ryanbekabe

## unzip_all.py
#!/usr/bin/python
import os, zipfile

for filename in os.listdir("."):
    if filename.endswith(".zip"):
        print filename
        name = os.path.splitext(os.path.basename(filename))[0]
        if not os.path.isdir(name):
            try:
                zip = zipfile.ZipFile(filename)

## Wannacrypt0r-FACTSHEET.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                ryanbekabe
                / Wannacrypt0r-FACTSHEET.md
            
            
              Created
              April 12, 2019 06:55
                — forked from rain-1/Wannacrypt0r-FACTSHEET.md
            
          
    WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm


Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

  
## start-video-stream-w-opencv.py
# For more info: http://docs.opencv.org/3.0-beta/doc/py_tutorials/py_gui/py_video_display/py_video_display.html
import cv2
import numpy as np

# Playing video from file:
# cap = cv2.VideoCapture('vtest.avi')
# Capturing video from webcam:
cap = cv2.VideoCapture(0)

currentFrame = 0

## port-forwarding.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Tcp Port Forwarding (Reverse Proxy)
# Author : WangYihang <wangyihanger@gmail.com>


import socket
import threading
import sys

## ProceduralVsOop.php
<?php
// Procedural
function example_new() {
  return array(
    'vars' => array()
  );
}

function example_set($example, $name, $value) {
  $example['vars'][$name] = $value;

## mongoDB.py
import pymongo
from pymongo import Connection

conn = Connection()
db = conn['myDB']
collection = db['language']

#Creating a collection
db.language.insert({"id": "1", "name": "C", "grade":"Boring"})
db.language.insert({"id": "2", "name":"Python", "grade":"Interesting"})

## mongo-struc.js
var conn = new Mongo();
db = conn.getDB(<DB_NAME>);
var cursor = db.<COLLECTION>.find();
var items = [];
items = cursor.toArray();
var dbstruc = {};
for (var i = 0; i < items.length; ++i) {
    var target = items[i];
    getKP(target,dbstruc);
}

## client.py
import cv2
import io
import socket
import struct
import time
import pickle
import zlib

client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client_socket.connect(('192.168.1.124', 8485))

## client.py
import requests

#http://docs.python-requests.org/en/latest/user/quickstart/#post-a-multipart-encoded-file

url = "http://localhost:5000/"
fin = open('simple_table.pdf', 'rb')
files = {'file': fin}
try:
  r = requests.post(url, files=files)
	print r.text

## flaskaudiostream.py
from flask import Flask, Response

app = Flask(__name__)


@app.route("/wav")
def streamwav():
    def generate():
        with open("signals/song.wav", "rb") as fwav:
            data = fwav.read(1024)
	#!/usr/bin/python
	import os, zipfile

	for filename in os.listdir("."):
	if filename.endswith(".zip"):
	print filename
	name = os.path.splitext(os.path.basename(filename))[0]
	if not os.path.isdir(name):
	try:
	zip = zipfile.ZipFile(filename)
	# For more info: http://docs.opencv.org/3.0-beta/doc/py_tutorials/py_gui/py_video_display/py_video_display.html
	import cv2
	import numpy as np

	# Playing video from file:
	# cap = cv2.VideoCapture('vtest.avi')
	# Capturing video from webcam:
	cap = cv2.VideoCapture(0)

	currentFrame = 0
	#!/usr/bin/env python
	# -- coding: utf-8 --
	# Tcp Port Forwarding (Reverse Proxy)
	# Author : WangYihang <wangyihanger@gmail.com>


	import socket
	import threading
	import sys
	<?php
	// Procedural
	function example_new() {
	return array(
	'vars' => array()
	);
	}

	function example_set($example, $name, $value) {
	$example['vars'][$name] = $value;
	import pymongo
	from pymongo import Connection

	conn = Connection()
	db = conn['myDB']
	collection = db['language']

	#Creating a collection
	db.language.insert({"id": "1", "name": "C", "grade":"Boring"})
	db.language.insert({"id": "2", "name":"Python", "grade":"Interesting"})
	var conn = new Mongo();
	db = conn.getDB(<DB_NAME>);
	var cursor = db.<COLLECTION>.find();
	var items = [];
	items = cursor.toArray();
	var dbstruc = {};
	for (var i = 0; i < items.length; ++i) {
	var target = items[i];
	getKP(target,dbstruc);
	}
	import cv2
	import io
	import socket
	import struct
	import time
	import pickle
	import zlib

	client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	client_socket.connect(('192.168.1.124', 8485))
	import requests

	#http://docs.python-requests.org/en/latest/user/quickstart/#post-a-multipart-encoded-file

	url = "http://localhost:5000/"
	fin = open('simple_table.pdf', 'rb')
	files = {'file': fin}
	try:
	r = requests.post(url, files=files)
	print r.text
	from flask import Flask, Response

	app = Flask(__name__)


	@app.route("/wav")
	def streamwav():
	def generate():
	with open("signals/song.wav", "rb") as fwav:
	data = fwav.read(1024)