Windows System SMB/RDP Remote Command Execution Vulnerability

Hacker omnipotent

The vulnerability incident in this outbreak is too serious. I will return to the porter to share the 0day incident of the NSA formula. Because the amount of information is too large, there is no research on the technical details, but please believe me, pull out the power.

For details of the event, please refer to: [Changting Technology Column] (https://zhuanlan.zhihu.com/p/26375989)
Exploit address: https://github.com/x0rz/EQGRP_Lost_in_Translation

Event Cause

This time, the file has three directories, “Windows”, “Swift” and “OddJob”, which contain a bunch of amazing hacking tools (we pick a few important ones as follows):

  • EXPLODINGCAN is an IIS 6.0 remote exploit tool
  • ETERNALROMANCE is a heavyweight use of SMB1 that can attack Windows XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2 with 445 ports open and upgrade to system privileges.
  • In addition, ERRATICGOPHER, ETERNALBLUE, ETERNALSYNERGY, ETERNALCHAMPION, EDUCATEDSCHOLAR, EMERALDTHREAD, etc. are all SMB exploits that can attack Windows machines with 445 ports open.
  • ESTEEMAUDIT is a remote exploit for RDP services that can attack Windows XP and Windows 2003 machines with port 3389 open and smart card login enabled.
  • FUZZBUNCH is an exploit platform similar to MetaSploit.
  • ODDJOB is a rootkit exploit that cannot be detected by anti-virus software.
  • ECLIPSEDWING is a remote exploit for Windows servers.
  • ESKIMOROLL is a Kerberos exploit exploit that can attack domain controllers for Windows 2000/2003/2008/2008 R2.

Vulnerability Impact

It is said that affecting 70% of the world’s windows servers, think about it is horrible, not to mention, I pulled the power.

Corresponding patch

Temporary repair plan

  • Turn off ports 445, 137, 139, 3389, or the upper guard device to restrict specific ip access.
  • Wait for Microsoft patches

本文标题:Windows System SMB/RDP Remote Command Execution Vulnerability

文章作者:nmask

发布时间:2017年04月15日 - 14:04

最后更新:2019年07月11日 - 15:07

原始链接:https://thief.one/2017/04/15/Windows System SMB-RDP Remote Command Execution Vulnerability/

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。

nmask wechat
欢迎您扫一扫上面的微信公众号,订阅我的博客!
坚持原创技术分享,您的支持将鼓励我继续创作!

热门文章推荐: