We will discuss about wannacry ransomware cyber attack and how to decrypt data which encrypted by wannacry.
The WannaCry ransomware began to spread across the all over the Internet on Friday May 12th, 2017. I took my phone to see the text from my friend, “What should we do to beware the ransomware?” My stomach tightened. It was time for friendly IT support.
Their home system was set to auto-install patches. All of their files were backed up remotely to a secure system and their firewall & malicious software protections were current.
I determined to share the steps that I use to protect my friend’s computer so that end users can better protect themselves when issues like the WannaCry ransomware crop up from time to time. If you are using a Windows operating system here is a helpful steps to follow.
Open Windows Update by clicking the Start button in the lower left corner. In the search box, type Update, and then, in the list of results, click Windows Update.
Click on Check for updates, and then wait while Windows looks for the latest updates for your computer.
Then turn on the automatic windows update
3. Click Install updates.
If you’re not of a mind to do thing automatically you can set it to manually install patches.
In the case of a user that has MacOS who might not be technically sound knowledge, have them click on the AppStore and select “update” next to the patches that need to be installed.
No matter what your platform of choice.
Make sure that you have malicious software protections installed and that they are kept up to date.
Your system firewall should deny inbound connections and anti-virus should be kept current.
While these programs are not a 100% guarantee, by any stretch of the imagination, they will help with the lot of the cruft that could negatively affect your systems.
How to Decrypt WannaCRY.
A tool under the name WanaKiwi is “able” to decrypt the data in the hands of the ransom software,But only if the user has not restarted or turned off the computer.
This condition must come from how the rudimentary software algorithm works. The researcher focused on the initial numbers stored in the random memory of the computer on which the software is based to perform the encryption process.
More generally and simply, the tool searches for these numbers and begins the process of decrypting encrypted data in advance, hence the importance of the above requirement, in addition to the reference of some other reports to another condition is not to take off new software after infection such as games and office applications which can damage the order Store those numbers on your computer’s memory by using that space for another program.
Note: The new tool works on both Windows 2008, 7, XP and Vista, and has been proven effective by some security companies. Another tool named WanaKey is based on the same principle
Link Download direct: Wanakiwi_0.2.zip or Wanakiwi.zip
Often I see people finding fault to the end users. Rather than do that, I preferred to share what should be done to better protect their systems. Hopefully, if we preserve to share more information like this it will help to better protect the home user.
The port number is a numeric identifier used to route packets to the correct application on a computer.
Just as Media Access Control (MAC) addresses are used to deliver frames to the correct physical computer or you can say to the network adapter.
And IP Addresses are used to route packets to the correct logical computer (x.x.x.x) , Port numbers are used to route a packet to the correct application after the packet has arrived at its destination computer.
We know that on a single computer/Server their are lots of applications are running.When a packet arrives at that server, it cannot be delivered to ust any application.For example, HTTP client requests are not going to be understood by an LDAP server application.
Port numbers range from 1 to 65,000.Most established Internet protocols have assigned port numbers,reffered to as well-known port numbers.
By this it is easy for firewall to allow or block request on particular port.
For example,if a firewall were configured to block port 80,HTTP clients would not be able to pass through the firewall and communicate with any internal virtual servers.You will have to open specific ports in order to let the proper traffic pass.
For an extra measure of security, you can usually change the port numbers that an application uses.For example,you might change your POP3 virtual server and all POP3 clients too use port 28,345 instead of the default 110.
The drawback of doing this is that you will have to manually chang any application that will need to communicate with the server.
This will give you a Domain User’s SID $objUser = New-Object System.Security.Principal.NTAccount(“DOMAIN_NAME”, “USER_NAME”) $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier]) $strSID.Value
Step 2: SID to Domain User
This will allow you to enter a SID and find the Domain User $objSID = New-Object System.Security.Principal.SecurityIdentifier ` (“ENTER-SID-HERE”) $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) $objUser.Value
Ever wanted a simple HTML report showing you the UP/DOWN status of your servers?
And for a little extra flavor how long that server has been up for?
Some basic disk information?
1. Download the script to your favorite location and name it Uptime.ps1
2. Open a Powershell prompt and type: Get-Help pathtoscript\Uptime.ps1 –Full
3. Edit PARAM section so that variables match your environment.
4. Edit $Key variable with random numbers, this is your encryption key.
5. Run it manually once, if you are using alternative credentials script will prompt you for password and save those credentials to a file.
To run as a scheduled task:
1. Create the scheduled task and set your trigger (hourly?)
2. For action the Executable should be Powershell.exe
3. For Arguments use: -ExecutionPolicy Bypass -File pathtoscript\Uptime.ps1
<#
.SYNOPSIS Simple HTML report generator for UP/DOWN status of servers.
.DESCRIPTION Create a simple UP/DOWN report, with length of uptime report in a simple HTML report. Also includes a “lowest” disk alert, showing you whichever disk has the lowest amount of disk space and how much that is (bar graph). There is also a detailed disk report you can click on to view.
Will accept an secondary credential and use that to gather information. The username and password are stored in an encrypted file in the path you designate.
Since this script is intended to be run from a scheduled task, it is important to modify the PARAM section to suit your needs.
How to Run: Make sure to run the script once on the server you intend to run the scheduled task. The script will prompt for the specified credential password on the first run (or any time you change the credential username). After that first run it will run without prompting.
*** IMPORTANT *** Required: Modify the $Key variable (line 74) to get unique encryption on your credentials.
.PARAMETER Name Will accept a comma seperated array of server names and if not specified default to load the server names from a text file. Make sure to edit the Param section to fit your environment. Will also accept object input from Get-ADComputer.
.PARAMETER AlertThreshold A number representing the % that free space has to go below to trigger an alert (changing the display to red).
.PARAMETER Path The output path and file name for the HTML report. Make sure to edit the Param section to fit your environment.
.PARAMETER Credential Specify the alternative credential
.PARAMETER PathToCred Path where the script will store the encrypted password file.
.EXAMPLE .\Uptime.ps1 Produces the report based on the servers in C:\utils\servers.txt and will save the report at c:\utils\uptime.html
.EXAMPLE .\Uptime.ps1 -Servers server1,server2,server3 -path \\webserver\share\uptimereport.html Will create the uptime report for servers 1,2 and 3 and save the report at \\webserver\share\uptimereport.html
.EXAMPLE .\Uptime.ps1 -Servers server1,server2,server3 -AlertThreshold 25 Will create the uptime report for servers 1,2 and 3 and if the lowest disk free percentage is below 25% it will show up in red.
.LINK http://community.spiceworks.com/scripts/show/1641-simple-server-uptime-report
.NOTES Author: Martin Pugh Twitter: @TheSurlyAdm1n Spiceworks: Martin9700 Blog: www.thesurlyadmin.com
Changelog 1.7 Added the ability to use alternative credentials. Added quite a bit of error handling and verbose output (if wanted). Added the ability for the script to accept pipeline input from Get-ADComputer as well as other pipeline items. 1.6 Added remaining disk information in a more detailed report below the primary status table. Click on the “Show Disk Detail Report” link to display the detailed report. 1.5 Added the “Lowest Disk Status” column. The script will now look at all disk volumes and report on the one with the lowest free disk space. It will so the free space as a percentage of the total. By default if that percentage drops below 10% it will “alert” and show that percentage in red. This setting is configurable using the -AlertThreshold parameter. 1.0 Initial release
#>
[CmdletBinding()]
Param ( [Parameter(ValueFromPipeline=$true, ValueFromPipelinebyPropertyName=$true)] [Alias(“Servers”)] [string[]]$Name = (Get-Content “c:\utils\servers.txt”), [int]$AlertThreshold = 10, [string]$Path = “c:\utils\uptime.html”, [string]$Credential = “surly\administrator”, [string]$PathToCred = “c:\utils”
)
Begin { Function Get-Credentials { Param ( [String]$AuthUser = $env:USERNAME ) $Key = [byte]29,36,18,74,72,75,85,52,73,44,0,21,98,76,99,28
#Build the path to the credential file $CredFile = $AuthUser.Replace(“\”,”~”) $File = $PathToCred + “\Credentials-$CredFile.crd” #And find out if it’s there, if not create it If (-not (Test-Path $File)) { (Get-Credential $AuthUser).Password | ConvertFrom-SecureString -Key $Key | Set-Content $File } #Load the credential file $Password = Get-Content $File | ConvertTo-SecureString -Key $Key $AuthUser = (Split-Path $File -Leaf).Substring(12).Replace(“~”,”\”) $AuthUser = $AuthUser.Substring(0,$AuthUser.Length – 4) $Credential = New-Object System.Management.Automation.PsCredential($AuthUser,$Password) Return $Credential }
Process { #Gather all computer names before processing ForEach ($Computer in $Name) { $AllComputers += $Computer }
}
End { #Sort the servers by name, then start getting information Write-Verbose “Sort server names and gather Credential information” $Name = $Name | Sort $DiskData = @()
If ($Credential) { $Cred = Get-Credentials $Credential }
ForEach ($Computer in $AllComputers) { Write-Verbose “Testing $Computer…” $ErrorReport = $null If (Test-Connection $Computer -Quiet) { #Set parameters for splat, determine if checking local $CredParameter = @{ ComputerName = $Computer ErrorAction = “Stop” } If ($Computer.ToUpper() -notlike “*$($env:COMPUTERNAME.ToUpper())*” -and $Cred) { $CredParameter.Add(“Credential”,$Cred) }
#Get uptime information Try { $WMI = Get-WmiObject Win32_OperatingSystem @CredParameter If ($WMI) { $Uptime = New-TimeSpan -Start $($WMI.ConvertToDateTime($WMI.LastBootUpTime)) -End (Get-Date) $UpText = “<td class=””up””>$($Uptime.Days)d, $($Uptime.Hours)h, $($Uptime.Minutes)m</td>” } Else { $UpText = “<td class=””up””>Up</td>” } #Get disk information and pretty up the data $Disks = Get-WmiObject Win32_LogicalDisk -Filter “DriveType=3” @CredParameter | Select ` @{LABEL=”Server”;EXPRESSION={$Computer}}, @{LABEL=”DriveLetter”;EXPRESSION={$_.DeviceID}}, @{LABEL=”Size”;EXPRESSION={[int](“{0:N0}” -f ($_.Size/1gb))}}, @{LABEL=”FreeSize”;EXPRESSION={[int](“{0:N0}” -f ($_.FreeSpace/1gb))}}, @{LABEL=”perUsed”;EXPRESSION={[int](“{0:N0}” -f ((($_.Size – $_.FreeSpace)/$_.Size)*100))}}, @{LABEL=”perFree”;EXPRESSION={[int](“{0:N0}” -f (100-(($_.Size – $_.FreeSpace)/$_.Size)*100))}}, VolumeName $DiskData += $Disks } Catch { Write-Verbose “Error encountered gathering information for $Computer” $ErrorReport = $Error[0] $Error.Clear | Out-Null }
#Disk Details Report Write-Verbose “WMI data gathered, making the report” $Servers = $DiskData | Select Server -Unique ForEach ($Server in $Servers) { $Server = $Server.Server $DiskDetailHTML += “<h3>$Server</h3>” $DiskDetailHTML += “<table>” $DiskDetailHTML += “<tr><th>Drive Letter</th><th>Volume Name</th><th>Total Disk Space</th><th>Used</th><th>Free</th><th style=””width:350px;””>Usage</th></tr>`n” $Disks = $DiskData | Where { $_.Server -eq $Server } | Sort DriveLetter ForEach ($Disk in $Disks) { $DiskDetailHTML += “<tr><td>$($Disk.DriveLetter)</td><td>$($Disk.VolumeName)</td><td>$($Disk.Size)gb</td><td>$($Disk.Size – $Disk.FreeSize)gb</td><td>$($Disk.FreeSize)gb</td>” If ($Disk.perFree -le $AlertThreshold) { $FreeClass = “red” } Else { $FreeClass = “free” } $DiskDetailHTML += “<td><div class=””green”” style=””width:$($Disk.perUsed)%””> </div><div class=””$FreeClass”” style=””width:$($Disk.perFree)%””>$($Disk.perFree)%</div></td></tr>`n” } $DiskDetailHTML += “</table><br>`n” }
#Combine all the HTML fragments and save to a file $HTML = $HeaderHTML + $DetailHTML + $DiskDetailHeaderHTML + $DiskDetailHTML + $FooterHTML $HTML | Out-File $Path
Let’s learn about automated nagios,which is pre-build ready with nagios,frontend and database installed monitoring for you…
What is “Fully Automated Nagios”?
Fully Automated Nagios (FAN) is a Linux distribution based on CentOS that comes pre-built with some of the most commonly used tools with Nagios. FAN comprises of a CentOS Linux distribution, Nagios Core, Centreon and Nagvis. All these tools are available in a pre-built iso image that can be downloaded from the official FAN website. FAN makes the configuration of Nagios very simple by using the Centreon Graphical User Interface
What is Nagios?
Nagios is a free open-source Monitoring System that can be used to monitor your Network and Server infrastructure. Nagios gives System Administrators the ability to notify support teams with service alerts automatically. System parameters such as CPU, Load, Memory, Processes, Disk Usage and System Logs can all be monitored. Nagios can monitor local hosts and remote hosts. Nagios can be used to monitor various platforms such as Linux, Unix and Microsoft’s Windows.
What is Centreon?
Centreon is a piece of software that provides a feature rich dashboard that allows administrators to easily configure software such as Nagios. Centreon provides a dashboard where you can add hosts, select system parameters to be monitored, create alerts and produce graphs with ease. No more manual configuration of files is necessary. In this example, we are using Centreon to configure our Nagios monitoring solution.
What is Nagvis?
Nagvis is a visualization add-on for Nagios. Nagvis can be used to display a visual representation (icons, maps, pictures) of your Nagios data, thus allowing you to display a quick overview of your servers, data centres or computer rooms.
Download FAN (Fully Automated Nagios)
Download Fully Automated Nagios From the above link, you must choose either a 32-bit or 64-bit version of the software. Once you have downloaded this software, you can either use the iso image directly to install into a virtualized environment such as VirtualBox or VMWare or you can choose to burn the iso image to a CD/DVD and then install directly onto a physical server or PC.
System Requirements
System requirements are dependant on whether you choose to use a standalone server installation or use a distributed server installation. Minimum system requirements: 4 GB free disk space 1 GB of RAM. 1 processor core Recommended system requirements 20 GB plus the required disk space recommended essentially for /var. Disk space needed by mysql and rrd files 2 processors core or hyper-thread for each virtualized CPU. 2 GB of RAM.
FAN Installation Guide
To install FAN, simply follow the steps below. In this example, I am using a 64-bit version and I am using Oracle’s VirtualBox software.
Installing Fully Automated Nagios
To start the installation process, place your iso image in the target systems optical drive or make your iso image available to your Virtualization software. If you are booting from a CD/DVD, you may need to alter the BIOS boot order. You will need to set this to boot from CD/DVD first. This is normally done by pressing the specified function key at system start-up. In the example that follows I have opted for a Standalone Server Installation.
FAN – Fully Automated Nagios
At this initial screen you can choose which components you wish to install. Simply enter you choice as specified. In this example I am installing the standalone version.
Choose Installation Language
From this next screen you need to select you language that you wish to use for this installation. In the example, I have selected “English”. Once you have made your selection, click “OK” to continue with the installation.
Choose Keyboard Type
At this screen simply choose your keyboard type. In this example, “UK” has been chosen. Once you have made your selection, click “OK” to continue with the installation.
Warning Message
At the following screen simply click “YES” to initialize your hard drives. Depending on your installation type (Physical/Virtual), you may not see this warning.
Select Partitioning Options
At this screen you need to select a partitioning option. Several are available to choose from: Default: Use free space on selected drives and use default layout remove all partitions on selected drives and create default layout remove all linux partitions on selected drives and create default layout create custom layout In this example I have chosen the “Default” option. From this screen, you may also choose to create a custom disk partition layout. You can also view the “Release Notes”. Once you have made your selection, click “Next” to continue with the installation.
Choose your Geo-Graphic Location
At this screen you need to select your location. This can be done by either clicking on the Map or selecting your time zone from the pull down menu. Once you have made your selection, click “Next” to continue.
Root Password
From this screen you need to supply a “root” password to be used for administering this system. Once you have entered your password, click “Next” to continue.
Installation in Progress……
Your FAN installation is now taking place. A slide show will now display some of the included monitoring software included within this installation image. Progress of the installation is indicated by the progress bar at the bottom of the screen.
Installation Complete
Congratulations, your installation is now complete. You will need to remove any media from your drives before rebooting your system.
Configuring your Network Interface
Once your system has rebooted, an interactive menu is displayed where you can configure your network. To configure the network, simply choose the “Network Configuration” option and click on “Run Tool”. Here you will be able to supply your network information such as IP address, Gateway and Subnet mask. If you don’t make a selection within a 30 second period, the screen will close and you will be taken to a command line. If you still need to configure your network settings, simply run the following command: “system-config-network“. You will now be displayed a network configuration menu.
Edit Devices
From this menu, select your network interface and press “Enter”.
Network Interface Parameters
From this menu you can choose to either use a “DHCP” configuration or manually configure a static IP address. In the example, a “DHCP” configuration has been selected. Once you have made your selections, click “OK”. Now select “Edit DNS Configuration”.
Configuring DNS and Hostname Parameters
From this menu you can supply a hostname for your system and specify which DNS servers to use for name resolution. Now click on “OK”. You will now be taken to a command line where you can login with your “root” account”. Once you have logged in, I normally carry out a reboot of the system to make sure the hostname is picked up and the IP address is also picked up. To reboot from the command line, simply issue the following reboot command: shutdown -r now
Login Screen
If all has gone well, you should now see a screen similar to the one below. Now you can login with your root password.
Determine IP Address
If you are using DHCP, you will need to find your IP address that has been allocated. To do this you can issue the command: ip a s This command will display your IP address, you may also have used the “ifconfig” command. In this example, we have been given the IP address of “192.168.0.19“. It is this IP address that we need to enter into a web browser.
Display FAN – Home page
Once you have identified your IP address, this can now be entered into a web browser of your choice. In the example, I am using Mozilla Firefox, however, you can use any modern browser to access your configuration screens. Now we can look at configuring some basic monitoring using Centreon in next article.
Dlightdaily : “ Post your valuable comments below to know more for nagios / fully automated nagios “ !
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.OkPrivacy policy
Recent Comments