The Shadow Brokers Make Patching a Thing

Schtask

Limp Gawd
Joined
Nov 29, 2011
Messages
436
Enter EternalBlue and it's spawn, DoublePulsar. These tools are part of a nasty piece of kit recently released by the Shadow Brokers, giving Nation State power to cyber criminals around the globe. Essentially, this kit enables attackers to exploit ancient vulnerabilities present in operating systems from Windows XP to Server 2008. EternalBlue works by exploiting a remote code-execution bug in the latest version of Windows 2008 R2 (and everything prior) using the server message block and NetBT protocols. Once EternalBlue's handywork is complete, DoublePulsar steps in and establishes a comand and control (C2) channel using previously obscure features built in to SMB. Once a C2 channel is established an attacker is free to wreak as much havoc as they can handle.
 
Last edited:

Schtask

Limp Gawd
Joined
Nov 29, 2011
Messages
436
Well there goes my metasploit career. Time to upgrade to server2016 or back down to winNT. Ha!

Don't fret. I'm sure that Powershell Empire, Magic Unicorn, MSF, Burp Suite, ZAP, EtterCap, BetterCap, reGeorge and the rest will provide you with plenty of options for any operating system under the sun. :)
 

mdburkey

Limp Gawd
Joined
Jan 19, 2007
Messages
498
This is a pretty major vulnerability, but if anyone is still running an OS that old, directly on the internet without a firewall or with SMB opened up, then I really don't feel all that sorry for them. I have clients in their '80s who know enough to do better than this.
 

daglesj

Supreme [H]ardness
Joined
May 7, 2005
Messages
5,681
When I go through my router settings any service other than direct internet connection and firewall gets unticked.
 

Dead Parrot

2[H]4U
Joined
Mar 4, 2013
Messages
2,831
When I go through my router settings any service other than direct internet connection and firewall gets unticked.

Agreed. But it is really sad how many things expect that the perimeter device allows everything out. Games, IOT devices, OS and oddly some stock trading platforms will use seemingly random ports and protocols. Often, finding out what is an experience in frustration.
 
Top