owned this note
owned this note
Published
Linked with GitHub
https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
kek
https://yadi.sk/d/NJqzpqo_3GxZA4
Password = `Reeeeeeeeeeeeeee`
https://github.com/misterch0c/shadowbroker/
credits/complains: `jvoisin` @ `dustri.org`
# Implants
- DOUBLEPULSAR
- DarkSlyline: driver-powered backdoor
- UtilityBurst: driver (NT4 - 2K3) installer?
- strangeland:
- RideArea
- PITCHIMPAIR
- INCISION
- KISU
- SOLARTIME
- KISU: Kernel-level implant
- CORDIALFLIMSY
- Sentrytribe: Remote dll runner
- ScRE: Provides actions available to interact with databases
- DOUBLEFEATURE?
- ZBNG (3.4.0): x86 and x64
- Disable authentication
- Lists and duplicates process tokens for impersonation.
- Logs in as the specified user.
- Execute a command on a remote target
- Provides the ability to map a share, release a mapped share, list the current shares, and query the available shares
# Windows
- Eclipsedwing: ms08-067
- Educatedscholar: MS09-050
- Emeraldthread: Exploit for shared printers? Need ot be authenticated
- Eskimoroll: Pass the ticket/hash/password (works against windows 200,2003and 2008)
- Esteemaudit: RDP RCE?! (windows xp and 2003), based on smart-card authentication
- ESRO: Privesc
- Eternalchampion: RCE!? Runs against windows xp to windows8, x86 and x64
- EternalBlue: RCE too? Against windows xp, windows 7 and 2008
- ExtremeBail: Force user logon
## Legacy
- EXPIREDPAYCHECK:IIS 6 RCE
- EVADEFRED: IIS 6 RCE
- ETRE: IMail POP RCE
- ETBE: IMail RCE (7.04 - 8.05)
- ESSAYKEYNOTE: RCE (Anonymous for Window 2000 and XP SP0,SP1,authenticated for XPSP2)
- EAGERLEVER: (windows 9x, NT, 200, XP, 2003), via named pipe, anonymous
- ECPLISPEDWING: (windows 9x, NT, 200, XP, 2003), unanthenticated (pre-auth), RCE
- EASYFUN: Exploit for WorldClient, MDaemon, via IIS
# Privesc
# Oracle
- PassFreely: Bypasses authentication for Oracle servers
# Samba
- Erraticgopher: x64 (windows xp and 2003)
- Eternalromance: up to windows 7, authenticated
# Misc
- Englishmansdentist: OWA RCE, targets English, Korean, German and Chinese
- FUZZBUNCH: used to connect to DARKPULSAR
- DOPU used to connect to machines exploited by ETERNALCHAMPIONS
- EASYBEE: MDaemon email server vulnerability (0day?)
- PeddleCheap:
# IIS
- ExplodingCan: Pop a http-based backdoor, windows 2003, for IIS 6, same as https://www.rapid7.com/db/modules/exploit/windows/iis/iis_webdav_upload_asp ?
# LOTUS
- Ewokfrenzy: Exploit against domino (6.5.4 - 7.0.2) (unauthenticated)
- Emphasismine: Lotus domino (6.5.4 - 8.5.2)
- Easypie: RCE ? Windows xp,nt, 2000, 2003
# Checks
- ETERNALSYNERGY: Check if the target is vulnerbale to ETSY (authenticated)
- WorldClientTouch: Check if WorldClient is vulnerable
- SMBTOUCH: Check if the target is vuln to samba exploits like ETERNALSYNERGY, ETERNALBLUE, ETERNALROMANCE, ETERNALCHMAPION, and get various infos about it
- ERRATICGOPHERTOUCH: Check if the target is running some RPC, named Vimsvc
- IISTOUCH: Check if the running IIS version is vulnerable
- RPCOUTCH: Get info about windows via RPC, like versions
# TRACES
- `QUANTUM against EASTNETS employee network in Duabi 213.132.40.99`