- Authenticate to vCenter to get user credential.
# curl -k -X POST https://<FQDN or IP>/rest/com/vmware/cis/session -u <USERNAME>:<PASSWORD> | jq
{
"value": "SESSIONID"
}
- Save the session id to a variable
# ID=SESSIONID
rain-1
/ Wannacrypt0r-FACTSHEET.md
Last active
September 2, 2024 11:51
— forked from Epivalent/Wannacrypt0r-FACTSHEET.md
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comis up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # install needed packages | |
| yum install librsync-devel python-devel | |
| # remove old version | |
| yum remove duplicity.x86_64 | |
| wget http://savannah-nongnu-org.ip-connect.vn.ua/duplicity/duplicity-0.7.11.tar.gz | |
| tar -zxvf duplicity-0.7.11.tar.gz | |
| cd duplicity-0.7.11/ | |
| python setup.py install |
pmoranga
/ puppet-firewall-docker.pp
Created
February 8, 2016 23:55
Make puppetlabs-firewall works with docker smoothly
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class my_fw::pre { | |
| # Disable due to selective purges of firewallchain | |
| # resources { "firewall": | |
| # purge => true | |
| # } | |
| # Avoid removing Docker rules: | |
| firewallchain { 'FORWARD:filter:IPv4': | |
| purge => true, |
rombert
/ pre-receive-puppet
Last active
June 6, 2017 17:38
— forked from hartfordfive/pre-receive-puppet
Server-side pre-receive hook to validate puppet files.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # See https://www.kernel.org/pub/software/scm/git/docs/githooks.html#pre-receive | |
| oldrev=$1 | |
| newrev=$2 | |
| refname=$3 | |
| while read oldrev newrev refname; do | |
| # Get the file names, without directory, of the files that have been modified |