WANNACRY Ransomware possible free Decryption solution Idea.

Everyone is talking about the WANNACRY Ransomware outbreak that has impacted the Microsoft windows Machines using Exploit MS17-010 

All security Professional are discussing how does it impact the infected PC’s and all the details analysis of how he does it spread and what files it encrypts

but one report got me really interested and drove me to think of an Idea of how to get ride of this Encryption

Most of the security Experts are talking about how to stop it but it is too late

now how to decrypt the infected PC’s

in the analysis of bleepingcomputer.com

When you click on the Check Payment button, the ransomware connects back to the TOR C2 servers to see if a payment has been made. Even If one was made, the ransomware will automatically decrypt your files. If payment has not been made, you will see a response like the one below.

Payment not made Response
Payment not made Response

Main Idea :-

if we manged to sniff the network communication to that tor Server address and get back Payment confirmation message received by the Ransomware client.

We can then create a fake server that sends the same confirmation message

direct the clients to talk to this server instead of the Hackers server

Volla.. use his own code against him..

this is somehow similar to what hackers used to do earlier to over come the windows activation

they used to  build fake activation server that would trick the Windows into thinking it is activated

The Idea is to trick the Ranmsomware into thinking a payment has been made

This is a thought but needs some further study to make it true

anyone interested to join the study or have any additional thoughts are welcome to share

Share

No-IP Dynamic DNS Provider Update script for linux – no client

I am sharing this script I did to update my hosts on www.no-ip.com

if you are on WDMycloud V4.X

Install DNSUtil from my repos

copy and past the following into noip.sh

* change USERNAME : PASSWORD with your noip username and password

* change HOSTNAME with the name of the host you want to update or the group you want to update

Ctrl +x then Y – enter

now set the script to run every 30 Min to check if update is needed by crontab

add the following entry to crontab

* the script automatically chick if update is needed it send the update to no-ip if the ip-address has not change then it skip the update

full log can be found in /shares/logs/noip.log

Share

WD Mycloud

This is the link to my mirror for 

I have also included the latest sid Repository from Fox_exe and some packages that I have compiled for WDMycloud V 4.x firmware with PageSize=64k

The Repository has 3 containers

main is compiled by Fox_exe based on wheezy

sid is compiled by Fox_exe based on sid

Jessie is compiled by myself based on jessie

to add the the Repository

SSH to your WDmycloud and run:

Then – you can run apt-get update and install software.

you can view and search for the available packages from this index here ( you can also download individual packages if you wish – click on the package to download it or wget it ) the main thing is the search feature

WARNING: This software only for official v4 .X firmware (Kernel/Software with PageSize=64k)!

all packages are compiled directly from the official Debian repository

Warning : Use it on your own Risk

Share

Automatic Full Backup for WDMycloud – tested on firmware V4.X

I like playing and changing images and software on my WDmycloud

So I found it usefull to  keep a full backup of my latest working image

Here is what you need to do

ssh to your wdmycloud IP then

create a new file called backup.sh

copy the following to the nano editor

click Ctrl+x then y to save your file

make the patch executable

make a test backup to make sure that your script is functioning correctly

schedule the batch to run automaticaly

I have scheduled it to run every 2 days at 7 AM ( feel free to change the schedule based on your need )

copy the below line to the crontab file

click Ctrl+x then y to save your file

you can check the status of your backups and the backup execution by viewing the backup.log at /shares/wdcurrent/backup.log

Share

Project Server 2007 : Commands and options Menu in the portfolio analyzer

How to re-enable the commands and
options in the portfolio analyzer after getting it switched off

The problem is that when you switch the commands and options off you
can not edit your view anymore and you will have to create a new view
as so many people have done before

Microsoft are using XML to describe pivot this XML is stored in the
DATABASE
Through this XML you can change anything in the pivot characteristics
You can change the “field caption”, field format, enable or disable
the “commands and options”
Even change the data source of your pivot without the need to re-build
the pivot back again “very helpful if you want to create multiple
similar views that reads from referent cubes (DATA SOURCE) ”

To get this XML you will need access to both your DATABASE server and
Application server

1. Open the SQL profiler and make it ready for the capture -“but do
not start capturing yet or you will get a huge log”
2. Open the EPM web interface and login with an account which has an
administrative privilege
3. Select Admin
4. Select manage views
5. Choose to modify the view which the “commands and options” is
disabled on and you want to re-enable it back
6. After you open this view for modification
7. Go back to the SQL profiler and start capturing
8. Go back to the WEB view and choose to save the view
9. Switch back to the SQL profiler and stop the capturing
10. Scroll up until you find an entry starts with this

This entry will be very long
11. Copy this entry out to a notepad and delete this line

12. Open the query analyzer and paste the edited text into it and then
run the query it shall give you an output that 1 raw is effected

You are done; The “Commands and options” is enabled again

* Caution: each view has its own XML file identified by the VIEW_ID
which is the last number in the SQL entry (XML file) in this example
it is 130
Do not change this number or you will end up editing another view and
you might miss the view up

If you want to change any field property, Search for the field name
and start editing
And paste it in the query analyzer and you are done

Ms Project 2007 How to switch on commands and options menu in- portfolio analyzer

Share