Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-16-2017, 01:53
abhi93696 abhi93696 is offline
Friend
 
Join Date: Mar 2017
Location: India
Posts: 73
Rept. Given: 0
Rept. Rcvd 8 Times in 2 Posts
Thanks Given: 146
Thanks Rcvd at 159 Times in 64 Posts
abhi93696 Reputation: 10
Protect Against WannaCry

IN Case anyone unaware of it-:

The WannaCry ransomware, also known as Wanna Decryptor, leverages a Windows SMB exploit, dubbed EternalBlue, that allows a remote hacker to hijack computers running on unpatched Microsoft Windows operating system.
Once infected, WannaCry also scans for other unpatched PCs connected to the same local network, as well as scans random hosts on the wider Internet, to spread itself quickly.

What Has Happened So Far
Day 1: OutCry — WannaCry targeted over 90,000 computers in 99 countries.
Day 2: The Patch Day — A security researcher successfully found a way to slow down the infection rate, and meanwhile, Microsoft releases emergency patch updates for unsupported versions of Windows.
Day 3: New Variants Arrives — Just yesterday, some new variants of WannaCry, with and without a kill-switch, were detected in the wild would be difficult to stop for at least next few weeks.

Protecton Against it-:


1)Microsoft Issues WanaCrypt Patch for Windows 8, XP
2)Disable SMBv1 On Windows [7, 8 and 10]
Quote:
If you are using Windows 10, you are on the safe side."The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack," Microsoft says.
Stay safe & cheerz
Reply With Quote
The Following 5 Users Say Thank You to abhi93696 For This Useful Post:
b30wulf (05-16-2017), heXer (05-17-2017), Indigo (07-19-2019), ontryit (05-18-2017), wilson bibe (05-16-2017)
  #2  
Old 05-17-2017, 22:05
Insid3Code's Avatar
Insid3Code Insid3Code is offline
Family
 
Join Date: May 2013
Location: Algeria
Posts: 84
Rept. Given: 47
Rept. Rcvd 60 Times in 30 Posts
Thanks Given: 24
Thanks Rcvd at 108 Times in 56 Posts
Insid3Code Reputation: 60
Hello,
These steps are against the exploit code not against the file cryptor it self or cryptocurrency mining malware (another malware using the same exploit code to infect vulnerable machines silently without any notification)...
__________________
Computer Forensics
Reply With Quote
The Following User Says Thank You to Insid3Code For This Useful Post:
Indigo (07-19-2019)
  #3  
Old 05-17-2017, 23:39
wilson bibe wilson bibe is offline
VIP
 
Join Date: Nov 2012
Posts: 492
Rept. Given: 489
Rept. Rcvd 439 Times in 180 Posts
Thanks Given: 853
Thanks Rcvd at 176 Times in 112 Posts
wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499
I'll never understand for what hack is useful, there is nothing divine about it, quite human by the way. If I want money I work, work and work and probabily I'll die working, not stealing, this is a shame, like sell reversed softwares.
Reply With Quote
The Following 6 Users Say Thank You to wilson bibe For This Useful Post:
abhi93696 (05-18-2017), Debugger (06-13-2017), Indigo (07-19-2019), ontryit (05-18-2017), TechLord (05-18-2017), tonyweb (05-18-2017)
  #4  
Old 05-18-2017, 01:28
abhi93696 abhi93696 is offline
Friend
 
Join Date: Mar 2017
Location: India
Posts: 73
Rept. Given: 0
Rept. Rcvd 8 Times in 2 Posts
Thanks Given: 146
Thanks Rcvd at 159 Times in 64 Posts
abhi93696 Reputation: 10
Quote:
Originally Posted by wilson bibe View Post
I'll never understand for what hack is useful, there is nothing divine about it, quite human by the way. If I want money I work, work and work and probabily I'll die working, not stealing, this is a shame, like sell reversed softwares.
Appreciate your thought
Yup what will they get by doing such nasty things & hurting people like this!! As hospitals, banks etc got badly affected by this! Just harming the public...

Anyway heard that this could be possibly attack by North Korea!
Reply With Quote
The Following User Says Thank You to abhi93696 For This Useful Post:
Indigo (07-19-2019)
  #5  
Old 05-18-2017, 22:52
abhi93696 abhi93696 is offline
Friend
 
Join Date: Mar 2017
Location: India
Posts: 73
Rept. Given: 0
Rept. Rcvd 8 Times in 2 Posts
Thanks Given: 146
Thanks Rcvd at 159 Times in 64 Posts
abhi93696 Reputation: 10
Quote:
Originally Posted by Insid3Code View Post
Hello,
These steps are against the exploit code not against the file cryptor it self or cryptocurrency mining malware (another malware using the same exploit code to infect vulnerable machines silently without any notification)...
Hi

As far as, i have studied -:
Adylkuzz, is a cryptocurrency miner that leverages MS17-010, also known as EternalBlue, to compromise machines. Adylkuzz attackers scan the internet for vulnerable machines to install their malware. Unlike WannaCry, Adylkuzz does not have the ability to self-propagate. It was WannaCry’s ability to self-replicate that meant it spread very quickly within organizations.

As cryptocurrency miner also uses EternalBlue exploit ,so disabling SMB(as mentioned above) should do the job

Also re-searched about recovering encrypted data by ransomware in SOME cases-:
Regards
Reply With Quote
The Following User Says Thank You to abhi93696 For This Useful Post:
Indigo (07-19-2019)
  #6  
Old 05-19-2017, 05:58
JMP-JECXZ JMP-JECXZ is offline
Friend
 
Join Date: Mar 2017
Posts: 86
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 14
Thanks Rcvd at 102 Times in 48 Posts
JMP-JECXZ Reputation: 1
here is a decryptor for the cryptor: https://github.com/gentilkiwi/wanadecrypt
but you need to give him the priv key
Reply With Quote
The Following User Says Thank You to JMP-JECXZ For This Useful Post:
Indigo (07-19-2019)
  #7  
Old 05-19-2017, 16:33
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,022 Times in 571 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Full article here :
Quote:
https://blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d
If you did not reboot your computer yet after your files got encrypted then you may have a chance (on Win XP and Win 7)...
Reply With Quote
The Following User Says Thank You to TechLord For This Useful Post:
Indigo (07-19-2019)
  #8  
Old 06-04-2017, 15:09
uranus64 uranus64 is offline
VIP
 
Join Date: Mar 2011
Location: EE
Posts: 315
Rept. Given: 595
Rept. Rcvd 462 Times in 140 Posts
Thanks Given: 480
Thanks Rcvd at 241 Times in 82 Posts
uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499
Some good advice here.

Mainly "Defense Advice" part. There can to see what ports are vulnerable and can to block access via firewall.
Reply With Quote
The Following User Says Thank You to uranus64 For This Useful Post:
Indigo (07-19-2019)
  #9  
Old 06-08-2017, 08:57
Levis Levis is offline
Family
 
Join Date: Mar 2012
Location: The Earth
Posts: 42
Rept. Given: 74
Rept. Rcvd 42 Times in 13 Posts
Thanks Given: 26
Thanks Rcvd at 45 Times in 22 Posts
Levis Reputation: 42
As I saw here, they're still releasing patches for Windows 10, or even Windows server 2016:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
So we may immune to WannaCry, but not EternalBlue. Better update'em all.
__________________
My Personal Blog:http://ltops9.wordpress.com
Reply With Quote
The Following User Says Thank You to Levis For This Useful Post:
Indigo (07-19-2019)
  #10  
Old 06-09-2017, 01:40
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
are they still patching old good Win XP?
Reply With Quote
The Following User Says Thank You to sendersu For This Useful Post:
Indigo (07-19-2019)
  #11  
Old 06-09-2017, 04:02
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,022 Times in 571 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by Levis View Post
As I saw here, they're still releasing patches for Windows 10, or even Windows server 2016:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
So we may immune to WannaCry, but not EternalBlue. Better update'em all.
Best 3 rules to follow, even after patching and evrything :

1. Turn off all listening ports on your PC wherever possible.
2. Run at the lowest privilege level possible for accomplishing a particular task (ie. Don't run as administrator just because the PC belongs to you )
3. Don't click on or run unknown or untrusted files !
Reply With Quote
The Following User Says Thank You to TechLord For This Useful Post:
Indigo (07-19-2019)
  #12  
Old 06-09-2017, 15:07
cybercoder cybercoder is offline
Friend
 
Join Date: Aug 2005
Posts: 114
Rept. Given: 2
Rept. Rcvd 11 Times in 8 Posts
Thanks Given: 22
Thanks Rcvd at 46 Times in 31 Posts
cybercoder Reputation: 11
chuck this in a reg file for updates for xp until april 2019

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001
Reply With Quote
The Following 3 Users Say Thank You to cybercoder For This Useful Post:
abhi93696 (06-10-2017), dreambuddy (06-12-2017), Indigo (07-19-2019)
  #13  
Old 06-09-2017, 18:30
Kerlingen Kerlingen is offline
VIP
 
Join Date: Feb 2011
Posts: 324
Rept. Given: 0
Rept. Rcvd 276 Times in 98 Posts
Thanks Given: 0
Thanks Rcvd at 308 Times in 95 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
"Windows Embedded Standard 2009" gets updates until 2019.
"Windows XP embedded" (predecessor of "Windows Embedded Standard 2009") does not get updates any more.
"Windows XP" (desktop OS) does not get any updates, it's a different OS.

If updates don't exist you obviously can't get them no matter what registry keys you set.
Reply With Quote
The Following User Says Thank You to Kerlingen For This Useful Post:
Indigo (07-19-2019)
  #14  
Old 06-10-2017, 00:08
cybercoder cybercoder is offline
Friend
 
Join Date: Aug 2005
Posts: 114
Rept. Given: 2
Rept. Rcvd 11 Times in 8 Posts
Thanks Given: 22
Thanks Rcvd at 46 Times in 31 Posts
cybercoder Reputation: 11
well i get updates each month on my xp vm so... it works still POSReady is Point of Sale Ready, so this setting enables atm's that still have xp to update.. It's that simple.. It was to give them time to update.... google this stuff to confirm... So you can update "the desktop OS".. with a little more hardening it's great Maybe try it first then say it doesn't work after...

Last edited by cybercoder; 06-10-2017 at 00:56.
Reply With Quote
The Following User Says Thank You to cybercoder For This Useful Post:
Indigo (07-19-2019)
  #15  
Old 06-10-2017, 01:41
abhi93696 abhi93696 is offline
Friend
 
Join Date: Mar 2017
Location: India
Posts: 73
Rept. Given: 0
Rept. Rcvd 8 Times in 2 Posts
Thanks Given: 146
Thanks Rcvd at 159 Times in 64 Posts
abhi93696 Reputation: 10
Smile

Well... you both are correct in your context
@Kerlingen is correct in saying that Windows xp does not get any updates BUT Microsoft is continuing to support Windows Embedded Industry for another five years until April 2019...

@cybercoder is very much correct in saying that, one can get updates on xp by "tricking" XP by thinking its Windows Embedded POSReady means one can get updates for the next five years.

Also as these two systems are so interlinked so updates designed for one system should work on the other.

More can be read at - : #peace
Reply With Quote
The Following 2 Users Say Thank You to abhi93696 For This Useful Post:
Indigo (07-19-2019), niculaita (06-10-2017)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Visual Protect Spotted Horse General Discussion 10 09-17-2004 14:58


All times are GMT +8. The time now is 16:50.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )