Skip to content

Instantly share code, notes, and snippets.

MZorzy MZorzy

Block or report user

Report or block MZorzy

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@LoranKloeze
LoranKloeze / whatsapp_phone_enumerator_floated_div.js
Last active Dec 20, 2019
PoC WhatsApp enumeration of phonenumbers, profile pics, about texts and online statuses (floated div)
View whatsapp_phone_enumerator_floated_div.js
/****** I've created a Chrome extension from this script, take a look at https://github.com/LoranKloeze/WhatsAllApp ********/
/******************** Keep in mind: this script is frozen. Check the url mentioned above. **********************************/
/******************** Keep in mind: this script is frozen. Check the url mentioned above. **********************************/
/******************** Keep in mind: this script is frozen. Check the url mentioned above. **********************************/
/******************** Keep in mind: this script is frozen. Check the url mentioned above. **********************************/
/******************** Keep in mind: this script is frozen. Check the url mentioned above. **********************************/
/******************** Keep in mind: this script is frozen. Check the url mentioned above. **********************************/
// Was this script of any use for you? Please consider a donation. It has taken me a lot of time to figure this
anonymous
anonymous / GAME_MASTER_v0_1.protobuf
Created Jul 16, 2016
Pokemon Go decoded GAME_MASTER protobuf file v0.1
View GAME_MASTER_v0_1.protobuf
Result: 1
Items {
TemplateId: "BADGE_BATTLE_ATTACK_WON"
Badge {
BadgeType: BADGE_BATTLE_ATTACK_WON
BadgeRanks: 4
Targets: "\nd\350\007"
}
}
Items {
You can’t perform that action at this time.