This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Antes de nada: | |
## Instalar tor y un servidor apache | |
sudo apt-get install tor apache2 | |
—------------------ | |
## Te haces administrador | |
sudo su | |
## Manejo configuración TOR |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Encode inputfile.tar.gz as a series of video frames | |
# Frames are written to frames/frameNNNN.png | |
from PIL import Image | |
with open('inputfile.tar.gz', 'rb') as f: | |
data = f.read() | |
WIDTH = 120 | |
HEIGHT = 90 | |
CHUNK_SIZE = int((WIDTH * HEIGHT) / 8) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* So how does this work? | |
I'm using ANSI escape sequences to control the behavior of the terminal while | |
cat is outputting the text. I deliberately place these control sequences inside | |
comments so the C++ compiler doesn't try to treat them as code.*/ | |
//[2K[2D[A[2K[A[2K[A[2K[A[2K[A | |
/*The commands in the fake code comment move the cursor to the left edge and | |
clear out the line, allowing the fake code to take the place of the real code. | |
And this explanation uses similar commands to wipe itself out too. */ | |
//[2K[2D[A[2K[A[2K[A[2K[A | |
#include <cstdio> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
undefined4 FUN_004013f0(char *param_1) | |
{ | |
int iVar1; | |
char *__s1; | |
uint local_254; | |
undefined4 local_250 [3]; | |
char local_244; | |
undefined auStack579 [51]; | |
undefined4 local_210; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/env ruby | |
# NOTE: Requires Ruby 2.1 or greater. | |
# This script can be used to parse and dump the information from | |
# the 'html/contact_info.htm' file in a Facebook user data ZIP download. | |
# | |
# It prints all cell phone call + SMS message + MMS records, plus a summary of each. | |
# | |
# It also dumps all of the records into CSV files inside a 'CSV' folder, that is created |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <FS.h> | |
#include <ESP8266WiFi.h> | |
#include <WiFiClientSecure.h> | |
#include <PubSubClient.h> | |
#include <time.h> | |
// Insert your FQDN of your MQTT Broker | |
#define MQTT_SERVER "mqtt.srvx1.local" | |
const char* mqtt_server = MQTT_SERVER; |
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru
NetworkManager supports WiFi powersaving but the function is rather undocumented.
From the source code: wifi.powersave can have the following value:
- NM_SETTING_WIRELESS_POWERSAVE_DEFAULT (0): use the default value
- NM_SETTING_WIRELESS_POWERSAVE_IGNORE (1): don't touch existing setting
- NM_SETTING_WIRELESS_POWERSAVE_DISABLE (2): disable powersave
NewerOlder