View fcc-dns.txt
# Based on scans.io / Rapid7 FDNS-ANY as of 2017-05
43fcc.gov-tyrm.pw,a,141.8.226.58
54fcc.gov-kuje.pw,a,141.8.226.58
70fcc.gov-omvc.pw,a,141.8.226.58
79fcc.gov-zdjg.pw,a,141.8.226.58
ach.fcc.gov,a,192.104.54.107
ach.fcc.gov,aaaa,2620:0:610:36::107
achadmin.fcc.gov,a,192.104.54.150
achadmin.fcc.gov,aaaa,2620:0:610:36::150
apigateway.fcc.gov,a,192.104.54.83
View benchmark_hashcat-4.0.0_irongiant_2017-10-27_table.txt
# hashcat benchmark for irongiant (aggregate speed, sorted by speed) - 2017-10-27
# version 4.0.0 release - https://hashcat.net/forum/thread-6965-post-37159.html
# Format: default (each device shown separately)
# Devices: 6x NVIDIA 1080 Founders Edition
# Overclock: none
# Power limit: 150W (reduced from default 180W)
# hashcat version: v4.0.0
# OS: Ubuntu 16.04 LTS
# NVIDIA driver: 384.90
View benchmark_hashcat-4.0.0_irongiant_2017-10-27.txt
# hashcat benchmark for irongiant - 2017-10-27
# version 4.0.0 release - https://hashcat.net/forum/thread-6965-post-37159.html
# Format: default (each device shown separately)
# Devices: 6x NVIDIA 1080 Founders Edition
# Overclock: none
# Power limit: 150W (reduced from default 180W)
# hashcat version: v4.0.0
# OS: Ubuntu 16.04 LTS
# NVIDIA driver: 384.90
View badrabbit-info.txt
Rough summary of developing BadRabbit info
------------------------------------------
BadRabbit is locally-self-propagating ransomware (ransom: 0.05 BTC), spreading via SMB once inside.
Requires user interaction.
Mostly targeting Russia and Ukraine so far, with a few others (Germany, Turkey, Bulgaria, Montenegro ...)
Not globally self-propagating, but could be inflicted on selected targets on purpose.
May be part of same group targeting Ukraine generally (BACKSWING) (per FireEye)
Confirmed to use ETERNALROMANCE exploit, and same source code and build chain as NotPetya (per Talos)
Mitigations are similar to Petya/NotPetya resistance. An inoculation is also available (see below).
View allbench.sh
#!/bin/bash
#-----------------------------------------------------------------------
# Created: 2017-10-17
# License: MIT
# Author: tychotithonus
#-----------------------------------------------------------------------
# Get list of algorithms.
View github-gists-roycewilliams-index.md
View benchmark_hashcat~v4.0.0rc4_irongiant_2017-10-13.txt
# hashcat benchmark for irongiant - 2017-10-13
# Format: default (each device shown separately)
# Devices: 6x NVIDIA 1080 Founders Edition
# Overclock: none
# Power limit: 150W (reduced from default 180W)
# hashcat version: v4.0.0rc4
# OS: Ubuntu 16.04 LTS
# NVIDIA driver: 375.66
View benchmark_hashcat~v4.0.0rc4_irongiant_2017-10-13_table.txt
# hashcat benchmark for irongiant - 2017-10-13
# Format: aggregate table (sum of all devices)
# Devices: 6x NVIDIA 1080 Founders Edition
# Overclock: none
# Power limit: 150W (reduced from default 180W)
# hashcat version: v4.0.0rc4
# OS: Ubuntu 16.04 LTS
# NVIDIA driver: 375.66
View min1ascii.hcmask
# For use with RuraPenthe's multibyte bruteforce method
# http://blog.bitcrack.net/2013/09/cracking-hashes-with-other-language.html
#
# Adjust "group" to include multiple strings to taste, depending on your target languages' encodings.
#
# for group in c2c3c4c5; do
# ${HASHCAT_BIN} -m ${HASHMODE} -a 3 --hex-charset -1 $group -2 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf ${HASHLIST} utf8.hcmask.6char.min1ascii
# done
#
?a?a?a?a?a?1?2
View md5-10k-rounds-password.txt
#
# Courtesy MDXfind - https://hashes.org/mdxfind.php
#
$ echo -n 'password' | mdxfind -h '^MD5$' -z -f /dev/null -i 10000 stdin 2>&1 | fgrep password | sort -tx -n -k 2 | align
MD5x01 5f4dcc3b5aa765d61d8327deb882cf99:password
MD5x02 696d29e0940a4957748fe3fc9efd22a3:password
MD5x03 5a22e6c339c96c9c0513a46e44c39683:password
MD5x04 e777a29bee9227c8a6a86e0bad61fc40:password
MD5x05 7b3b4de00794a247cf8df8e6fbfe19bf:password
MD5x06 20ffe80a69fbe8ce4d848eef461b3e39:password