/shadowbroker

The Shadow Brokers "Lost In Translation" leak

Primary LanguagePython

https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation http://archive.is/https://github.com/misterch0c/shadowbroker

The following files were deleted after this repository was reported because it contained "sensitive data":

  • /swift/00559_0_ENSBDVPN5-02AUG2013
  • /swift/00560_0_ENSBDVPN6-02AUG2013
  • /swift/00697_0_ENSBDVPN5-23AUG2013
  • /swift/00702_0_ENSBDVPN6-23AUG2013
  • /swift/Eastnets_Huge_Map_05_13_2010.vsd
  • /swift/ENSB%20UAE%20NW%20Topology%20V2.0.1339670413.vsd
  • swift/00503_0_254.242_2013mar02
  • swift/00546_0_ensbdasa-09aug2013
  • swift/00554_0_ensbdpix4-09aug2013
  • swift/00555_0_ensbdrtr1-2013aug09
  • swift/00566_2_FW1-Configuration.txt
  • swift/00566_3_SW1-Configuration.txt
  • swift/00566_4_SW2-Configuration.txt
  • swift/00708_0_ensbdasa1-31aug2013
  • swift/00710_0_ensbdfw1-2013sep06
  • swift/00711_0_ensbdfw3-2013sep06
  • swift/00713_0_ensbdfw4-2013sep06
  • swift/00715_0_ensbdfw5-2013sep06
  • swift/00720_0_ensbdpix3-31aug2013
  • swift/00725_0_ensbdpix4-31aug2013
  • swift/00727_0_ensbdpix5-31aug2013
  • swift/00729_0_ensbdrtr1-2013sep06
  • swift/DNS%20Zone%20Trans%202013_10_
  • swift/DNS%20Zone%20Trans%202013_10_
  • swift/NOC_firewall_passwords_30May2

Exploits

  • EARLYSHOVEL RedHat 7.0 - 7.1 Sendmail 8.11.x exploit
  • EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86.
  • ECHOWRECKER remote Samba 3.0.x Linux exploit.
  • EASYBEE appears to be an MDaemon email server vulnerability
  • EASYFUN EasyFun 2.2.0 Exploit for WDaemon / IIS MDaemon/WorldClient pre 9.5.6
  • EASYPI is an IBM Lotus Notes exploit that gets detected as Stuxnet
  • EWOKFRENZY is an exploit for IBM Lotus Domino 6.5.4 & 7.0.2
  • EXPLODINGCAN is an IIS 6.0 exploit that creates a remote backdoor
  • ETERNALROMANCE is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges (MS17-010)
  • EDUCATEDSCHOLAR is a SMB exploit (MS09-050)
  • EMERALDTHREAD is a SMB exploit for Windows XP and Server 2003 (MS10-061)
  • EMPHASISMINE is a remote IMAP exploit for IBM Lotus Domino 6.6.4 to 8.5.2
  • ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users
  • EPICHERO 0-day exploit (RCE) for Avaya Call Server
  • ERRATICGOPHER is a SMBv1 exploit targeting Windows XP and Server 2003
  • ETERNALSYNERGY is a SMBv3 remote code execution flaw for Windows 8 and Server 2012 SP0 (MS17-010)
  • ETERNALBLUE is a SMBv2 exploit for Windows 7 SP1 (MS17-010)
  • ETERNALCHAMPION is a SMBv1 exploit
  • ESKIMOROLL is a Kerberos exploit targeting 2000, 2003, 2008 and 2008 R2 domain controllers
  • ESTEEMAUDIT is an RDP exploit and backdoor for Windows Server 2003
  • ECLIPSEDWING is an RCE exploit for the Server service in Windows Server 2008 and later (MS08-067)
  • ETRE is an exploit for IMail 8.10 to 8.22
  • ETCETERABLUE is an exploit for IMail 7.04 to 8.05
  • FUZZBUNCH is an exploit framework, similar to MetaSploit
  • ODDJOB is an implant builder and C&C server that can deliver exploits for Windows 2000 and later, also not detected by any AV vendors
  • EXPIREDPAYCHECK IIS6 exploit
  • EAGERLEVER NBT/SMB exploit for Windows NT4.0, 2000, XP SP1 & SP2, 2003 SP1 & Base Release
  • EASYFUN WordClient / IIS6.0 exploit
  • ESSAYKEYNOTE
  • EVADEFRED

Utilities

  • PASSFREELY utility which "Bypasses authentication for Oracle servers"
  • SMBTOUCH check if the target is vulnerable to samba exploits like ETERNALSYNERGY, ETERNALBLUE, ETERNALROMANCE
  • ERRATICGOPHERTOUCH Check if the target is running some RPC
  • IISTOUCH check if the running IIS version is vulnerable
  • RPCOUTCH get info about windows via RPC
  • DOPU used to connect to machines exploited by ETERNALCHAMPIONS
  • NAMEDPIPETOUCH Utility to test for a predefined list of named pipes, mostly AV detection. User can add checks for custom named pipes.