This post is an attempt at listing only the exploits and their names from the last two Linux and Windows, Equation Group dumps.
EASYBEE EXPLOIT WINDOWS
We recommend ensuring the patches have been applied and systems rebooted for any of the above products which are accessible over the internet (namely RDP, SMB and IIS for Windows 2003 - 2013 Server).Īlternatively if you'd like to consider our Monthly Managed Penetration Testing Service, we can check vulnerable systems for you.It has been sometime since the Shadow Brokers released a major cache of tools and exploits used/created by the Equation Group. DOPU used to connect to machines exploited by ETERNALCHAMPIONS.RPCOUTCH get info about windows via RPC.IISTOUCH check if the running IIS version is vulnerable.ERRATICGOPHERTOUCH Check if the target is running some RPC.SMBTOUCH check if the target is vulnerable to samba exploits like ETERNALSYNERGY, ETERNALBLUE, ETERNALROMANCE.PASSFREELY utility which "Bypasses authentication for Oracle servers".EAGERLEVER NBT/SMB exploit for Windows NT4.0, 2000, XP SP1 & SP2, 2003 SP1 & Base Release.ODDJOB is an implant builder and C&C server that can deliver exploits for Windows 2000 and later, also not detected by any AV vendors.FUZZBUNCH is an exploit framework, similar to MetaSploit.ETCETERABLUE is an exploit for IMail 7.04 to 8.05.ETRE is an exploit for IMail 8.10 to 8.22.ECLIPSEDWING is an RCE exploit for the Server service in Windows Server 2008 and later (MS08-067).ESTEEMAUDIT is an RDP exploit and backdoor for Windows Server 2003.ESKIMOROLL is a Kerberos exploit targeting 2000, 2003, 20 R2 domain controllers.
EASYBEE EXPLOIT WINDOWS 7
EASYBEE EXPLOIT CODE
ETERNALSYNERGY is a SMBv3 remote code execution flaw for Windows 8 and Server 2012 SP0 (MS17-010).ERRATICGOPHER is a SMBv1 exploit targeting Windows XP and Server 2003.EPICHERO 0-day exploit (RCE) for Avaya Call Server.ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users.
ETERNALROMANCE is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges (MS17-010).EXPLODINGCAN is an IIS 6.0 exploit that creates a remote backdoor.EWOKFRENZY is an exploit for IBM Lotus Domino 6.5.4 & 7.0.2.EASYPI is an IBM Lotus Notes exploit that gets detected as Stuxnet.EASYFUN EasyFun 2.2.0 Exploit for WDaemon / IIS MDaemon/WorldClient pre 9.5.6.EASYBEE appears to be an MDaemon email server vulnerability.ECHOWRECKER remote Samba 3.0.x Linux exploit.EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86.EARLYSHOVEL RedHat 7.0 - 7.1 Sendmail 8.11.x exploit.Please note that some remote exploits are not patched by Microsoft, as they affect discontinued products and will remain vulnerable.Īn excerpt of the dump includes the following attacks: You can read more about the response and Microsoft Security Updates here: We wanted to let you know that over the break the NSA exploit toolkit for Microsoft was published online which included zero day remote code execution exploits for all modern Microsoft operating systems and popular products. We trust you had a relaxing Easter long weekend.