1/8/2024 0 Comments Easybee exploit![]() ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client’s side to send an email to other users.EMPHASISMINE is a remote IMAP exploit for IBM Lotus Domino 6.6.4 to 8.5.2.EMERALDTHREAD is a SMB exploit for Windows XP and Server 2003 (MS10-061).EDUCATEDSCHOLAR is a SMB exploit (MS09-050).ETERNALROMANCE is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges (MS17-010).EXPLODINGCAN is an IIS 6.0 exploit that creates a remote backdoor.EWOKFRENZY is an exploit for IBM Lotus Domino 6.5.4 & 7.0.2.EASYPI is an IBM Lotus Notes exploit that gets detected as Stuxnet.EASYFUN EasyFun 2.2.0 Exploit for WDaemon / IIS MDaemon/WorldClient pre 9.5.6.EASYBEE appears to be an MDaemon email server vulnerability.ECHOWRECKER remote Samba 3.0.x Linux exploit.EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86.EARLYSHOVEL RedHat 7.0 – 7.1 Sendmail 8.11.x exploit.The following is the list of the leaked exploits: The following GitHub repository – – in its README file, describes in detail all the exploits included in the stash. In the “windows” directory there is also an exploits directory that includes some of the most interesting exploits. The use of such a terminal is pretty much similar to the use of the Metasploit framework, including the command “use” plus the exploits or implant you would like to configure. Once the checks complete successfully, the terminal ends up on a prompt fb>. (Note: IP addresses and other potentially sensitive information in this image and our images in this post have been obfuscated) So I decided to launch it in an old Windows XP box, installed Python 2.6 on it and installed the required dependencies (pypiWin32), and then execute it with: python fb.pyĪfter a number of system-related checks, the prompt asks for the default attack box IP and the related callback listener IP. I first tried to deploy and execute it on a Kali box, but I realized right away that this was coded to be executed on a Windows 32 bit host. I tried to set it up on my lab to play with. oddjob: it contains documents related to the ODDJOB backdoor and CNC creator.įirst, I found it very interesting playing with fuzzbunch, which is the Equation Group’s exploitation framework, very similar to the Metasploit framework, but written in python instead of ruby.swift: it contains operational notes from banking attacks on the SWIFT network.windows: this contains Windows exploits, implants and payloads, including the fuzzbunch exploitation framework.If you look at the first GitHub repository, it is divided into three directories: These are repositories created with the original tools downloaded from (Originally posted from #ShadowBrokers) This is my analysis and commentary of The Shadow Brokers’ latest leak.įirst of all, for the people interested in playing with the tools, these are the two relevant repositories, on GitHub: This hacking tools leak belonging to the Equation Group includes particularly interesting Windows 0-day exploits, implant tools and backdoors used in the widespread exploitation (DoublePulsar), and other 1-day exploits. This widespread exploitation prompted me to release this blog post that I have been mulling for a while.Īs part of the Equation Group’s hacking tools stash, leaked last week by The Shadow Brokers group, this is the latest installment of several leaks featuring network devices vulnerabilities and exploits, Linux and Unix vulnerabilities, and exploits. According to the The Register’s article, last week we started assisting to the widespread exploitation of The Shadow Brokers’ leaked Windows exploits, compromising thousands of vulnerable hosts over the Internet.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |