Accéder au contenu principal

Pcap Of Wannacry Spreading Using EthernalBlue

Par
Saw that a lot of people were looking for a pcap with WannaCry spreading Using EthernalBlue.

I have put together a little "petri dish" test environment and started looking for a sample that has the exploit. Some samples out there simply do not have the exploit code, and even tough they will encrypt the files locally, sometimes the mounted shares too, they would not spread.

Luckily, I have found this nice blog post from McAfee Labs: https://securingtomorrow.mcafee.com/mcafee-labs/analysis-wannacry-ransomware/ with the reference to the sample SHA256: 24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c (they keep referring to samples with MD5, which is still a very-very bad practice, but the hash is MD5: DB349B97C37D22F5EA1D1841E3C89EB4)

Once I got the sample from the VxStream Sandbox site, dropped it in the test environment, and monitored it with Security Onion. I was super happy to see it spreading, despite the fact that for the first run my Windows 7 x64 VM went to BSOD as the EthernalBlue exploit failed.

But the second run was a full success, all my Windows 7 VMs got infected. Brad was so kind and made a guest blog post at one of my favorite sites, www.malware-traffic-analysis.net so you can find the pcap, description of the test environment and some screenshots here: http://malware-traffic-analysis.net/2017/05/18/index2.html

More information


  1. Pentest Book
  2. Pentest Tools For Windows
  3. Hacking Jailbreak
  4. Hacking Online Games
  5. Pentest Firewall
  6. Hacking Online Games
  7. Hacker Types
  8. Pentest Box
  9. Hacking To The Gate
  10. Pentesting
  11. Pentest Active Directory
  12. Hacking Jacket
  13. Hacking Forums
  14. Pentest +
  15. Hacking Jailbreak
  16. Pentest Nmap
  17. Pentesterlab

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

The Muse Brooklyn

Par
http://abcirque.com http://www.amny.com/things-to-do/circus-class-at-the-muse-brooklyn-teaches-acrobatic-skills-1.13781898 https://www.instagram.com/p/Bx-D67pAxGz/ https://www.instagram.com/p/Bx7e3GFgpp2/ https://www.instagram.com/p/Bx5xpoPn_hm/ https://www.instagram.com/p/Bx40FSvj2Tf/ https://www.instagram.com/p/Bx0p224DkxE/ https://www.instagram.com/p/BxzxjhqFO1S/ https://www.instagram.com/p/BxyJmIaAeSd/ https://www.instagram.com/p/BxxweSaF6q4/ https://www.instagram.com/p/BxxSsdcAjFg/ https://www.instagram.com/p/Bxvr0SSgpPs/ https://new.mta.info/L-Project http://themusegowanus.com http://instagram.com/themusebrooklyn https://www.facebook.com/TheMuseBrooklyn/ https://twitter.com/TheMuseBrooklyn https://www.youtube.com/channel/UCkzh62AIfOI7XU3I0P6rWIQ
Enregistrer un commentaire
Lire la suite

Fw:

Par
Consider this message as your last warning. We hacked your system! We have copied all the data from your device to our own servers. Curious videos were recorded from your camera and your actions while watching porn. Your device was infected with our virus when you visited the porn site. The Trojan virus gives us full access, allows us to control your device. The virus allows not only to see your screen, but also to turn on your camera, microphone, without your knowledge. We took over the video from your screen and camera, then we mounted a video in which you can see you watching porn in one part of the screen and masturbating in the other. But that’s not all! We have access to all the contacts in your phone book and social networks. It won’t take us long to send this video to your friends, family and friends on social networks, messengers and email in minutes. We have a lot of audio recordings of your personal conversations, where a lot of “intere...
Enregistrer un commentaire
Lire la suite

Systemic Lidocaine Decreased the Perioperative Opioid Analgesic Requirements but Failed to Reduce Discharge Time After Ambulatory Surgery

Par
Perioperative systemic lidocaine significantly reduces opioid requirements in the ambulatory setting without affecting time to discharge. Postoperative pain is the most common reason for delay in discharge and unplanned hospital admission after ambulatory surgery. 1–3 Because postoperative pain is to a large extent an inflammatory phenomenon, administration of systemic local anesthetics, which have inflammatory modulatory properties, 4 could significantly reduce pain and therefore allow more rapid discharge. 5 Lidocaine has an excellent safety record when administered by low-dose infusion. 5–7 However, whereas decreased hospital stay after inpatient surgery has been demonstrated, the effect of intraoperative and early postoperative lidocaine infusion on duration of stay after ambulatory surgery is not known. Although it see...
Enregistrer un commentaire
Lire la suite