Vitalii Mikhnevych rooty

## tastypie_resource.py
from tastypie import fields
from tastypie.authentication import Authentication
from tastypie.authorization import Authorization
from tastypie.bundle import Bundle
from tastypie.exceptions import NotFound
from tastypie.resources import Resource


# a dummy class representing a row of data
class Row(object):

## rsyslog_sentry.py
#!/usr/bin/env python
#
# Copyright 2012 Patrick Hetu <patrick.hetu@gmail.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,

## Petya_ransomware.txt
#petya #petrWrap

Win32/Diskcoder.Petya.C
Ransomware attack.

Got new info? Email at isox@vulners.com

"it appeared to encrypt a selection of files (PDF and RTF) on two test machines prior to rebooting and encrypting parts of the MFT." - waiting for the details and PoC

*********** KILLSWITCH // PARTIAL? GOT PROOF - EMAIL!

## petya-related-names.txt
Of the 4 currently known IP addresses involved in the spreading of the Petya(like) malware
(https://gist.github.com/vulnersCom/65fe44d27d29d7a5de4c176baba45759), we have observed in
recent Sonar FDNS studies that for each of the IPs, there are, in some cases, a variety of
additional domains that are hosted on the same IP.  Given that there was likely some
manner of compromise for each of these IPs, it is likely that all domains hosted by each
IP are or will be compromised.

111.90.139.247:
  chyporus.online
  sportmaniac.co.in

## README.md

      
              3 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                rooty
                / README.md
            
            
              Created
              August 8, 2017 18:18
            
              
                VPNUnlimited: create VPN config for Network Manager using ovpn files
              
          
Download ovpn config files from VPNUnlimited (contact: support@keepsolid.com)
Extract zip file, remove email and UserID from file name. Filename should be location.ovpn. You can use rename tool like PyRenamer
Put all ovpn files to ovpn_conf
Put nm_vpn_gen.py and nm_conf.tpl to directory contain ovpn_conf directory
Run "python nm_vpn_gen.py".


## riak-bucket-dump.py
#!/usr/bin/env python

import sys
import urllib2
import urllib
import multiprocessing
import json
import logging
import argparse
import urlparse

## cors-nginx.conf

#
# Slightly tighter CORS config for nginx
#
# A modification of https://gist.github.com/1064640/ to include a white-list of URLs
#
# Despite the W3C guidance suggesting that a list of origins can be passed as part of
# Access-Control-Allow-Origin headers, several browsers (well, at least Firefox)
# don't seem to play nicely with this.
#

## telegram-history-json-to-csv.py
# Converts a JSONL file generated with telegram-history-dump (1) to CSV
# Usage: python telegram-csv.py <path to json file> <path to output csv file>
# Example: python telegram-csv.py Bob.json Bob.csv
# 1: https://github.com/tvdstaaij/telegram-history-dump
from datetime import datetime
import unicodecsv as csv
import json, sys

def get_isodate(msg):
    date = msg.get("date", None)

## php_upgrade_to_71.sh
# 1. Install brew  --> http://brew.sh/
# 2. run the following commands in your Terminal
brew tap homebrew/dupes
brew tap homebrew/versions
brew tap homebrew/homebrew-php
brew install --with-openssl curl
brew install --with-homebrew-curl --with-apache php71
brew install php71-mcrypt php71-imagick
# 3. Follow these instructions to make Apache and php-cli use the newer php executable and make the change persist after reboot.
brew info php71

## haproxy.cfg
# This is an example of the Stack Exchange Tier 1 HAProxy config
# The only things that have been changed from what we are running are:
# 1. User names have been removed
# 2. All Passwords have been remove
# 3. IPs have been changed to use the example/documentation ranges
# 4. Rate limit numbers have been changed to randome numbers, don't read into them

userlist stats-auth
        group admin users $admin_user
        user $admin_user insecure-password $some_password
	from tastypie import fields
	from tastypie.authentication import Authentication
	from tastypie.authorization import Authorization
	from tastypie.bundle import Bundle
	from tastypie.exceptions import NotFound
	from tastypie.resources import Resource


	# a dummy class representing a row of data
	class Row(object):
	#!/usr/bin/env python
	#
	# Copyright 2012 Patrick Hetu <patrick.hetu@gmail.com>
	#
	# This program is free software: you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation, either version 3 of the License, or
	# (at your option) any later version.
	#
	# This program is distributed in the hope that it will be useful,
	#petya #petrWrap

	Win32/Diskcoder.Petya.C
	Ransomware attack.

	Got new info? Email at isox@vulners.com

	"it appeared to encrypt a selection of files (PDF and RTF) on two test machines prior to rebooting and encrypting parts of the MFT." - waiting for the details and PoC

	*********** KILLSWITCH // PARTIAL? GOT PROOF - EMAIL!
	Of the 4 currently known IP addresses involved in the spreading of the Petya(like) malware
	(https://gist.github.com/vulnersCom/65fe44d27d29d7a5de4c176baba45759), we have observed in
	recent Sonar FDNS studies that for each of the IPs, there are, in some cases, a variety of
	additional domains that are hosted on the same IP. Given that there was likely some
	manner of compromise for each of these IPs, it is likely that all domains hosted by each
	IP are or will be compromised.

	111.90.139.247:
	chyporus.online
	sportmaniac.co.in
	#!/usr/bin/env python

	import sys
	import urllib2
	import urllib
	import multiprocessing
	import json
	import logging
	import argparse
	import urlparse

	#
	# Slightly tighter CORS config for nginx
	#
	# A modification of https://gist.github.com/1064640/ to include a white-list of URLs
	#
	# Despite the W3C guidance suggesting that a list of origins can be passed as part of
	# Access-Control-Allow-Origin headers, several browsers (well, at least Firefox)
	# don't seem to play nicely with this.
	#
	# Converts a JSONL file generated with telegram-history-dump (1) to CSV
	# Usage: python telegram-csv.py <path to json file> <path to output csv file>
	# Example: python telegram-csv.py Bob.json Bob.csv
	# 1: https://github.com/tvdstaaij/telegram-history-dump
	from datetime import datetime
	import unicodecsv as csv
	import json, sys

	def get_isodate(msg):
	date = msg.get("date", None)
	# 1. Install brew --> http://brew.sh/
	# 2. run the following commands in your Terminal
	brew tap homebrew/dupes
	brew tap homebrew/versions
	brew tap homebrew/homebrew-php
	brew install --with-openssl curl
	brew install --with-homebrew-curl --with-apache php71
	brew install php71-mcrypt php71-imagick
	# 3. Follow these instructions to make Apache and php-cli use the newer php executable and make the change persist after reboot.
	brew info php71
	# This is an example of the Stack Exchange Tier 1 HAProxy config
	# The only things that have been changed from what we are running are:
	# 1. User names have been removed
	# 2. All Passwords have been remove
	# 3. IPs have been changed to use the example/documentation ranges
	# 4. Rate limit numbers have been changed to randome numbers, don't read into them

	userlist stats-auth
	group admin users $admin_user
	user $admin_user insecure-password $some_password