EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-16-2017, 01:53
abhi93696 abhi93696 is offline
Friend
 
Join Date: Mar 2017
Location: India
Posts: 50
Rept. Given: 0
Rept. Rcvd 9 Times in 2 Posts
Thanks Given: 85
Thanks Rcvd at 74 Times in 31 Posts
abhi93696 Reputation: 9
Protect Against WannaCry

IN Case anyone unaware of it-:

The WannaCry ransomware, also known as Wanna Decryptor, leverages a Windows SMB exploit, dubbed EternalBlue, that allows a remote hacker to hijack computers running on unpatched Microsoft Windows operating system.
Once infected, WannaCry also scans for other unpatched PCs connected to the same local network, as well as scans random hosts on the wider Internet, to spread itself quickly.

What Has Happened So Far
Day 1: OutCry — WannaCry targeted over 90,000 computers in 99 countries.
Day 2: The Patch Day — A security researcher successfully found a way to slow down the infection rate, and meanwhile, Microsoft releases emergency patch updates for unsupported versions of Windows.
Day 3: New Variants Arrives — Just yesterday, some new variants of WannaCry, with and without a kill-switch, were detected in the wild would be difficult to stop for at least next few weeks.

Protecton Against it-:


1)Microsoft Issues WanaCrypt Patch for Windows 8, XP
2)Disable SMBv1 On Windows [7, 8 and 10]
Quote:
If you are using Windows 10, you are on the safe side."The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack," Microsoft says.
Stay safe & cheerz
Reply With Quote
The Following 4 Users Say Thank You to abhi93696 For This Useful Post:
b30wulf (05-16-2017), heXer (05-17-2017), ontryit (05-18-2017), wilson bibe (05-16-2017)
  #2  
Old 05-17-2017, 22:05
Insid3Code's Avatar
Insid3Code Insid3Code is offline
Family
 
Join Date: May 2013
Location: Antartica
Posts: 71
Rept. Given: 36
Rept. Rcvd 60 Times in 30 Posts
Thanks Given: 11
Thanks Rcvd at 45 Times in 21 Posts
Insid3Code Reputation: 60
Hello,
These steps are against the exploit code not against the file cryptor it self or cryptocurrency mining malware (another malware using the same exploit code to infect vulnerable machines silently without any notification)...
__________________
Computer Forensics
Reply With Quote
  #3  
Old 05-17-2017, 23:39
wilson bibe wilson bibe is offline
VIP
 
Join Date: Nov 2012
Posts: 384
Rept. Given: 456
Rept. Rcvd 435 Times in 177 Posts
Thanks Given: 114
Thanks Rcvd at 60 Times in 36 Posts
wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499
I'll never understand for what hack is useful, there is nothing divine about it, quite human by the way. If I want money I work, work and work and probabily I'll die working, not stealing, this is a shame, like sell reversed softwares.
Reply With Quote
The Following 5 Users Say Thank You to wilson bibe For This Useful Post:
abhi93696 (05-18-2017), Debugger (06-13-2017), ontryit (05-18-2017), TechLord (05-18-2017), tonyweb (05-18-2017)
  #4  
Old 05-18-2017, 01:28
abhi93696 abhi93696 is offline
Friend
 
Join Date: Mar 2017
Location: India
Posts: 50
Rept. Given: 0
Rept. Rcvd 9 Times in 2 Posts
Thanks Given: 85
Thanks Rcvd at 74 Times in 31 Posts
abhi93696 Reputation: 9
Quote:
Originally Posted by wilson bibe View Post
I'll never understand for what hack is useful, there is nothing divine about it, quite human by the way. If I want money I work, work and work and probabily I'll die working, not stealing, this is a shame, like sell reversed softwares.
Appreciate your thought
Yup what will they get by doing such nasty things & hurting people like this!! As hospitals, banks etc got badly affected by this! Just harming the public...

Anyway heard that this could be possibly attack by North Korea!
Reply With Quote
  #5  
Old 05-18-2017, 22:52
abhi93696 abhi93696 is offline
Friend
 
Join Date: Mar 2017
Location: India
Posts: 50
Rept. Given: 0
Rept. Rcvd 9 Times in 2 Posts
Thanks Given: 85
Thanks Rcvd at 74 Times in 31 Posts
abhi93696 Reputation: 9
Quote:
Originally Posted by Insid3Code View Post
Hello,
These steps are against the exploit code not against the file cryptor it self or cryptocurrency mining malware (another malware using the same exploit code to infect vulnerable machines silently without any notification)...
Hi

As far as, i have studied -:
Adylkuzz, is a cryptocurrency miner that leverages MS17-010, also known as EternalBlue, to compromise machines. Adylkuzz attackers scan the internet for vulnerable machines to install their malware. Unlike WannaCry, Adylkuzz does not have the ability to self-propagate. It was WannaCry’s ability to self-replicate that meant it spread very quickly within organizations.

As cryptocurrency miner also uses EternalBlue exploit ,so disabling SMB(as mentioned above) should do the job

Also re-searched about recovering encrypted data by ransomware in SOME cases-:
Regards
Reply With Quote
  #6  
Old 05-19-2017, 05:58
JMP-JECXZ JMP-JECXZ is offline
Friend
 
Join Date: Mar 2017
Posts: 3
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 0 Times in 0 Posts
JMP-JECXZ Reputation: 0
here is a decryptor for the cryptor: https://github.com/gentilkiwi/wanadecrypt
but you need to give him the priv key
Reply With Quote
  #7  
Old 05-19-2017, 16:33
TechLord TechLord is offline
VIP
 
Join Date: Mar 2005
Location: PlanetTech
Posts: 450
Rept. Given: 365
Rept. Rcvd 174 Times in 75 Posts
Thanks Given: 480
Thanks Rcvd at 874 Times in 222 Posts
TechLord Reputation: 100-199 TechLord Reputation: 100-199
Full article here :
Quote:
https://blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d
If you did not reboot your computer yet after your files got encrypted then you may have a chance (on Win XP and Win 7)...
Reply With Quote
  #8  
Old 06-04-2017, 15:09
uranus64 uranus64 is offline
VIP
 
Join Date: Mar 2011
Location: EE
Posts: 258
Rept. Given: 574
Rept. Rcvd 454 Times in 133 Posts
Thanks Given: 136
Thanks Rcvd at 51 Times in 22 Posts
uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499
Some good advice here.

Mainly "Defense Advice" part. There can to see what ports are vulnerable and can to block access via firewall.
Reply With Quote
  #9  
Old 06-08-2017, 08:57
Levis's Avatar
Levis Levis is offline
Family
 
Join Date: Mar 2012
Location: The Earth
Posts: 28
Rept. Given: 62
Rept. Rcvd 40 Times in 11 Posts
Thanks Given: 16
Thanks Rcvd at 16 Times in 7 Posts
Levis Reputation: 40
As I saw here, they're still releasing patches for Windows 10, or even Windows server 2016:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
So we may immune to WannaCry, but not EternalBlue. Better update'em all.
__________________
My Personal Blog:http://ltops9.wordpress.com
Reply With Quote
  #10  
Old 06-09-2017, 01:40
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 601
Rept. Given: 321
Rept. Rcvd 211 Times in 105 Posts
Thanks Given: 68
Thanks Rcvd at 95 Times in 39 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
are they still patching old good Win XP?
Reply With Quote
  #11  
Old 06-09-2017, 04:02
TechLord TechLord is offline
VIP
 
Join Date: Mar 2005
Location: PlanetTech
Posts: 450
Rept. Given: 365
Rept. Rcvd 174 Times in 75 Posts
Thanks Given: 480
Thanks Rcvd at 874 Times in 222 Posts
TechLord Reputation: 100-199 TechLord Reputation: 100-199
Quote:
Originally Posted by Levis View Post
As I saw here, they're still releasing patches for Windows 10, or even Windows server 2016:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
So we may immune to WannaCry, but not EternalBlue. Better update'em all.
Best 3 rules to follow, even after patching and evrything :

1. Turn off all listening ports on your PC wherever possible.
2. Run at the lowest privilege level possible for accomplishing a particular task (ie. Don't run as administrator just because the PC belongs to you )
3. Don't click on or run unknown or untrusted files !
Reply With Quote
  #12  
Old 06-09-2017, 15:07
cybercoder cybercoder is offline
Friend
 
Join Date: Aug 2005
Posts: 82
Rept. Given: 2
Rept. Rcvd 11 Times in 8 Posts
Thanks Given: 14
Thanks Rcvd at 19 Times in 8 Posts
cybercoder Reputation: 11
chuck this in a reg file for updates for xp until april 2019

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001
Reply With Quote
The Following 2 Users Say Thank You to cybercoder For This Useful Post:
abhi93696 (06-10-2017), dreambuddy (06-12-2017)
  #13  
Old 06-09-2017, 18:30
Kerlingen Kerlingen is offline
VIP
 
Join Date: Feb 2011
Posts: 246
Rept. Given: 0
Rept. Rcvd 253 Times in 90 Posts
Thanks Given: 0
Thanks Rcvd at 61 Times in 29 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
"Windows Embedded Standard 2009" gets updates until 2019.
"Windows XP embedded" (predecessor of "Windows Embedded Standard 2009") does not get updates any more.
"Windows XP" (desktop OS) does not get any updates, it's a different OS.

If updates don't exist you obviously can't get them no matter what registry keys you set.
Reply With Quote
  #14  
Old 06-10-2017, 00:08
cybercoder cybercoder is offline
Friend
 
Join Date: Aug 2005
Posts: 82
Rept. Given: 2
Rept. Rcvd 11 Times in 8 Posts
Thanks Given: 14
Thanks Rcvd at 19 Times in 8 Posts
cybercoder Reputation: 11
well i get updates each month on my xp vm so... it works still POSReady is Point of Sale Ready, so this setting enables atm's that still have xp to update.. It's that simple.. It was to give them time to update.... google this stuff to confirm... So you can update "the desktop OS".. with a little more hardening it's great Maybe try it first then say it doesn't work after...

Last edited by cybercoder; 06-10-2017 at 00:56.
Reply With Quote
  #15  
Old 06-10-2017, 01:41
abhi93696 abhi93696 is offline
Friend
 
Join Date: Mar 2017
Location: India
Posts: 50
Rept. Given: 0
Rept. Rcvd 9 Times in 2 Posts
Thanks Given: 85
Thanks Rcvd at 74 Times in 31 Posts
abhi93696 Reputation: 9
Smile

Well... you both are correct in your context
@Kerlingen is correct in saying that Windows xp does not get any updates BUT Microsoft is continuing to support Windows Embedded Industry for another five years until April 2019...

@cybercoder is very much correct in saying that, one can get updates on xp by "tricking" XP by thinking its Windows Embedded POSReady means one can get updates for the next five years.

Also as these two systems are so interlinked so updates designed for one system should work on the other.

More can be read at - : #peace
Reply With Quote
The Following User Says Thank You to abhi93696 For This Useful Post:
niculaita (06-10-2017)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 06:05.


ICP05004977
vBulletin Security provided by vBSecurity v2.2.0 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX