echo `ifconfig $(netstat -nr | grep -e default -e "^0\.0\.0\.0" | head -1 | awk '{print $NF}') | grep -e "inet " | sed -e 's/.*inet //' -e 's/ .*//' -e 's/.*\://'`
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Note: Based on http://justinhileman.info/article/reinstalling-php-on-mac-os-x/ | |
# Refer to the page in case of any issues | |
# Assumed that you have Brew install; else run the following commands | |
# xcode-select --install | |
# ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" | |
brew update && brew upgrade |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"fmt" | |
"io" | |
"os" | |
) | |
var path = "/Users/novalagung/Documents/temp/test.txt" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PHP | |
-------------------------------------------------------------- | |
Total Iterations: 10,000,000 | |
time(): 0.73976612091064 seconds (13,517,785/sec) | |
microtime(): 4.2245488166809 seconds (2,367,116/sec) | |
microtime(true): 1.2555038928986 seconds (7,964,929/sec) | |
HHVM | |
-------------------------------------------------------------- | |
Total Iterations: 10,000,000 |
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
extern crate image; | |
extern crate num_complex; | |
use std::fs::File; | |
use image::{ImageBuffer, Luma}; | |
use num_complex::Complex; | |
fn main() { | |
// for a 3 x 2 image: (-2,-1) to (1,1) |