thomhastings

Notes on Shadow Brokers EQGRP-LiT

credit: @GossiTheDog: "If you want to setup FUZZBUNCH (the Equation exploit framework) you need Win7 VM + Python 2.6 + Pywin 2.6, then python fb.py for shell"
h/t @x0rz @DEYCrypt @hackerfantastic

HOW 2 SETUP + INSTALL FUZZBUNCH & DANDERSPRITZ

context: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
writeup: https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/
decrypted files: https://github.com/x0rz/EQGRP_Lost_in_Translation

mlosapio

#!/usr/bin/env python
# Based on https://www.openwall.com/lists/oss-security/2018/08/16/1
# untested CVE-2018-10933 

import sys, paramiko
import logging

username = sys.argv[1]
hostname = sys.argv[2]
command = sys.argv[3]

andrepcg

1. Activar servidor DHCP no Pi-Hole
2. Criar ficheiro /etc/dnsmasq.d/03-vodafone.conf
3. Adicionar a seguinte configuração ao ficheiro

dhcp-host=<MAC ADDRESS DA TV BOX>,set:vodafone
dhcp-option=tag:vodafone,option:dns-server,<IP DO ROUTER DA VODAFONE>

Agora a Box continua a funcionar porque usa o DNS que o router da Vodafone lhe dá e todos os restantes dispositivos na rede utilizam o DNS anunciado pelo servidor DHCP que é o do Pi-Hole