Equation and a wave of massive 0day attacks leaks, Microsoft this minor vaginal bleeding-exploit warning-the black bar safety net

ID MYHACK58:62201785265
Type myhack58
Reporter 佚名
Modified 2017-04-15T00:00:00


Early in the morning get up and think of Sunny days still good? However cyberspace just gave birth to a wave of bomb has a blast! Shadow Brokers again leaked out a shocked the world of confidential documents, which contains a plurality of fine Windows Remote exploit tools, and can cover over 70% of Windows Server, a night between all Windows Server almost across the Board exposed to the danger, anyone can directly download and remote attack use, taking into account the many domestic universities, the government, state-owned enterprises there are even some Internet companies still using Windows Server, this event influence is the network of the earth shock. Currently known affected versions of Windows include, but are not limited to: Windows NT, Windows 2000(Yes, antique and also supports, Windows XP, Windows 2003, Windows Vista, Windows 7, Windows 8, Windows 2008, Windows 2008 R2, Windows Server 2012 SP0 for. The story is from a year ago speaking of, 2016 year 8 months there is a “Shadow Brokers” of the hacking group known as the invasion of the equation organization to steal a lot of confidential documents, and will be part of the file public to the Internet, the equation(Equation Group allegedly is the NSA the US National Security Agency) - affiliated hacker group, has a very high technical means. This portion is disclosed files include a lot of concealed underground hacking tools. In addition “Shadow Brokers” also retain a part of the file, going to a public auction sale to the highest bidder the bidder, the“Shadow Brokers” expected price is 100 million bitcoins worth close to 5 million mei'y. the This all sounds incredible, so much so that there was a lot of security experts for this event remain skeptical,“Shadow Brokers” of the auctions also it has been without success. GMT 2017 year 4 month 14 days late,“Shadow Brokers” finally could not resist, on Twitter to release them at the time the reserved portion of the file, the decompression password is “Reeeeeeeeeeeeeee” in. ! This file has three directories, namely“Windows”And“Swift” and “OddJob”, contains a bunch of impressive hack tool we pick a few important are listed below: the EXPLODINGCAN is IIS 6.0 remote exploit tool ETERNALROMANCE is SMB1 heavyweight use, you can attack to open the 445 port Windows XP, 2003, Vista, Windows 7, Windows 8, 2008, 2008 R2 and upgrade to the system permissions. In addition ERRATICGOPHER, a ETERNALBLUE, the ETERNALSYNERGY, the ETERNALCHAMPION, the EDUCATEDSCHOLAR, the EMERALDTHREAD, etc. are the SMB exploit programs, you can attack to open the 445 port of the Windows machine. ESTEEMAUDIT is the RDP Services Remote exploit tools, and can attack to open the 3389 port of the Windows machine. FUZZBUNCH is similar to a MetaSploit exploit platform. ODDJOB is not the antivirus software detects the Rootkit using tools. ECLIPSEDWING is Windows Server remote exploit tools. ESKIMOROLL is the Kerberos exploit attacks that can attack Windows 2000/2003/2008/2008 R2 domain controller. Not put it doesn't matter discharged to freak out a congregation of little friends. These files contain a plurality of Windows of God hole to use the tool, as long as the Windows Server to open 135 and 445 and 3389 which of the one port, there is a probability can directly be attacked, this is compared to the current year's MS08-067 vulnerability. Ah, so God hole already haven't and then the arena appears on the. Pulled out the Exp and tried a wave, it really is a dozen a quasi, these tools, screenshot as follows: ! ! ! ! In addition to the Windows outside,“Shadow Brokers” leaked data also show the equation attacks in the Middle East some use out of the Swift banking settlement system of the Bank. ! Mitigation measures All Windows servers, personal computers, including XP/2003/Win7/Win8, Win 10 best also not to drain too, all use a firewall filter on/off 137, and 139, and 445 port for 3389 Telnet, if you don't want to turn off, at least to turn off the smart card logon function. The rest is Please stable good mood, sit and wait for Microsoft the patch.