WannaCRY Ransomware , How to keep your system safe

We will discuss about wannacry ransomware cyber attack and how to decrypt data which encrypted by wannacry.


The WannaCry ransomware began to spread across the all over the Internet on Friday May 12th, 2017. I took my phone to see the text from my friend, “What should we do to beware the ransomware?” My stomach tightened. It was time for friendly IT support.

Their home system was set to auto-install patches. All of their files were backed up remotely to a secure system and their firewall & malicious software protections were current.

I determined to share the steps that I use to protect my friend’s computer so that end users can better protect themselves when issues like the WannaCry ransomware crop up from time to time. If you are using a Windows operating system here is a helpful steps to follow.

Open Windows Update by clicking the Start button in the lower left corner. In the search box, type Update, and then, in the list of results, click Windows Update.


  1. Click on Check for updates, and then wait while Windows looks for the latest updates for your computer.

  2. Then turn on the automatic windows update


   3.  Click Install updates.


If you’re not of a mind to do thing automatically you can set it to manually install patches.

• Use this link to download update Manual :

MS17-010 Update for Windows 8.1
The first option is for 64bit system and another option for 32bit system
MS17-010 Update for Windows 10
The first option is a 32bit system and a second option for a 64bit system
Update link for MS17-010 for Windows 7 and Server 2008
Choose the first 64bit system choice or the second 32bit option.
Links Update for MS17-010 for Windows XP and Server2003 and 8

In the case of a user that has MacOS who might not be technically sound knowledge, have them click on the AppStore and select “update” next to the patches that need to be installed.



  •  No matter what your platform of choice.
  • Make sure that you have malicious software protections   installed and that they are kept up to date.
  • Your system firewall should deny inbound connections and anti-virus should be kept current.
  • While these programs are not a 100% guarantee, by any stretch of the imagination, they will help with the lot of the cruft that could negatively affect your systems.


How to Decrypt WannaCRY.


A tool under the name WanaKiwi is “able” to decrypt the data in the hands of the ransom software,But only if the user has not restarted or turned off the computer.

This condition must come from how the rudimentary software algorithm works. The researcher focused on the initial numbers stored in the random memory of the computer on which the software is based to perform the encryption process.

More generally and simply, the tool searches for these numbers and begins the process of decrypting encrypted data in advance, hence the importance of the above requirement, in addition to the reference of some other reports to another condition is not to take off new software after infection such as games and office applications which can damage the order Store those numbers on your computer’s memory by using that space for another program.

Note: The new tool works on both Windows 2008, 7, XP and Vista, and has been proven effective by some security companies. Another tool named WanaKey is based on the same principle
Link Download direct: Wanakiwi_0.2.zip or Wanakiwi.zip

For more information and reference.

Often I see people finding fault to the end users. Rather than do that, I preferred to share what should be done to better protect their systems. Hopefully, if we preserve to share more information like this it will help to better protect the home user.

20 Common Protocols and Their Well-Known Port Numbers

The port number is a numeric identifier used to route packets to the correct application on a computer.

Just as Media Access Control (MAC) addresses are used to deliver frames to the correct physical computer or you can say to the network adapter.

And IP Addresses are used to route packets to the correct logical computer (x.x.x.x) , Port numbers are used to route a packet to the correct application after the packet has arrived at its destination computer.

We know that on a single computer/Server their are lots of applications are running.When a packet arrives at that server, it cannot be delivered to ust any application.For example, HTTP client requests are not going to be understood by an LDAP server application.

Port numbers range from 1 to 65,000.Most established Internet protocols have assigned port numbers,reffered to as well-known port numbers.

By this it is easy for firewall to allow or block request on particular port.

For example,if a firewall were configured to block port 80,HTTP clients would not be able to pass through the firewall and communicate with any internal virtual servers.You will have to open specific ports in order to let the proper traffic pass.

For an extra measure of security, you can usually change the port numbers that an application uses.For example,you might change your POP3 virtual server and all POP3 clients too use port 28,345 instead of the default 110.

The drawback of doing this is that you will have to manually chang any application that will need to communicate with the server.



Powershell – How To – SID To User

Step 1: Domain User to SID

This will give you a Domain User’s SID
$objUser = New-Object System.Security.Principal.NTAccount(“DOMAIN_NAME”, “USER_NAME”)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

Step 2: SID to Domain User

This will allow you to enter a SID and find the Domain User
$objSID = New-Object System.Security.Principal.SecurityIdentifier `
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])


$objUser = New-Object System.Security.Principal.NTAccount(“LOCAL_USER_NAME”)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

Found on Spiceworks: https://community.spiceworks.com/how_to/2776-powershell-sid-to-user-and-user-to-sid?utm_source=copy_paste&utm_campaign=growth

Dlightdily : “ Have you any query ? , Post It below in comment box” !

windows script to check Server Uptime


Ever wanted a simple HTML report showing you the UP/DOWN status of your servers?

And for a little extra flavor how long that server has been up for?

Some basic disk information?

1. Download the script to your favorite location and name it Uptime.ps1

2. Open a Powershell prompt and type: Get-Help pathtoscript\Uptime.ps1 –Full

3. Edit PARAM section so that variables match your environment.

4. Edit $Key variable with random numbers, this is your encryption key.

5. Run it manually once, if you are using alternative credentials script will prompt you for password and save those credentials to a file.

To run as a scheduled task:

1. Create the scheduled task and set your trigger (hourly?)
2. For action the Executable should be Powershell.exe
3. For Arguments use: -ExecutionPolicy Bypass -File pathtoscript\Uptime.ps1


Source Code

This script has not been checked by Dlightdaily. Please understand the risks before using it.


     Simple HTML report generator for UP/DOWN status of servers.
     Create a simple UP/DOWN report, with length of uptime report in a simple HTML
     report.  Also includes a “lowest” disk alert, showing you whichever disk has the
     lowest amount of disk space and how much that is (bar graph).  There is also
     a detailed disk report you can click on to view.
     Will accept an secondary credential and use that to gather information.  The
     username and password are stored in an encrypted file in the path you designate.
     Since this script is intended to be run from a scheduled task, it is important
     to modify the PARAM section to suit your needs. 
     How to Run:
     Make sure to run the script once on the server you intend to run the scheduled
     task.  The script will prompt for the specified credential password on the first
     run (or any time you change the credential username).  After that first run it
     will run without prompting.
     *** IMPORTANT ***
     Required:  Modify the $Key variable (line 74) to get unique encryption on your
     Will accept a comma seperated array of server names and if not specified default
     to load the server names from a text file.  Make sure to edit the Param section
     to fit your environment.  Will also accept object input from Get-ADComputer.
.PARAMETER AlertThreshold
     A number representing the % that free space has to go below to trigger an alert
     (changing the display to red).
     The output path and file name for the HTML report.  Make sure to edit the Param
     section to fit your environment.
.PARAMETER Credential
     Specify the alternative credential
     Path where the script will store the encrypted password file.
     Produces the report based on the servers in C:\utils\servers.txt and will save the
     report at c:\utils\uptime.html
     .\Uptime.ps1 -Servers server1,server2,server3 -path \\webserver\share\uptimereport.html
     Will create the uptime report for servers 1,2 and 3 and save the report at
     .\Uptime.ps1 -Servers server1,server2,server3 -AlertThreshold 25
     Will create the uptime report for servers 1,2 and 3 and if the lowest disk free percentage
     is below 25% it will show up in red.
     Author:        Martin Pugh
     Twitter:       @TheSurlyAdm1n
     Spiceworks:    Martin9700
     Blog:          www.thesurlyadmin.com
         1.7        Added the ability to use alternative credentials.  Added quite a bit of error
                    handling and verbose output (if wanted).  Added the ability for the script to
                    accept pipeline input from Get-ADComputer as well as other pipeline items.
         1.6        Added remaining disk information in a more detailed report below the primary
                    status table.  Click on the “Show Disk Detail Report” link to display the detailed
         1.5        Added the “Lowest Disk Status” column.  The script will now look at all disk
                    volumes and report on the one with the lowest free disk space.  It will so the free
                    space as a percentage of the total.  By default if that percentage drops below 10%
                    it will “alert” and show that percentage in red.  This setting is configurable
                    using the -AlertThreshold parameter.
         1.0        Initial release
Param (
     [string[]]$Name = (Get-Content “c:\utils\servers.txt”),
     [int]$AlertThreshold = 10,
     [string]$Path = “c:\utils\uptime.html”,
     [string]$Credential = “surly\administrator”,
     [string]$PathToCred = “c:\utils”

Begin {
     Function Get-Credentials {
         Param (
             [String]$AuthUser = $env:USERNAME
         $Key = [byte]29,36,18,74,72,75,85,52,73,44,0,21,98,76,99,28
         #Build the path to the credential file
         $CredFile = $AuthUser.Replace(“\”,”~”)
         $File = $PathToCred + “\Credentials-$CredFile.crd”
         #And find out if it’s there, if not create it
         If (-not (Test-Path $File))
         {    (Get-Credential $AuthUser).Password | ConvertFrom-SecureString -Key $Key | Set-Content $File
         #Load the credential file
         $Password = Get-Content $File | ConvertTo-SecureString -Key $Key
         $AuthUser = (Split-Path $File -Leaf).Substring(12).Replace(“~”,”\”)
         $AuthUser = $AuthUser.Substring(0,$AuthUser.Length – 4)
         $Credential = New-Object System.Management.Automation.PsCredential($AuthUser,$Password)
         Return $Credential

    Write-Verbose “$(Get-Date): Script begins!”

    #Define static HTML
     $HeaderHTML = @”
<style type=’text/css’>
body { background-color:#DCDCDC;
table { border:1px solid gray;
   font:normal 12px verdana, arial, helvetica, sans-serif;
   border-collapse: collapse;
th { color:black;
   border: 1px solid black;
   font:normal 16px verdana, arial, helvetica, sans-serif;
   background-color: #6495ED;
td.up { background-color:#32CD32;
   border: 1px solid black;
td.down { background-color:#B22222;
   border: 1px solid black;
td { border: 1px solid black;
div.red { background-color:#B22222;
div.green { background-color:#32CD32;
div.free { background-color:#7FFF00;
a.detail { cursor:pointer;
<script type=’text/javascript’>
     document.getElementById(“ShowHideLink”).innerHTML=”<h6>Show Disk Detail Report</h6>”
function ShowHide() {
     if (document.getElementById(“diskdetail”).style.visibility==”visible”)
         document.getElementById(“ShowHideLink”).innerHTML=”<h6>Show Disk Detail Report</h6>”
         document.getElementById(“ShowHideLink”).innerHTML=”<h6>Hide Disk Detail Report</h6>”
<h1>Server Uptime Status Report</h1>
<table class=”Main”>
<tr><th style=”width:175px;”>Server Name</th><th style=”width:125px;”>Status</th><th style=”width:475px;”>Lowest Disk Status</th></tr>


    $DiskDetailHeaderHTML = @”
<a id=”ShowHideLink” class=”detail” onClick=”ShowHide()”></a>
<div id=”diskdetail”>
<h1>Disk Detail Report</h1><p>


    $FooterHTML = @”

    $AllComputers = @()

Process {
     #Gather all computer names before processing
     ForEach ($Computer in $Name)
     {   $AllComputers += $Computer

End {
     #Sort the servers by name, then start getting information
     Write-Verbose “Sort server names and gather Credential information”
     $Name = $Name | Sort
     $DiskData = @()

    If ($Credential)
     {   $Cred = Get-Credentials $Credential

    ForEach ($Computer in $AllComputers)
     {    Write-Verbose “Testing $Computer…”
         $ErrorReport = $null
         If (Test-Connection $Computer -Quiet)
         {    #Set parameters for splat, determine if checking local
             $CredParameter = @{
                 ComputerName = $Computer
                 ErrorAction = “Stop”
             If ($Computer.ToUpper() -notlike “*$($env:COMPUTERNAME.ToUpper())*” -and $Cred)
             {   $CredParameter.Add(“Credential”,$Cred)
             #Get uptime information
             Try {
                 $WMI = Get-WmiObject Win32_OperatingSystem @CredParameter
                 If ($WMI)
                 {    $Uptime = New-TimeSpan -Start $($WMI.ConvertToDateTime($WMI.LastBootUpTime)) -End (Get-Date)
                     $UpText = “<td class=””up””>$($Uptime.Days)d, $($Uptime.Hours)h, $($Uptime.Minutes)m</td>”
                 {    $UpText = “<td class=””up””>Up</td>”
                 #Get disk information and pretty up the data
                 $Disks = Get-WmiObject Win32_LogicalDisk -Filter “DriveType=3” @CredParameter | Select `
                     @{LABEL=”Size”;EXPRESSION={[int](“{0:N0}” -f ($_.Size/1gb))}},
                     @{LABEL=”FreeSize”;EXPRESSION={[int](“{0:N0}” -f ($_.FreeSpace/1gb))}},
                     @{LABEL=”perUsed”;EXPRESSION={[int](“{0:N0}” -f ((($_.Size – $_.FreeSpace)/$_.Size)*100))}},
                     @{LABEL=”perFree”;EXPRESSION={[int](“{0:N0}” -f (100-(($_.Size – $_.FreeSpace)/$_.Size)*100))}},
                 $DiskData += $Disks
             Catch {
                 Write-Verbose “Error encountered gathering information for $Computer”
                 $ErrorReport = $Error[0]
                 $Error.Clear | Out-Null
             #Create the simple Status table
             If ($ErrorReport)
             {   $UpText = “<td class=””down””>WMI Error</td>”
                 $DiskHTML = “<div class=””red””>$($Error[0])</div>”
             ElseIf ($Disks)
             {    $LowDisk = $Disks | Sort FreeSize | Select -First 1
                 If ($LowDisk.perFree -le $AlertThreshold)
                    {    $FreeClass = “red”
                 {    $FreeClass = “free”
                 $DiskHTML = “<div class=””green”” style=””width:$($LowDisk.perUsed)%””>$($LowDisk.DriveLetter) $($LowDisk.Size)gb ($($LowDisk.perUsed)% used)</div><div class=””$FreeClass”” style=””width:$($LowDisk.perFree)%””>$($LowDisk.FreeSize)gb free ($($LowDisk.perFree)%)</div>`n”
             {    $DiskHTML = “”
             $DetailHTML += “<tr><td>$Computer</td>$UpText<td>$DiskHTML</td></tr>`n”
         {    $DetailHTML += “<tr><td>$Computer</td><td class=””down””>DOWN</td><td class=””down””></td></tr>`n”

    #Disk Details Report
     Write-Verbose “WMI data gathered, making the report”
     $Servers = $DiskData | Select Server -Unique
     ForEach ($Server in $Servers)
     {    $Server = $Server.Server
         $DiskDetailHTML += “<h3>$Server</h3>”
         $DiskDetailHTML += “<table>”
         $DiskDetailHTML += “<tr><th>Drive Letter</th><th>Volume Name</th><th>Total Disk Space</th><th>Used</th><th>Free</th><th style=””width:350px;””>Usage</th></tr>`n”
         $Disks = $DiskData | Where { $_.Server -eq $Server } | Sort DriveLetter
         ForEach ($Disk in $Disks)
         {    $DiskDetailHTML += “<tr><td>$($Disk.DriveLetter)</td><td>$($Disk.VolumeName)</td><td>$($Disk.Size)gb</td><td>$($Disk.Size – $Disk.FreeSize)gb</td><td>$($Disk.FreeSize)gb</td>”
             If ($Disk.perFree -le $AlertThreshold)
             {    $FreeClass = “red”
             {    $FreeClass = “free”
             $DiskDetailHTML += “<td><div class=””green”” style=””width:$($Disk.perUsed)%””> </div><div class=””$FreeClass”” style=””width:$($Disk.perFree)%””>$($Disk.perFree)%</div></td></tr>`n”
         $DiskDetailHTML += “</table><br>`n”

    #Combine all the HTML fragments and save to a file
     $HTML = $HeaderHTML + $DetailHTML + $DiskDetailHeaderHTML + $DiskDetailHTML + $FooterHTML
     $HTML | Out-File $Path

    Write-Verbose “$(Get-Date): Script completed!”


Found on Spiceworks: https://community.spiceworks.com/scripts/show/1641-simple-server-status-report?utm_source=copy_paste&utm_campaign=growth

Nagios Automation


Let’s learn about automated nagios,which is pre-build ready with nagios,frontend and database installed monitoring for you…

What is “Fully Automated Nagios”?

Fully Automated Nagios (FAN) is a Linux distribution based on CentOS that comes pre-built with some of the most commonly used tools with Nagios. FAN comprises of a CentOS Linux distribution, Nagios Core, Centreon and Nagvis. All these tools are available in a pre-built iso image that can be downloaded from the official FAN website. FAN makes the configuration of Nagios very simple by using the Centreon Graphical User Interface

What is Nagios?

Nagios is a free open-source Monitoring System that can be used to monitor your Network and Server infrastructure. Nagios gives System Administrators the ability to notify support teams with service alerts automatically. System parameters such as CPU, Load, Memory, Processes, Disk Usage and System Logs can all be monitored. Nagios can monitor local hosts and remote hosts. Nagios can be used to monitor various platforms such as Linux, Unix and Microsoft’s Windows.

What is Centreon?

Centreon is a piece of software that provides a feature rich dashboard that allows administrators to easily configure software such as Nagios. Centreon provides a dashboard where you can add hosts, select system parameters to be monitored, create alerts and produce graphs with ease. No more manual configuration of files is necessary. In this example, we are using Centreon to configure our Nagios monitoring solution.

What is Nagvis?

Nagvis is a visualization add-on for Nagios. Nagvis can be used to display a visual representation (icons, maps, pictures) of your Nagios data, thus allowing you to display a quick overview of your servers, data centres or computer rooms.

Download FAN (Fully Automated Nagios)

Download Fully Automated Nagios
From the above link, you must choose either a 32-bit or 64-bit version of the software. Once you have downloaded this software, you can either use the iso image directly to install into a virtualized environment such as VirtualBox or VMWare or you can choose to burn the iso image to a CD/DVD and then install directly onto a physical server or PC.

System Requirements

System requirements are dependant on whether you choose to use a standalone server installation or use a distributed server installation.
Minimum system requirements:
4 GB free disk space
1 GB of RAM.
1 processor core
Recommended system requirements
20 GB plus the required disk space recommended essentially for /var. Disk space needed by mysql and rrd files
2 processors core or hyper-thread for each virtualized CPU.
2 GB of RAM.

FAN Installation Guide

To install FAN, simply follow the steps below. In this example, I am using a 64-bit version and I am using Oracle’s VirtualBox software.

Installing Fully Automated Nagios

To start the installation process, place your iso image in the target systems optical drive or make your iso image available to your Virtualization software. If you are booting from a CD/DVD, you may need to alter the BIOS boot order. You will need to set this to boot from CD/DVD first. This is normally done by pressing the specified function key at system start-up.
In the example that follows I have opted for a Standalone Server Installation.

FAN – Fully Automated Nagios

At this initial screen you can choose which components you wish to install. Simply enter you choice as specified. In this example I am installing the standalone version.
FAN Initial Boot Screen

Choose Installation Language

From this next screen you need to select you language that you wish to use for this installation. In the example, I have selected “English”. Once you have made your selection, click “OK” to continue with the installation.
FAN - Select Installation Language

Choose Keyboard Type

At this screen simply choose your keyboard type. In this example, “UK” has been chosen. Once you have made your selection, click “OK” to continue with the installation.
FAN - Select Keyboard Type

Warning Message

At the following screen simply click “YES” to initialize your hard drives. Depending on your installation type (Physical/Virtual), you may not see this warning.
FAN - Initialize Disk Message

Select Partitioning Options

At this screen you need to select a partitioning option. Several are available to choose from:
Default: Use free space on selected drives and use default layout
remove all partitions on selected drives and create default layout
remove all linux partitions on selected drives and create default layout
create custom layout
In this example I have chosen the “Default” option. From this screen, you may also choose to create a custom disk partition layout. You can also view the “Release Notes”. Once you have made your selection, click “Next” to continue with the installation.
FAN - Default Partitioning Layout

Choose your Geo-Graphic Location

At this screen you need to select your location. This can be done by either clicking on the Map or selecting your time zone from the pull down menu. Once you have made your selection, click “Next” to continue.
FAN - select your location

Root Password

From this screen you need to supply a “root” password to be used for administering this system. Once you have entered your password, click “Next” to continue.
FAN - Enter root password

Installation in Progress……

Your FAN installation is now taking place. A slide show will now display some of the included monitoring software included within this installation image. Progress of the installation is indicated by the progress bar at the bottom of the screen.
FAN - Installation in Progress

Installation Complete

Congratulations, your installation is now complete. You will need to remove any media from your drives before rebooting your system.
FAN - Installation Complete, Please reboot system

Configuring your Network Interface

Once your system has rebooted, an interactive menu is displayed where you can configure your network. To configure the network, simply choose the “Network Configuration” option and click on “Run Tool”. Here you will be able to supply your network information such as IP address, Gateway and Subnet mask. If you don’t make a selection within a 30 second period, the screen will close and you will be taken to a command line. If you still need to configure your network settings, simply run the following command:
You will now be displayed a network configuration menu.
FAN - Network Configuration

Edit Devices

From this menu, select your network interface and press “Enter”.
FAN - Edit Devices

Network Interface Parameters

From this menu you can choose to either use a “DHCP” configuration or manually configure a static IP address. In the example, a “DHCP” configuration has been selected.
Once you have made your selections, click “OK”. Now select “Edit DNS Configuration”.
FAN - Network Interface Parameters

Configuring DNS and Hostname Parameters

From this menu you can supply a hostname for your system and specify which DNS servers to use for name resolution. Now click on “OK”. You will now be taken to a command line where you can login with your “root” account”. Once you have logged in, I normally carry out a reboot of the system to make sure the hostname is picked up and the IP address is also picked up.
To reboot from the command line, simply issue the following reboot command: shutdown -r now
FAN - Network Interface Parameters

Login Screen

If all has gone well, you should now see a screen similar to the one below. Now you can login with your root password.
FAN - Root Login Screen

Determine IP Address

If you are using DHCP, you will need to find your IP address that has been allocated. To do this you can issue the command:
ip a s
This command will display your IP address, you may also have used the “ifconfig” command.
In this example, we have been given the IP address of ““. It is this IP address that we need to enter into a web browser.
FAN - Display IP address command

Display FAN – Home page

Once you have identified your IP address, this can now be entered into a web browser of your choice. In the example, I am using Mozilla Firefox, however, you can use any modern browser to access your configuration screens.
FAN - Display IP address command
Now we can look at configuring some basic monitoring using Centreon in next article.

Dlightdaily : “ Post your valuable comments below to know more for nagios / fully automated nagios “ !