Skip to content

Instantly share code, notes, and snippets.

@thomhastings
Last active September 29, 2022 05:33
Show Gist options
  • Save thomhastings/4cddfc1d00c43e1b0b60bd6076c6c0a3 to your computer and use it in GitHub Desktop.
Save thomhastings/4cddfc1d00c43e1b0b60bd6076c6c0a3 to your computer and use it in GitHub Desktop.
#!/usr/bin/env bash
# Notes on EQGRP-Auction-Files.zip
# ================================
# This is for earlier Linux & Firewall exploits, for Windows see below
# context: https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1
# history: https://en.wikipedia.org/wiki/The_Shadow_Brokers
# DOWNLOAD: https://voat.co/v/news/comments/1232497
if [ ! -e "EQGRP-Auction-Files.zip" ]
then
echo "You need to run this script in the same directory as a copy of the original EQGRP-Auction-Files.zip, try here: https://voat.co/v/news/comments/1232497"
else
mkdir EQGRP
unzip EQGRP-Auction-Files.zip -d EQGRP
cd EQGRP
gpg --decrypt --passphrase 'theequationgroup' --output eqgrp-free-file.tar.xz eqgrp-free-file.tar.xz.gpg
tar -Jxvf eqgrp-free-file.tar.xz
gpg --decrypt --passphrase 'CrDj"(;Va.*NdlnzB9M?@K2)#>deB7mN' --output eqgrp-auction-file.tar.xz eqgrp-auction-file.tar.xz.gpg
tar -Jxvf eqgrp-auction-file.tar.xz
ls -al
echo ";)"
fi

Notes on Shadow Brokers EQGRP-LiT

credit: @GossiTheDog: "If you want to setup FUZZBUNCH (the Equation exploit framework) you need Win7 VM + Python 2.6 + Pywin 2.6, then python fb.py for shell"
h/t @x0rz @DEYCrypt @hackerfantastic

HOW 2 SETUP + INSTALL FUZZBUNCH & DANDERSPRITZ

context: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
writeup: https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/
decrypted files: https://github.com/x0rz/EQGRP_Lost_in_Translation
750BTC: https://bit.surf:43110/theshadowbrokers.bit/page/windows/ if its up

install Windows xp/7 32-bit
turn windows firewall off?

install Python 2.6: https://www.python.org/ftp/python/2.6.6/python-2.6.6.msi
(be sure to install Python to your PATH environment variable!)
install Pywin 2.6: https://sourceforge.net/projects/pywin32/files/pywin32/Build%20221/pywin32-221.win32-py2.6.exe/download

Download Framework: https://github.com/x0rz/EQGRP_Lost_in_Translation/archive/master.zip
unzip the archive ...
cd windows
mkdir listeningposts
python fb.py

screenshot

Can be run under Wine: https://github.com/knightmare2600/ShadowBrokers

DanderSpritz:
install Java 1.6: http://www.oldversion.com/windows/java-platform/
python start_lp.py
(calls Start.jar)

personal prefer Win32 Command Prompt Replacement: https://github.com/cbucher/console

@thomhastings
Copy link
Author

thomhastings commented Apr 16, 2017

Best lead I have on resolving that issue is the twitter conversation here: https://twitter.com/Ylujion/status/853311498495676417

Edit:
A blog post on using DanderSpritz: https://hackernoon.com/a-quick-look-at-the-nsa-exploits-dander-spiritz-trojan-1b5428b0ee65

@Q8Cracker
Copy link

hey fsacer

just click on java file inside shadawbrokers windows folder called "start"

@dxy3321
Copy link

dxy3321 commented May 4, 2017

hey fsacer

have you fixed it?

@aakh1361
Copy link

for fix error DSZOpsDisk zip
create empty file with name DSZOpsDisk-1.zip in dszopsdisk
BOM ! :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment