WANNACRY Ransomware possible free Decryption solution Idea.

Everyone is talking about the WANNACRY Ransomware outbreak that has impacted the Microsoft windows Machines using Exploit MS17-010 

All security Professional are discussing how does it impact the infected PC’s and all the details analysis of how he does it spread and what files it encrypts

but one report got me really interested and drove me to think of an Idea of how to get ride of this Encryption

Most of the security Experts are talking about how to stop it but it is too late

now how to decrypt the infected PC’s

in the analysis of bleepingcomputer.com

When you click on the Check Payment button, the ransomware connects back to the TOR C2 servers to see if a payment has been made. Even If one was made, the ransomware will automatically decrypt your files. If payment has not been made, you will see a response like the one below.

Payment not made Response
Payment not made Response

Main Idea :-

if we manged to sniff the network communication to that tor Server address and get back Payment confirmation message received by the Ransomware client.

We can then create a fake server that sends the same confirmation message

direct the clients to talk to this server instead of the Hackers server

Volla.. use his own code against him..

this is somehow similar to what hackers used to do earlier to over come the windows activation

they used to  build fake activation server that would trick the Windows into thinking it is activated

The Idea is to trick the Ranmsomware into thinking a payment has been made

This is a thought but needs some further study to make it true

anyone interested to join the study or have any additional thoughts are welcome to share

Share

Project Server 2007 : Commands and options Menu in the portfolio analyzer

How to re-enable the commands and
options in the portfolio analyzer after getting it switched off

The problem is that when you switch the commands and options off you
can not edit your view anymore and you will have to create a new view
as so many people have done before

Microsoft are using XML to describe pivot this XML is stored in the
DATABASE
Through this XML you can change anything in the pivot characteristics
You can change the “field caption”, field format, enable or disable
the “commands and options”
Even change the data source of your pivot without the need to re-build
the pivot back again “very helpful if you want to create multiple
similar views that reads from referent cubes (DATA SOURCE) ”

To get this XML you will need access to both your DATABASE server and
Application server

1. Open the SQL profiler and make it ready for the capture -“but do
not start capturing yet or you will get a huge log”
2. Open the EPM web interface and login with an account which has an
administrative privilege
3. Select Admin
4. Select manage views
5. Choose to modify the view which the “commands and options” is
disabled on and you want to re-enable it back
6. After you open this view for modification
7. Go back to the SQL profiler and start capturing
8. Go back to the WEB view and choose to save the view
9. Switch back to the SQL profiler and stop the capturing
10. Scroll up until you find an entry starts with this

This entry will be very long
11. Copy this entry out to a notepad and delete this line

12. Open the query analyzer and paste the edited text into it and then
run the query it shall give you an output that 1 raw is effected

You are done; The “Commands and options” is enabled again

* Caution: each view has its own XML file identified by the VIEW_ID
which is the last number in the SQL entry (XML file) in this example
it is 130
Do not change this number or you will end up editing another view and
you might miss the view up

If you want to change any field property, Search for the field name
and start editing
And paste it in the query analyzer and you are done

Ms Project 2007 How to switch on commands and options menu in- portfolio analyzer

Share