Skip to content

Instantly share code, notes, and snippets.

☂️
Umbrella

rain1 rain-1

☂️
Umbrella
Block or report user

Report or block rain-1

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@rain-1
rain-1 / boot.S
Created Sep 30, 2018
GNU assembly bootloader
View boot.S
.code16
.global _start
_start:
cli
xor %ax, %ax
mov %ax, %ds
mov $msg, %si
cld
loop:
lodsb
@rain-1
rain-1 / dcs.rkt
Last active Sep 17, 2019
Dotted Canonical S-expressions - DCSexps
View dcs.rkt
#lang racket
;; printing s-exps as DCS and TDCS, plus examples of what DCS and TDCS look like
(define (dcs l)
(cond ((pair? l)
(begin
(display ".")
(dcs (car l))
(dcs (cdr l))))
View build bash 5.0!
#!/bin/bash
# do this first
# ./configure
#
echo '#include <sys/types.h>' >> config.h
CFLAGS="-DHAVE_CONFIG_H -DSHELL -g -O2 -Wno-parentheses -Wno-format-security -DRCHECK -Dbotch=programming_error -DMALLOC_DEBUG"
##
View mrx.js
var text = "foobar";
text = text.replace(/o/g, "a");
text = text.replace(/a/g, "x");
document.write(text);
var text = "foobar";
View isqrt.c
#include <stdio.h>
#include <stdint.h>
uint64_t myisqrt(uint64_t n) {
int i;
uint64_t r, tmp;
r = 0;
for(i = 64/2-1; i >= 0; i--) {
tmp = r | (1 << i);
@rain-1
rain-1 / example.tsv
Last active May 23, 2019
Tab Separated Values file format specification version 2.0
View example.tsv
Name Age Address
Paul 23 1115 W Franklin
Bessy the Cow 5 Big Farm Way
Zeke 45 W Main St
@rain-1
rain-1 / makesfile
Created Apr 10, 2018
example makesfile to build jq
View makesfile
#!/bin/sh
set -e
set -x
function clean {
rm -f src/version.h
rm -f src/builtin.inc
rm -f src/*.o
rm -f jq
}
View Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@rain-1
rain-1 / wcry.md
Created May 12, 2017 — forked from anonymous/wcry.md
wcry.md
View wcry.md

Ransomware attack hits UK NHS, Spain Telefonica, 74 countries affected.

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: Windows 7 is vulnerable. It uses EternalBlue MS17-010 to propagate.

Malware samples

View fishbowl.c
// This program runs another program in a "fishbowl" set to the
// current working directory. The idea is that the subprocess
// should only be able to edit files in that path or anything
// descended from it. It can read outside the fishbowl but if it
// attempts to create or edit files outside of it that syscall
// is blocked (by switching it to getpid which does nothing).
//
// A malicious program can bypass the fishbowl using threads to
// make a syscall and then swap the path after verification.
// This is not a security tool, it is just to protect against
You can’t perform that action at this time.