Thread: NSA Exploit Kit (Decrypted Files)
View Single Post
  #1  
Old 04-09-2017, 10:22
TechLord TechLord is offline
Banned User
  
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 759
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,022 Times in 571 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Talking NSA Exploit Kit (Decrypted Files) - AUCTION FILE Archive
NSA Exploit Kit (Decrypted Files) - Confirmed by Snowden Himself on TWITTER to be the REAL DEAL :


As can be seen from this news article from August last year :

Hackers Steal NSA Exploit Kit and Put it up for Auction , there were TWO sets of archives that contained the "Spying Tools" of the NSA.

The FREE version was made available last year itself.

The OTHER one (nicknamed the "Auction Version") was been sold for huge sums of money (Around 100 bitcoins).

Yesterday, the decrypted files from the AUCTION version were also released.

Link to Decrypted Version of the AUCTION FILES ARCHIVE files :

Code:
https://github.com/x0rz/EQGRP
The Decryption Key (If needed) is :

Code:
CrDj"(;Va.*NdlnzB9M?@K2)#>deB7mN


The FREE version also can be got here, for your convenience :
Code:
https://github.com/atiger77/EQGRP-Free-Files
Password for the FREE file archive (If needed) :
Code:
theequationgroup
EDIT on 15 April 2017 : Added New Material :


The Shadow Brokers "Lost In Translation" leak :

Code:
https://github.com/misterch0c/shadowbroker/
[QUOTE]Contents of this archive :

Quote:
Exploits

EARLYSHOVEL RedHat 7.0 - 7.1 Sendmail 8.11.x exploit
EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86.
ECHOWRECKER remote Samba 3.0.x Linux exploit.
EASYBEE appears to be an MDaemon email server vulnerability
EASYPI is an IBM Lotus Notes exploit that gets detected as Stuxnet
EWOKFRENZY is an exploit for IBM Lotus Domino 6.5.4 & 7.0.2
EXPLODINGCAN is an IIS 6.0 exploit that creates a remote backdoor
ETERNALROMANCE is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges (MS17-010)
EDUCATEDSCHOLAR is a SMB exploit (MS09-050)
EMERALDTHREAD is a SMB exploit for Windows XP and Server 2003 (MS10-061)
EMPHASISMINE is a remote IMAP exploit for IBM Lotus Domino 6.6.4 to 8.5.2
ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users
EPICHERO 0-day exploit (RCE) for Avaya Call Server
ERRATICGOPHER is a SMBv1 exploit targeting Windows XP and Server 2003
ETERNALSYNERGY is a SMBv3 remote code execution flaw for Windows 8 and Server 2012 SP0 (MS17-010)
ETERNALBLUE is a SMBv2 exploit for Windows 7 SP1 (MS17-010)
ETERNALCHAMPION is a SMBv1 exploit
ESKIMOROLL is a Kerberos exploit targeting 2000, 2003, 2008 and 2008 R2 domain controllers
ESTEEMAUDIT is an RDP exploit and backdoor for Windows Server 2003
ECLIPSEDWING is an RCE exploit for the Server service in Windows Server 2008 and later (MS08-067)
ETRE is an exploit for IMail 8.10 to 8.22
FUZZBUNCH is an exploit framework, similar to MetaSploit
ODDJOB is an implant builder and C&C server that can deliver exploits for Windows 2000 and later, also not detected by any AV vendors

Utilities

PASSFREELY utility which "Bypasses authentication for Oracle servers"
SMBTOUCH check if the target is vulnerable to samba exploits like ETERNALSYNERGY, ETERNALBLUE, ETERNALROMANCE
ERRATICGOPHERTOUCH Check if the target is running some RPC
IISTOUCH check if the running IIS version is vulnerable
RPCOUTCH get info about windows via RPC
DOPU used to connect to machines exploited by ETERNALCHAMPIONS
Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg can be downloaded here :

Code:
https://github.com/x0rz/EQGRP_Lost_in_Translation
Original post from the #ShadowBrokers :
Code:
https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
Read also :

Code:
https://www.emptywheel.net/
and

Do note that according to this post, none of the published exploits stolen from the National Security Agency work against currently supported Microsoft products.

This is according to a Microsoft blog post published late Friday night.


Mysterious Microsoft patch killed 0days released by NSA-leaking Shadow Brokers

Microsoft fixed critical vulnerabilities in uncredited update released in March.

Quote:
Details of patches released by Microsoft :

Microsoft provided the following table showing when various vulnerabilities were patched:
Code Name Solution
“EternalBlue” Addressed by MS17-010
“EmeraldThread” Addressed by MS10-061
“EternalChampion” Addressed by CVE-2017-0146 & CVE-2017-0147
“ErraticGopher” Addressed prior to the release of Windows Vista
“EsikmoRoll” Addressed by MS14-068
“EternalRomance” Addressed by MS17-010
“EducatedScholar” Addressed by MS09-050
“EternalSynergy” Addressed by MS17-010
“EclipsedWing” Addressed by MS08-067
Full article here .

ADDED 17 April 2017 :
Table showing Details of the Exploits and the Versions of OS-es they are Effective Against :

View it HERE .

A copy is also attached to this post.
Last edited by TechLord; 02-26-2018 at 07:10.
Reply With Quote
The Following 12 Users Say Thank You to TechLord For This Useful Post:
abhi93696 (04-17-2017), atom0s (04-09-2017), chants (04-10-2017), cjack (04-16-2017), demon_da (05-08-2017), evlncrn8 (04-09-2017), MOV_EDI_EDI (04-27-2017), niculaita (04-09-2017), ph03n1x (06-24-2017), Shub-Nigurrath (04-10-2017), tonyweb (04-09-2017), uranus64 (04-15-2017)