Google+ Followers

Saturday, 13 May 2017

NHS hit by ransomware

Been watching this on Twitter this evening and have been intrigued with this so called sophistic attack, lets delve deeper.

The attack is actually using the EternalBlue vulnerability (patched at beginning of March) released over the Easter Weekend among many other vulnerabilities called zero days (as Microsoft had not been made aware of them up to this point) and looked like they had been created by Equation Group for the NSA.  Shadow Brokers managed to obtain these vulnerabilities, possibly by hacking the NSA and then tried to sell them to the highest bidder after originally trying to sell them off for around $1M but paid for in bitcoins, this carried on dropping and dropping till they eventually released the 300mb file on the Easter Weekend.

On closer inspection the exploit ETERNALBLUE works by remotely connecting via SMB & NBT (Windows XP to Windows 2012) and basically hits any windows machine older than Windows 10, hense bring on the ransomware using this exploit plus some FUZZBUNCH exploits and you have WannaCry or WCry 2.0 .

Its been written in C++ and the code is easily viewable as no attempt has been made to hide the code and encrypts the files and adds a .WNCRY extension before asking for a $300-$600 bitcoin ransom.

So does that mean Im vulnerable? providing you have applied all Microsoft security patches including MS17-010 released in March then no you should be safe. also stopping the SMB V1 service which this ransomware/malware uses.

So far it looks like if you can crash Wcrypt it will reset, however if it does infect your machine it will also add the DOUBLEPULSAR backdoor.  Also if is up the virus exits instead of infecting the host.

This also only affect Microsoft products so linux users you are safe, but again dont open those attachments you were not expecting, use a good anti virus and back up your files on a external device as well as saving very important work to usb sticks.

So far over 70k machines have been infected and thats not just NHS machines; FedEx, Telefonica, Shaheen Airlines are to name a few.

Have these pesky kids got away with it? well the bitcoins can be traced to an extent so they will need to clean the coins by passing them through bitcoin launderers, other people, a few anonymous throwaway bitcoin accounts before finally transfering the money into their own account for each $300 I can see them being left with $100 per ransom or less as this will have to go on and on for months.  Already the ransonware has been dissected and those who know their stuff in bitcoins have already started to track the bitcoins about.

nb: binary blob in pe crypted with password "WNcry@20l7" 

Wednesday, 19 April 2017

The Annoying Pi

Are practical jokes your forte ? Then this will be right up your street and can be built for around £20 of which probably be a lot less as you will no doubt have these bits already lying around.

So lets get started this is what you need:

Pizero w
Usb powerbank to power it.

After following the instructions on Pimoroni the makers of speakerphat and the installation of the phat to the pi you will need to do a few things. First is to log on to wifi, there is enough tutorials should you need to ask how to do that.  Next is to search for "annoying .wav" you should find quite a few sites and from here download the files.  I found that renaming the files to something shorter like buzz.wav or scream.wav will make things easier later on.

Next open a command line and go to raspi-config and enable ssh.  It will also be a good time to change any default password so no one else can ssh into your pi.

Once done shutdown the pi, attach battery pack to pi and hide somewhere like under the bed or even back of a cupboard.

Now fire up another pi or computer and start up terminal.

Here we can use nmap to search for all connected devices on our network and get the ip address of the annoying pi or if before you shutdown the pi you do an ifconfig and write down the ip address on the wlan0 line.

Next we need to ssh in and the command will be like this:

sudo ssh pi@

Pi will be the user name and (will be whatever your device has allocated to it) the ip address.

Next it will ask for password and if correct will go on to ask you further questions of which just reply yes.

Now we are logged in to the pi we can have some fun. Start by logging into the folder the .Wav files are stored in and most likely be Downloads with cd Downloads command.  Here with the ls command we can see all the files.  Next is to launch the files, you could write a random playing script with python but i dont think you will get the element of surprise to what we want.

The next task is to start the sounds, this will be done with the following command with my scream.wav file.

Sudo aplay scream.wav

Now if all has gone well you should be hearing the file being played.  When you have done this with a few files you will be able to choose the files quicker at the command line by pressing the up arrow to go through previous commands and choose the file if previously played quicker.

Have fun and feel free to post any extra tips below.

Tuesday, 7 March 2017

Raspberry Pi Wedding Twitter selfie camera

I wanted to do something for my wedding to my wonderful wife that was different.  We had already planned a non traditional wedding with lots of different things, but I also wanted something that would be seen as trendy amongst the cool kids.

My daughter told me about a photo booth company but with such a small budget we couldnt afford one then I remembered something similar had been done and after a few googles I found tons of similar ideas but all seem to use Twython and from what I read parts had been depreciated yet I couldnt find the right commands to actually make it work.

So with the latest Raspberry PiZeroW and offical case, old pi camera from another project I began my project.  I had to enable ssh and vnc, personally I prefer sshing in to deal with issues but vnc can be better for trouble shooting.

I then had to make a twitter account (@angelapawedding) and set up the api so i could get the access and consumer tokens and set to read write and got to work, even soldering two pins on the back to 3rd and 4th pin in on the top row to attach a two wire pc wire/button reset switch to.  I figured this way if kids dropped or pulled it at least it could be reconnected with ease.

here is the code:

#mypifi feel free to use
#!/usr/bin/env python2.7
import tweepy
import sys
from picamera import PiCamera
from time import sleep
from datetime import datetime
from gpiozero import Button

consumer_key        = 'goes here'
consumer_secret     = 'goes here'
access_token        = 'access token code goes here'
access_token_secret = 'access secret goes here'
button = Button(14)
camera = PiCamera()
auth = tweepy.OAuthHandler(consumer_key, consumer_secret)
auth.set_access_token(access_token, access_token_secret)
api = tweepy.API(auth)

while True:
    status = "#LobsterWedding"
    timestamp =
    photo_path = '/home/pi/wedding/photo/%s.jpg' % timestamp

    with open(photo_path, 'rb') as photo:
        api.update_with_media(photo_path, status=status)


The status part of the code is what text you want to display with the picture I used a hashtag so it be easy for people to find pictures or even add theirs for the wedding.  If you are interested, lobsters are supposedly meant to mate and be loyal to the same partner for life.

photo_path is where the picture is stored in my case its stored in folder called wedding in another folder within called photo.  each file saved here is given a unique filename and the program then tweets the latest picture using the twitter api via tweepy.

I saved the file as and chmod +x the file.  Once in place I vnc'd into it opened up a terminal and ran and then left it.

So throughout the evening guests (and especially the younger ones) had something to do and even my selfie obsessed daughter had a go as you will see below.  Guests could look up what had been tweeted by the camera at @angelapawedding or by searching the hashtag #lobsterwedding.

Sure the code could be cleaned up a bit more and more could be done with it, but for a quick project between finalising the final parts of the wedding I thought it was pretty good and was also a good talking point to guests.

If you do find a way of tidying up code then feel free to comment below and I will add it to the blog.