Skip to content

Instantly share code, notes, and snippets.

View 1600's full-sized avatar

Thomas Jefferson 1600

View GitHub Profile

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm.

SECURITY BULLETIN AND UPDATES HERE: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

@1600
1600 / phantomjs_onbeforeunload_problem.py
Last active February 28, 2017 08:10
phantomjs has a problem with site having onbeforeunload
#! -*- coding:utf-8 -*-
from selenium import webdriver
from selenium.webdriver.support.ui import WebDriverWait
d=webdriver.PhantomJS(service_args=['--load-images=no','--disk-cache=no'])
#d.implicitly_wait(20)
WebDriverWait(d,10)
d.set_page_load_timeout(20)
@1600
1600 / rust_corner_cases.rs
Created February 28, 2017 07:58
primodial stuff, mostly in 2011
// xfail-pretty
// Just a grab bug of stuff that you wouldn't want to actualy write
fn strange() -> bool {
let _x = ret true;
}
fn funny() {
fn f(_x: ()) {}
f(ret);