Accéder au contenu principal

Pcap Of Wannacry Spreading Using EthernalBlue

Par
Saw that a lot of people were looking for a pcap with WannaCry spreading Using EthernalBlue.

I have put together a little "petri dish" test environment and started looking for a sample that has the exploit. Some samples out there simply do not have the exploit code, and even tough they will encrypt the files locally, sometimes the mounted shares too, they would not spread.

Luckily, I have found this nice blog post from McAfee Labs: https://securingtomorrow.mcafee.com/mcafee-labs/analysis-wannacry-ransomware/ with the reference to the sample SHA256: 24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c (they keep referring to samples with MD5, which is still a very-very bad practice, but the hash is MD5: DB349B97C37D22F5EA1D1841E3C89EB4)

Once I got the sample from the VxStream Sandbox site, dropped it in the test environment, and monitored it with Security Onion. I was super happy to see it spreading, despite the fact that for the first run my Windows 7 x64 VM went to BSOD as the EthernalBlue exploit failed.

But the second run was a full success, all my Windows 7 VMs got infected. Brad was so kind and made a guest blog post at one of my favorite sites, www.malware-traffic-analysis.net so you can find the pcap, description of the test environment and some screenshots here: http://malware-traffic-analysis.net/2017/05/18/index2.html

More information


  1. Pentest Book
  2. Pentest Tools For Windows
  3. Hacking Jailbreak
  4. Hacking Online Games
  5. Pentest Firewall
  6. Hacking Online Games
  7. Hacker Types
  8. Pentest Box
  9. Hacking To The Gate
  10. Pentesting
  11. Pentest Active Directory
  12. Hacking Jacket
  13. Hacking Forums
  14. Pentest +
  15. Hacking Jailbreak
  16. Pentest Nmap
  17. Pentesterlab

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

آفرینک | تماشای آنلاین انیمیشن و کارتون

Par
https://afarinak.com/tags/%D8%A7%D9%86%DB%8C%D9%85%DB%8C%D8%B4%D9%86-%D9%87%D8%A7%DB%8C-%D8%A8%D8%B1%D9%86%D8%AF%D9%87-%D8%A7%D8%B3%DA%A9%D8%A7%D8%B1/ https://afarinak.com/tags/%D9%BE%D8%B1%D9%81%D8%B1%D9%88%D8%B4%D8%AA%D8%B1%DB%8C%D9%86-%D8%A7%D9%86%DB%8C%D9%85%DB%8C%D8%B4%D9%86-%D9%87%D8%A7%DB%8C-2016/ https://afarinak.com/tags/best-animated-movies-2017/ https://tidano.com/ https://funibo.com/ http://www.aparat.com/afarinak https://t.me/joinchat/AAAAAD67ZyQn7_qBcGjPgw https://www.instagram.com/afarinak_com/ https://twitter.com/afarinak
Enregistrer un commentaire
Lire la suite

Go Macro Bars

Par
Go Macro Energy Bars - In fact, brown rice syrup weighs more than a lot of the opposite ingredients in these bars. So regardless that the bars comprise more oats and nuts by quantity, brown rice syrup must be listed first because it weighs more. As a side observe, I like firms that give again to society. I used to be given the opportunity to strive their three new bar flavors (despatched to me by GoMacro). It was also shocking, since these bars usually are not as candy as many other bars in the marketplace. Plus, a portion of the proceeds from their Everlasting Joy Bars goes towards feeding the homeless. It appears that evidently by regulation substances have to be listed so as of weight, and brown rice syrup could be very dense. And GoMacro selects one taste every quarter to highlight as their "Give Back Bar." They donate 10% of the gross sales of that bar to a non-revenue group. Nevertheless, I was concerned that brown rice syrup is the first ingredient in most o...
Enregistrer un commentaire
Lire la suite