read addresses/balances; loot wallet.dat for keys
Overview
A crypto full node speaks P2P on 8333 and JSON-RPC on 8332. The interesting target is an exposed RPC endpoint with weak credentials.
Enumeration
P2P version/peers:
nmap -p8333 --script bitcoin-info <TARGET>Query RPC (with creds from bitcoin.conf):
curl --user rpcuser:rpcpass --data '{"method":"getblockchaininfo"}' http://<TARGET>:8332/Hardening
Bind RPC to localhost, use a strong rpcauth, and protect wallet.dat/bitcoin.conf.