Skip to content

Instantly share code, notes, and snippets.

@dfirfpi

dfirfpi/wanna_sink_check.py

Last active March 20, 2018 13:50
Show Gist options
  • Save dfirfpi/54cae73f590be7e3b06c05436d368f79 to your computer and use it in GitHub Desktop.
Save dfirfpi/54cae73f590be7e3b06c05436d368f79 to your computer and use it in GitHub Desktop.
Download ZIP
Check if WannaCry SinkHole is reachable, as per its code.
Raw
wanna_sink_check.py
from __future__ import print_function
import ctypes
DLL_KERNEL32 = ctypes.windll.kernel32
DLL_WININET = ctypes.windll.wininet
handle_inet = DLL_WININET.InternetOpenA(None, 1, None, None, None)
response = DLL_WININET.InternetOpenUrlA(
handle_inet,
'http://iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/',
None,
None,
0x84000000,
None)
if response:
print('SinkHole reachable')
DLL_WININET.InternetCloseHandle(response)
else:
print('SinkHole NOT reachable!!')
DLL_WININET.InternetCloseHandle(handle_inet)
@mgc323
Copy link

mgc323 commented May 13, 2017

Slight change to the module definitions for Python 3. Hope this helps someone.

from urllib.request import urlopen
from urllib.error import URLError

url = 'http://iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/'

def sinkholetest(endpoint):
    try:
        urlopen(endpoint).read()
        print ('WannaCry Sinkhole was reached')
    except URLError as e:
        print ('WannaCry Sinkhole not reachable')
    return

sinkholetest(url)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment