Skip to content

Instantly share code, notes, and snippets.

View mathse's full-sized avatar
💭
wrangling data

Mathias Decker mathse

💭
wrangling data
View GitHub Profile
@kaitoii11
kaitoii11 / vcenter-api.md
Last active August 13, 2024 21:08
Sample on how to use vCenter API
  • Authenticate to vCenter to get user credential.
# curl -k -X POST https://<FQDN or IP>/rest/com/vmware/cis/session -u <USERNAME>:<PASSWORD> | jq
{
  "value": "SESSIONID"
}
  • Save the session id to a variable
# ID=SESSIONID

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@olegbuevich
olegbuevich / upgrade.sh
Last active December 13, 2017 12:56
duplicity 0.7 centos 6
# install needed packages
yum install librsync-devel python-devel
# remove old version
yum remove duplicity.x86_64
wget http://savannah-nongnu-org.ip-connect.vn.ua/duplicity/duplicity-0.7.11.tar.gz
tar -zxvf duplicity-0.7.11.tar.gz
cd duplicity-0.7.11/
python setup.py install
@pmoranga
pmoranga / puppet-firewall-docker.pp
Created February 8, 2016 23:55
Make puppetlabs-firewall works with docker smoothly
class my_fw::pre {
# Disable due to selective purges of firewallchain
# resources { "firewall":
# purge => true
# }
# Avoid removing Docker rules:
firewallchain { 'FORWARD:filter:IPv4':
purge => true,
@rombert
rombert / pre-receive-puppet
Last active June 6, 2017 17:38 — forked from hartfordfive/pre-receive-puppet
Server-side pre-receive hook to validate puppet files.
#!/bin/bash
# See https://www.kernel.org/pub/software/scm/git/docs/githooks.html#pre-receive
oldrev=$1
newrev=$2
refname=$3
while read oldrev newrev refname; do
# Get the file names, without directory, of the files that have been modified