{"id":4907,"date":"2018-02-07T00:21:00","date_gmt":"2018-02-06T23:21:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=4907"},"modified":"2022-04-06T01:12:18","modified_gmt":"2022-04-05T23:12:18","slug":"nsa-exploits-adapted-for-all-windows-versions","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/02\/07\/nsa-exploits-adapted-for-all-windows-versions\/","title":{"rendered":"NSA exploits adapted for all Windows versions"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2018\/02\/06\/nsa-exploits-fr-alle-windows-versionen-angepasst\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Last year, hackers from Shadow Brokers made various NSA tools public. Exploits such as EternalBlue were used in Ransomware attacks such as WannaCry, NotPetya and Bad Rabbit. A security researcher has now taken a closer look at other exploits and has been able to modify them so that they can run on all versions of Windows.<\/p>\n<p><!--more--><\/p>\n<p>In addition to the EternalBlue exploits, other exploits have been released. Here's the list:<\/p>\n<p><strong>EternalBlue: <\/strong>Adressiert in <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms17-010.aspx\" target=\"_blank\" rel=\"noopener\">MS17-010<\/a><br \/><strong>EmeraldThread<\/strong>: Adressiert in <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms10-061.aspx\" target=\"_blank\" rel=\"noopener\"><u>MS10-061<\/u><\/a><br \/><strong>EternalChampion<\/strong>; Adressiert in&nbsp; <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2017-0146\" target=\"_blank\" rel=\"noopener\"><u>CVE-2017-0146<\/u><\/a> &amp; <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2017-0147\" target=\"_blank\" rel=\"noopener\"><u>CVE-2017-0147<\/u><\/a><br \/><strong>ErraticGopher: <\/strong>vor der Freigabe von Windows Vista adressiert<br \/><strong>EsikmoRoll: <\/strong>Adressiert in <a href=\"https:\/\/web.archive.org\/web\/20170707185443\/https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms14-068.aspx\" target=\"_blank\" rel=\"noopener\">MS14-068<\/a><br \/><strong>EternalRomance<\/strong>: Adressiert in <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms17-010.aspx\" target=\"_blank\" rel=\"noopener\">MS17-010<\/a><br \/><strong>EducatedScholar<\/strong>: Adressiert in <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms09-050.aspx\" target=\"_blank\" rel=\"noopener\">MS09-050<\/a><br \/><strong>EternalSynergy<\/strong>: Adressiert in <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms17-010.aspx\" target=\"_blank\" rel=\"noopener\">MS17-010<\/a><br \/><strong>EclipsedWing: <\/strong>Adressiert in <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms08-067.aspx\" target=\"_blank\" rel=\"noopener\">MS08-067<\/a>  <\/p>\n<p>These exploits take advantage of vulnerabilities in Windows, but only worked for certain versions. Now, RiskSense security researcher Sean Dillon <a href=\"https:\/\/twitter.com\/zerosum0x0\" target=\"_blank\" rel=\"noopener\">(@zerosum0x0x0x0<\/a>) has modified the source code for some of these lesser-known exploits to work on a variety of Windows operating systems and run system-level code.<\/p>\n<p>The researcher has recently integrated these modified versions of EternalChampion, EternalRomance and EternalSynergy into the Metasploit Framework, an open source penetration testing project on <a href=\"https:\/\/github.com\/rapid7\/metasploit-framework\/pull\/9473\" target=\"_blank\" rel=\"noopener\">GitHub<\/a>. He posted this message on Twitter.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\">MS17-010 <a href=\"https:\/\/twitter.com\/hashtag\/EternalSynergy?src=hash&amp;ref_src=twsrc%5Etfw\">#EternalSynergy<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/EternalRomance?src=hash&amp;ref_src=twsrc%5Etfw\">#EternalRomance<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/EternalChampion?src=hash&amp;ref_src=twsrc%5Etfw\">#EternalChampion<\/a> exploit and auxiliary modules for <a href=\"https:\/\/twitter.com\/metasploit?ref_src=twsrc%5Etfw\">@Metasploit<\/a>. Support for Windows 2000 through 2016. I basically bolted MSF psexec onto <a href=\"https:\/\/twitter.com\/sleepya_?ref_src=twsrc%5Etfw\">@sleepya_<\/a> zzz_exploit. <a href=\"https:\/\/t.co\/UnGA1u4gWe\">https:\/\/t.co\/UnGA1u4gWe<\/a> <a href=\"https:\/\/t.co\/Y9SMFJguH1\">pic.twitter.com\/Y9SMFJguH1<\/a><\/p>\n<p>\u2014 z\u01dd\u0279osum0x0 (@zerosum0x0) <a href=\"https:\/\/twitter.com\/zerosum0x0\/status\/957839430777057280?ref_src=twsrc%5Etfw\">29. Januar 2018<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>The modified exploits can exploit the following vulnerabilities:<\/p>\n<table cellspacing=\"0\" cellpadding=\"2\" width=\"640\" border=\"1\">\n<tbody>\n<tr>\n<td valign=\"top\" width=\"213\">CVE<\/td>\n<td valign=\"top\" width=\"213\">Vulnerability<\/td>\n<td valign=\"top\" width=\"213\">NSA Exploit<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"213\">CVE-2017-0143<\/td>\n<td valign=\"top\" width=\"213\">Type confusion between WriteAndX and Transaction requests<\/td>\n<td valign=\"top\" width=\"213\">EternalRomance EternalSynergy<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"213\">CVE-2017-0146<\/td>\n<td valign=\"top\" width=\"213\">Race condition with Transaction requests<\/td>\n<td valign=\"top\" width=\"213\">EternalChampion EternalSynergy<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>These exploits should now work on all unpatched Windows versions from the following list.<\/p>\n<ul>\n<li>Windows 2000 SP0 x86\n<li>Windows 2000 Professional SP4 x86\n<li>Windows 2000 Advanced Server SP4 x86\n<li>Windows XP SP0 x86\n<li>Windows XP SP1 x86\n<li>Windows XP SP2 x86\n<li>Windows XP SP3 x86\n<li>Windows XP SP2 x64\n<li>Windows Server 2003 SP0 x86\n<li>Windows Server 2003 SP1 x86\n<li>Windows Server 2003 Enterprise SP 2 x86\n<li>Windows Server 2003 SP1 x64\n<li>Windows Server 2003 R2 SP1 x86\n<li>Windows Server 2003 R2 SP2 x86\n<li>Windows Vista Home Premium x86\n<li>Windows Vista x64\n<li>Windows Server 2008 SP1 x86\n<li>Windows Server 2008 x64\n<li>Windows 7 x86\n<li>Windows 7 Ultimate SP1 x86\n<li>Windows 7 Enterprise SP1 x86\n<li>Windows 7 SP0 x64\n<li>Windows 7 SP1 x64\n<li>Windows Server 2008 R2 x64\n<li>Windows Server 2008 R2 SP1 x64\n<li>Windows 8 x86\n<li>Windows 8 x64\n<li>Windows Server 2012 x64\n<li>Windows 8.1 Enterprise Evaluation 9600 x86\n<li>Windows 8.1 SP1 x86\n<li>Windows 8.1 x64\n<li>Windows 8.1 SP1 x64\n<li>Windows Server 2012 R2 x86\n<li>Windows Server 2012 R2 Standard 9600 x64\n<li>Windows Server 2012 R2 SP1 x64\n<li>Windows 10 Enterprise 10.10240 x86\n<li>Windows 10 Enterprise 10.10240 x64\n<li>Windows 10 10.10586 x86\n<li>Windows 10 10.10586 x64\n<li>Windows Server 2016 10.10586 x64\n<li>Windows 10 10.0.14393 x86\n<li>Windows 10 Enterprise Evaluation 10.14393 x64\n<li>Windows Server 2016 Data Center 10.14393 x64<\/li>\n<\/ul>\n<p>Whoever is responsible for the administration of systems should make sure that they are up-to-date. More details can be found in the above <a href=\"https:\/\/github.com\/rapid7\/metasploit-framework\/pull\/9473\" target=\"_blank\" rel=\"noopener\">GitHub-Post<\/a> or at Bleeping Computer.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Last year, hackers from Shadow Brokers made various NSA tools public. Exploits such as EternalBlue were used in Ransomware attacks such as WannaCry, NotPetya and Bad Rabbit. A security researcher has now taken a closer look at other exploits and &hellip; <a href=\"https:\/\/borncity.com\/win\/2018\/02\/07\/nsa-exploits-adapted-for-all-windows-versions\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,22,2],"tags":[69,195,194],"class_list":["post-4907","post","type-post","status-publish","format-standard","hentry","category-security","category-update","category-windows","tag-security","tag-update","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/4907","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=4907"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/4907\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=4907"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=4907"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=4907"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}