WannaCry and EternalRocks Ransomware - Are you safe?

Last week “WannaCry” made headlines worldwide, and this week “EternalRocks” is all over the place. Ransomware like WannaCry and EternalRocks has gained its momentum lately in cyber-attack vector panicking millions of machines. WannaCry which was built from two of seven NSA (National Security Agency) tools leaked in 2013 impacted many health organizations in UK and around the globe. Luckily, accidental provision of Kill-Switch by the creator of WannaCry, made it's spread a bit slower where many of you would have benefited the precious time to patch your machines.

But be aware, EternalRocks has potential of causing more damage than WannaCry as EternalRocks leverages seven NSA SMB Exploit tools over two used by WannaCry. And, keep in mind, it doesn't have Kill-Switch which will make the exploit even worse. EternalRocks can literally outbreak anytime causing havoc in the digital world.

The only preventive measure you would think of against these ransomwares is to patch, patch and patch your systems (firewalls, windows machines) regularly and as soon as it's release. Now that you have patched against WannaCry and EternalRocks, wooooo! Great Job!, still wondering whether your RMM tool did patch your systems correctly or not, or you want to be 100% sure that your systems are correctly patched? Then i have answer to your question.

I have compiled few scripts from internet into one to help you in finding out whether your system is correctly patched or not against WannaCry and EternalRocks. Below is vbscript you are welcomed to copy and use. It is tested in Windows 7/Win2008 and above and doesn't not work in WinXP/Win2003.

https://pastebin.com/GM7TgTTHTo run it, copy and paste into notepad or notepad++ and save it as "patchdetect.vbs" and double click it.

WinXP or WinServer2003?

Should you need to find out in WinXP or Windows Server 2003, you'll have to get your hand dirty.
Bring up your command line in XP or 2003 machine by executing cmd.exe as Administrator.

Type below:wmic qfe get hotfixid | find "KB4012598"

Output:
KB4012598  #If you see this output, you are patched.

As of today, KB4012598 is the patch released by Microsoft for Windows XP or Server 2003. If you come across other patch, you can simply replace KB#number in command above to check.

It’s never too late to patch rather than having pain to loose million dollar worth data.

Good luck patching!

GIT - Source Control System in Action!

       If you are wondering how to get GIT Source or Version Control System working within minutes, you have landed to the right page. We'll go step by step on how to get GITlab appliance from Turnkey UP and running in your local environment with GIT over HTTP enabled. You'll also learn how to create new projects, add existing projects and keep track of your projects.

Requirements:

- TurnKey GITLab appliance

- VMWare/Virtual Box Client Setup in your local machine

- CentOS 7 VM as GIT client.

Lets start.

• Download Turnkey Gitlab OVA file from https://www.turnkeylinux.org/gitlab  and run it with VMWare workstation or vSpher
•  Increase memory of the appliance to at least 2GB and restart.
•  As the prompt asks, set your email id (user login for git HTTP), password, root password, mysql root password etc.
•             You can ignore default backup scheme of Turnkey.
    Screen will provide you with login URLs:
  
  
  ·         Go to web to access GIT HTTP.
  ·         Add new project
  
  
  
  
  By default there will be only one group “Administrator” where you can create first project.
  If you want to create different group, go to Groups on left menu and create another one.
  
  
  
  
  ·         Create SSH Key for access from local machine to GIT Server
  
  a.       To generate a new SSH key pair, use the following command:
  Git Bash on Windows / GNU/Linux / macOS:
  ssh-keygen -t rsa -C "your.email@example.com" -b 4096
  Windows:
  Alternatively on Windows you can download PuttyGen and follow this documentation article to generate a SSH key pair.
  b.      Next, you will be prompted to input a file path to save your SSH key pair to.
• If you don't already have an SSH key pair use the suggested path by pressing enter. Using the suggested path will normally allow your SSH client to automatically use the SSH key pair with no additional configuration.
  If you already have a SSH key pair with the suggested file path, you will need to input a new file path and declare what host this SSH key pair will be used for in your .ssh/config file, see Working with non-default SSH key pair paths for more information.
  a.       Once you have input a file path you will be prompted to input a password to secure your SSH key pair. It is a best practice to use a password for an SSH key pair, but it is not required and you can skip creating a password by pressing enter.
  Note: If you want to change the password of your SSH key pair, you can use ssh-keygen -p <keyname>.
  b.      The next step is to copy the public SSH key as we will need it afterwards.
  To copy your public SSH key to the clipboard, use the appropriate code below:
  macOS:
  pbcopy < ~/.ssh/id_rsa.pub
  GNU/Linux (requires the xclip package):
  xclip -sel clip < ~/.ssh/id_rsa.pub
  Windows Command Line:
  type %userprofile%\.ssh\id_rsa.pub | clip
  Git Bash on Windows / Windows PowerShell:
  cat ~/.ssh/id_rsa.pub | clip
  c.       The final step is to add your public SSH key to GitLab.
  Navigate to the 'SSH Keys' tab in your 'Profile Settings'. Paste your key in the 'Key' section and give it a relevant 'Title'. Use an identifiable title like 'Work Laptop - Windows 7' or 'Home MacBook Pro 15'.
  If you manually copied your public SSH key make sure you copied the entire key starting with ssh-rsa and ending with your email.
  
  
  
  ·         Set GIT global user in local machine as yourself (set your email exactly same as with GIT Profile)#git config --global user.name “Sam”#git config --global user.email sam@xyz.com

·         GIT Clone the repository created to your local machine.
#cd /root/
#git clone git@<GIT-Server-IP>:gitlab-admin/virtualhost-test1.git

·         Add a new file to GIT repo.
#cd test1
#ls –al   #check for .git folder
#touch newfile1
#git add newfile1
#git push –u origin master 

·         Add existing directory/project to GIT repo.
Create a new project in GIT “newproject-test1”

In your local machine, do following:
#cd existingdir1
#git init       //initialize existing project as GIT project
#git add .    //add everything under the project directory to GIT ready to be committed
#git commit –m “Commit new project for push to GIT server”

//add remote GIT server as default ready to push changes to Master
#git remote add origin git@<GIT-Server-IP>:gitlab-admin/newproject-test1.git

//verify connectivity to remote GIT project
#git remote –v  
//push changes to GIT Server Master project
#git push –u origin master