exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files from Equation Group

First Active2017-05-17
Last Active2024-08-31
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
Posted Aug 31, 2024
Authored by Shadow Brokers, Equation Group, sleepya, zerosum0x0 | Site metasploit.com

This Metasploit module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec command execution is done. Exploits a type confusion between Transaction and WriteAndX requests and a race condition in Transaction requests, as seen in the EternalRomance, EternalChampion, and EternalSynergy exploits. This exploit chain is more reliable than the EternalBlue exploit, but requires a named pipe.

tags | exploit, vulnerability
advisories | CVE-2017-0143, CVE-2017-0146, CVE-2017-0147
SHA-256 | 85f7be9f5b7dd3973e4342da614902e3f9e549b103eca459d09616e3f3e4d2af
Cisco ASA Authentication Bypass (EXTRABACON)
Posted Aug 31, 2024
Authored by Sean Dillon, Zachary Harding, Shadow Brokers, Dylan Davis, Equation Group, William Webb, Nate Caroe, Jeff Jarmoc | Site metasploit.com

This Metasploit module patches the authentication functions of a Cisco ASA to allow uncredentialed logins. Uses improved shellcode for payload.

tags | exploit, shellcode
systems | cisco
advisories | CVE-2016-6366
SHA-256 | ac78a9f2d7331bfc6089f521bb49fc475153b66e3c5eb8ac274c23830a542a52
Microsoft Windows RRAS Service MIBEntryGet Overflow
Posted Mar 5, 2021
Authored by Brendan Coles, Shadow Brokers, Equation Group, Victor Portal | Site metasploit.com

This Metasploit module exploits an overflow in the Windows Routing and Remote Access Service (RRAS) to execute code as SYSTEM. The RRAS DCERPC endpoint is accessible to unauthenticated users via SMBv1 browser named pipe on Windows Server 2003 and Windows XP hosts; however, this module targets Windows Server 2003 only. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well.

tags | exploit, remote, overflow
systems | windows
advisories | CVE-2017-8461
SHA-256 | 0ae2b9ea7eebb2360a416f9ca767c77a6dbd884480e2109006104ebb2c2a7cb2
RDP DOUBLEPULSAR Remote Code Execution
Posted Feb 4, 2020
Authored by Luke Jennings, Spencer McIntyre, wvu, Tom Sellers, Shadow Brokers, Equation Group | Site metasploit.com

This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for RDP. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant.

tags | exploit, code execution
SHA-256 | f0ef0fcf7c306ca7fdaac1b457a5965fc0fb4660b034334c65eb4de1b10073d7
SMB DOUBLEPULSAR Remote Code Execution
Posted Feb 4, 2020
Authored by Luke Jennings, wvu, Shadow Brokers, Equation Group, zerosum0x0, Jacob Robles | Site metasploit.com

This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant.

tags | exploit, code execution
advisories | CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148
SHA-256 | cf5398db6da1a49ffbf7822090a6afa83e60a3b163c1dbfa4962e518d4e655f6
DOUBLEPULSAR Payload Execution / Neutralization
Posted Oct 1, 2019
Authored by Luke Jennings, wvu, Shadow Brokers, Equation Group, zerosum0x0, Jacob Robles | Site metasploit.com

This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant.

tags | exploit, code execution
advisories | CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148
SHA-256 | 28ae33e9b8acc6b5e5cf2cd7d546782a77c489178bc2073d4ed3ffe0a56a2291
MS17-010 EternalRomance / EternalSynergy / EternalChampion SMB Remote Windows Code Execution
Posted Feb 3, 2018
Authored by Shadow Brokers, Equation Group, sleepya, zerosum0x0 | Site metasploit.com

This Metasploit module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec payload code execution is done. Exploits a type confusion between Transaction and WriteAndX requests and a race condition in Transaction requests, as seen in the EternalRomance, EternalChampion, and EternalSynergy exploits. This exploit chain is more reliable than the EternalBlue exploit, but requires a named pipe.

tags | exploit, vulnerability, code execution
advisories | CVE-2017-0143, CVE-2017-0146, CVE-2017-0147
SHA-256 | 77604488f33765e26b911f571e2011c59ddbaa3a8165e52e5cdbb9a739f4fb99
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
Posted May 17, 2017
Authored by Sean Dillon, Shadow Brokers, Dylan Davis, Equation Group | Site metasploit.com

This Metasploit module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is subtracted into a WORD. The kernel pool is groomed so that overflow is well laid-out to overwrite an SMBv1 buffer. Actual RIP hijack is later completed in srvnet!SrvNetWskReceiveComplete. This exploit, like the original may not trigger 100% of the time, and should be run continuously until triggered. It seems like the pool will get hot streaks and need a cool down period before the shells rain in again.

tags | exploit, overflow, shell, kernel
advisories | CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148
SHA-256 | fcd672e1db61c5667abd4ad7d59c77b0f8210801d49bddeb68652ed4c77084d2
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close