Cesare Ghirelli runozo

## vodafone.md

      
              1 file
            
          
              1 fork
            
          
              13 comments
            
          
              35 stars
            
          
                teknoraver
                / vodafone.md
            
            
              Last active
              April 18, 2024 10:02
            
          
    Trashing the Vodafone Station

How to replace the Vodafone Station with your very own router

Vodafone forces its customers to use their modem/router, the "Vodafone Station": using any other router is impossible because authentication is being done via a custom PPPoE setup.

In the PPPoE packet there is a field named Host-Uniq which is used to separate packets from different PPPoE sessions: Vodafone requires the Station serial number to be put in this field as authentication.
Hardware setup

A Linux router with root access is needed to replace the Station with. With an xDSL connection a modem with a custom firmware like OpenWrt has to be used, most likely one based on a Lantiq SoC.

For a FTTH internet connection then every machine with at least two gigabit ethernet interface and a decent CPU will do it.

  
## Wannacrypt0r-FACTSHEET.md

      
              1 file
            
          
              158 forks
            
          
              267 comments
            
          
              713 stars
            
          
                rain-1
                / Wannacrypt0r-FACTSHEET.md
            
            
              Last active
              March 10, 2024 11:03
                — forked from Epivalent/Wannacrypt0r-FACTSHEET.md
            
          
    WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm


Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

  
## codesandbox-discord-token-leak.md

      
              9 files
            
          
              0 forks
            
          
              41 comments
            
          
              3 stars
            
          
                mrsheepsheep
                / codesandbox-discord-token-leak.md
            
            
              Last active
              January 25, 2023 15:01
            
              
                Last token leak: 2021-10-05T09:56:19.678Z - 2 tokens, 947 users, 5 guilds, 5 admins
              
          
    PLEASE READ BEFORE REPORTING THIS GIST

This gist has already been reported multiple times and it has already been recovered for legitimate reasons. This gist is not harmful in any way. Thank you. (Actually, you should probably thank me !)
Codesandbox Discord Bot token leak repository

This gist hosts leaked previously-active bot tokens found on https://codesandbox.io/.
These tokens were left by developers in a publicly available project.