The vulnerability incident in this outbreak is too serious. I will return to the porter to share the 0day incident of the NSA formula. Because the amount of information is too large, there is no research on the technical details, but please believe me, pull out the power.
For details of the event, please refer to: [Changting Technology Column] (https://zhuanlan.zhihu.com/p/26375989)
Exploit address: https://github.com/x0rz/EQGRP_Lost_in_Translation
This time, the file has three directories, “Windows”, “Swift” and “OddJob”, which contain a bunch of amazing hacking tools (we pick a few important ones as follows):
- EXPLODINGCAN is an IIS 6.0 remote exploit tool
- ETERNALROMANCE is a heavyweight use of SMB1 that can attack Windows XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2 with 445 ports open and upgrade to system privileges.
- In addition, ERRATICGOPHER, ETERNALBLUE, ETERNALSYNERGY, ETERNALCHAMPION, EDUCATEDSCHOLAR, EMERALDTHREAD, etc. are all SMB exploits that can attack Windows machines with 445 ports open.
- ESTEEMAUDIT is a remote exploit for RDP services that can attack Windows XP and Windows 2003 machines with port 3389 open and smart card login enabled.
- FUZZBUNCH is an exploit platform similar to MetaSploit.
- ODDJOB is a rootkit exploit that cannot be detected by anti-virus software.
- ECLIPSEDWING is a remote exploit for Windows servers.
- ESKIMOROLL is a Kerberos exploit exploit that can attack domain controllers for Windows 2000/2003/2008/2008 R2.
It is said that affecting 70% of the world’s windows servers, think about it is horrible, not to mention, I pulled the power.
- Turn off ports 445, 137, 139, 3389, or the upper guard device to restrict specific ip access.
- Wait for Microsoft patches