Iván || HacKan HacKanCuBa

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output

SKS Keyserver Network Under Attack

This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Terminological Note

"OpenPGP" refers to the OpenPGP protocol, in much the same way that HTML refers to the protocol that specifies how to write a web page. "GnuPG", "SequoiaPGP", "OpenPGP.js", and others are implementations of the OpenPGP protocol in the same way that Mozilla Firefox, Google Chromium, and Microsoft Edge refer to software packages that process HTML data.

Who am I?

ASN Discovery

Checklist

Get ASN of target
Get IP ranges
Masscan all the ranges (common web ports)
Double check to verify hosts alive
Generate URL list
Bruteforce all the URLs

Full Livestream Recording here

(see YouTube channel for individual videos)

Github | Site | Discord | YouTube |

Secure Containerized Pastebin

Easily deploy a secure containerized pastebin on a VPS.

Description

This project runs and configures two containers:

PrivateBin: A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted and decrypted in the browser.
SWAG: An Nginx webserver and reverse proxy with PHP support and a built-in Certbot client that automates free SSL server certificate generation and renewal processes.

	# Scan for CVE-2017-0143 MS17-010
	# The vulnerability used by WannaCry Ransomware
	#
	# 1. Use @calderpwn's script
	# http://seclists.org/nmap-dev/2017/q2/79
	#
	# 2. Save it to Nmap NSE script directory
	# Linux - /usr/share/nmap/scripts/ or /usr/local/share/nmap/scripts/
	# OSX - /opt/local/share/nmap/scripts/
	#


	server {
	listen 80;
	server_name your.domain.com;

	location = /analytics.js {
	# you have to compile nginx with http://nginx.org/en/docs/http/ngx_http_sub_module.html (this is not default)
	# and http://nginx.org/en/docs/http/ngx_http_proxy_module.html (it's a default module)

	proxy_set_header Accept-Encoding "";

	import os
	import subprocess
	import ctypes

	# See: https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/

	svcinfo = {}
	nonadmin = ['AU', 'AN', 'BG', 'BU', 'DG', 'WD', 'IU', 'LG']
	FNULL = open(os.devnull, 'w')

	#! /usr/bin/env python3

	import hashlib
	import threading


	def hash_buf(buf):
	return hashlib.sha256(buf).hexdigest()