Skip to content

Instantly share code, notes, and snippets.

@Zenexer
Zenexer / Parsec vuln 140-1 CSRF.md
Last active February 15, 2018 02:58
Parsec CSRF vulnerability in version 140-1 and prior

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@Zenexer
Zenexer / Disable Windows Annoyances.md
Last active May 15, 2024 14:23
Permanently disable Windows Defender and other annoyances in Windows.

Instructions

  • To disable a service, download Disable<Service>.reg and double-click to import. (Replace <Service> with the name of the service you want to disable.)
  • To re-enable a service, download Enable<Service>.reg and double-click to import. (Replace <Service> with the name of the service you want to enable.)

Note that if you save the files by copying them into a text editor, they may need to be saved with Windows-style line endings (\r\n).

Services

@Zenexer
Zenexer / authorized_keys
Last active January 9, 2024 04:01
My public keys, in OpenSSH format.
## BEGIN paul ##
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDqA95ZvPJJvrQYPC99ENK3gyAuT9f65IcGygT0icluYucZ9JU017gk/Qhw234PHTdt2ZzIrnC5Sju2ppX+b+oIrUtsc+QIF6lgkFVbv2ab6yvSJYkMWys08zygEmdr6ZfIq+1f92EXuSJ0M3tbRBnvmY4JxM1VBGeampNyMKddv2UgEEcjHMKQWlWrEc0syTQ7dLIHCaxqbRoy05+6jRrwyTgREQUh8RmBZJHKsHH73kHGla56ECrF5RWm1gDZToMZn+2aCJwMVqlB6VMEtHIF/1Xbv/akUCag8r7sbfz5GMtr5LdRPvULn/1z5LIGRVP7kAjU4Yr03OdqvfE9Nj8TtLCVigh7QJy8T2bCuplvcI1dvepI/5j9Xz2srB7m87puoM0rridJv1uIy3z0WrB5RHt6QeTQkT83+rrz7M9ejeBPxy6dQennJbWGC2YvgFmRTrNnZdtXArUN9GP/CACkHpk9JsrxmHZ2K/FqHR7/ezJrlloeZ4kCpYzQ9Vk7dobfR0m/fkDzU9iZQ1JpPem8ZMM5Rd/Mu0BmNHooyb9soxUcgBTGnESFDuCzGEZCCCnuYBDWh3G2vFcrCrrNBCTJ/N3iColHWLIqxGMU9l8iwpdY+Oyj5NSUFnOTSkQgRbzgo239zzcSigCUxuseD1up71ibZHW9fpreb39lEaROLQ== paul@0xA114C32065F79325
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFiz+mAZk9LIAjQwU4rf3v0qJApzzcQpbiriKVMSLP9v paul@0x5FE65994C25390B6
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIBAP+89+20USh6cjTJZtVzUmRWTFdJ1rtFbw/y5IirjJAAAAHHNzaDpwYXVsQFl1YmlLZXktNUMtMTMwNj