The Shadow Brokers Make Patching a Thing

Schtask

Schtask

Limp Gawd
Joined
Nov 29, 2011
Messages
436
Enter EternalBlue and it's spawn, DoublePulsar. These tools are part of a nasty piece of kit recently released by the Shadow Brokers, giving Nation State power to cyber criminals around the globe. Essentially, this kit enables attackers to exploit ancient vulnerabilities present in operating systems from Windows XP to Server 2008. EternalBlue works by exploiting a remote code-execution bug in the latest version of Windows 2008 R2 (and everything prior) using the server message block and NetBT protocols. Once EternalBlue's handywork is complete, DoublePulsar steps in and establishes a comand and control (C2) channel using previously obscure features built in to SMB. Once a C2 channel is established an attacker is free to wreak as much havoc as they can handle.
 
Last edited:
modi123 said:
Well there goes my metasploit career. Time to upgrade to server2016 or back down to winNT. Ha!
Click to expand...

Don't fret. I'm sure that Powershell Empire, Magic Unicorn, MSF, Burp Suite, ZAP, EtterCap, BetterCap, reGeorge and the rest will provide you with plenty of options for any operating system under the sun. :)
 
This is a pretty major vulnerability, but if anyone is still running an OS that old, directly on the internet without a firewall or with SMB opened up, then I really don't feel all that sorry for them. I have clients in their '80s who know enough to do better than this.
 
When I go through my router settings any service other than direct internet connection and firewall gets unticked.
 
daglesj said:
When I go through my router settings any service other than direct internet connection and firewall gets unticked.
Click to expand...

Agreed. But it is really sad how many things expect that the perimeter device allows everything out. Games, IOT devices, OS and oddly some stock trading platforms will use seemingly random ports and protocols. Often, finding out what is an experience in frustration.
 
You must log in or register to reply here.
Back
Top