Skip to content

Instantly share code, notes, and snippets.

Avatar

MZorzy MZorzy

View GitHub Profile
View Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@LoranKloeze
LoranKloeze / whatsapp_phone_enumerator_floated_div.js
Last active Dec 14, 2020
PoC WhatsApp enumeration of phonenumbers, profile pics, about texts and online statuses (floated div)
View whatsapp_phone_enumerator_floated_div.js
/****** I've created a Chrome extension from this script, take a look at https://github.com/LoranKloeze/WhatsAllApp ********/
/******************** Keep in mind: this script is frozen. Check the url mentioned above. **********************************/
/******************** Keep in mind: this script is frozen. Check the url mentioned above. **********************************/
/******************** Keep in mind: this script is frozen. Check the url mentioned above. **********************************/
/******************** Keep in mind: this script is frozen. Check the url mentioned above. **********************************/
/******************** Keep in mind: this script is frozen. Check the url mentioned above. **********************************/
/******************** Keep in mind: this script is frozen. Check the url mentioned above. **********************************/
// Was this script of any use for you? Please consider a donation. It has taken me a lot of time to figure this
anonymous
anonymous / GAME_MASTER_v0_1.protobuf
Created Jul 16, 2016
Pokemon Go decoded GAME_MASTER protobuf file v0.1
View GAME_MASTER_v0_1.protobuf
Result: 1
Items {
TemplateId: "BADGE_BATTLE_ATTACK_WON"
Badge {
BadgeType: BADGE_BATTLE_ATTACK_WON
BadgeRanks: 4
Targets: "\nd\350\007"
}
}
Items {
@djaiss
djaiss / gist:85a0ada83e6bca68e41e
Last active Jan 16, 2021
Block Twitter/Facebook in your /etc/hosts
View gist:85a0ada83e6bca68e41e
# Block Facebook IPv4
127.0.0.1 www.facebook.com
127.0.0.1 facebook.com
127.0.0.1 login.facebook.com
127.0.0.1 www.login.facebook.com
127.0.0.1 fbcdn.net
127.0.0.1 www.fbcdn.net
127.0.0.1 fbcdn.com
127.0.0.1 www.fbcdn.com
127.0.0.1 static.ak.fbcdn.net