15 matches found
Exploit for Classic Buffer Overflow in Microsoft
ExplodingCan An implementation of ExplodingCan's exploit extracted from FuzzBunch, the "Metasploit" of the NSA. Details Vulnerability: Microsoft IIS WebDav 'ScStoragePathFromUrl' Remote Buffer Overflow CVE: CVE-2017-7269 Disclosure date: March 31 2017 Affected product: Microsoft Windows Server 20...
DarkPulsar FAQ
What's it all about? In March 2017, a group of hackers calling themselves "the Shadow Brokers" published a chunk of stolen data that included two frameworks: DanderSpritz and FuzzBunch. The Fuzzbunch framework contains various types of plugins designed to analyze victims, exploit vulnerabilities,...
DarkPulsar
In March 2017, the ShadowBrokers published a chunk of stolen data that included two frameworks: DanderSpritz and FuzzBunch. DanderSpritz consists entirely of plugins to gather intelligence, use exploits and examine already controlled machines. It is written in Java and provides a graphical window...
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
This module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is subtracted in...
NSA's EternalBlue Exploit Ported to Windows 10
The NSA’s EternalBlue exploit has been ported to Windows 10 by white hats, meaning that every unpatched version of the Microsoft operating system back to Windows XP—and likely earlier—can be affected by one of the most powerful attacks ever made public. Researchers at RiskSense, among the first t...
Microsoft Windows EternalSynergy SMB Remote Code Execution
A remote code execution vulnerability exist in Microsoft Server Message Block SMB. The vulnerability is due to the way SMB service handles certain requests. The Fuzzbunch tool uses SMBTouch to scan for vulnerabilities, allows attackers to execute this exploit. An attacker who successfully exploit...
Microsoft Windows Eternalchampion SMB Remote Code Execution
A remote code execution vulnerability exist in Microsoft Server Message Block SMB. The vulnerability is due to the way SMB service handles certain requests. The Fuzzbunch tool allows attackers to execute this exploit. An attacker who successfully exploits this vulnerability can execute arbitrary...
Microsoft Windows EsteemAudit RDP Remote Code Execution (CVE-2017-0176; CVE-2017-9073)
A remote code execution vulnerability exist in Microsoft Remote Desktop Protocol RDP. The vulnerability is due to the Windows Smart Card logon mechanism allowing a buffer overflow. The Fuzzbunch tool allows attackers to execute this exploit. An attacker who successfully exploits this vulnerabilit...
Microsoft Windows MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption Exploit
This Metasploit module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is...
Microsoft Windows DoublePulsar SMB Remote Code Execution
A remote code execution vulnerability exist in Microsoft Server Message Block SMB. The vulnerability is due to the way SMB service handles certain requests. The Fuzzbunch tool allows attackers to execute this exploit. An attacker who successfully exploits this vulnerability can execute arbitrary...
Microsoft Windows Eclipsedwing RPC Buffer Overflow (CVE-2008-4250)
A remote code execution vulnerability exist in Microsoft Remote Procedure Call RPC. The vulnerability is due to the way RPC service handles certain requests. The Fuzzbunch tool allows attackers to execute this exploit. An attacker who successfully exploits this vulnerability can execut arbitrary...
Microsoft Windows Eternalromance SMB Remote Code Execution
A remote code execution vulnerability exist in Microsoft Server Message Block SMB. The vulnerability is due to the way SMB service handles certain requests. The Fuzzbunch tool allows attackers to execute this exploit. An attacker who successfully exploits this vulnerability can execute arbitrary...
Microsoft Windows EternalBlue SMB Remote Code Execution
A remote code execution vulnerability exists in Microsoft Server Message Block SMB. The vulnerability is due to the way SMB service handles certain requests. The Fuzzbunch tool allows attackers to execute this exploit. An attacker who successfully exploits this vulnerability can execute arbitrary...
NSA's DoublePulsar Kernel Exploit In Use Internet-Wide
If you’re on a red team or have been on the receiving end of a pen-test report from one, then you’ve almost certainly encountered reports of Windows servers vulnerable to Conficker MS08-067, which has been in the wild now for nearly 10 years since the bug was patched. A little more than two weeks...
The Shadow Brokers Leaked Exploits Explained
The Rapid7 team has been busy evaluating the threats posed by last Fridays Shadow Broker exploit and tool release and answering questions from colleagues, customers, and family members about the release. We know that many people have questions about exactly what was released, the threat it poses,...