Today, I am going to talk about NSA Finest Tool Fuzzbunch Stolen by Shadow Brokers and Now Freely Available For Public All Over The Internet.
First of all, I want to do the hand off for Shadow Brokers because they really rock the world. They Hacked NSA (National Computers and Steel Their Secret Hacking Tools. WOW! Amazing.
The Shadow Brokers Introduction
According to Wikipedia """The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools from the National Security Agency (NSA), including several zero-day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, anti-virus products, and Microsoft products. The Shadow Brokers originally attributed the leaks to the Equation Group threat actor, who have been tied to the NSA's Tailored Access Operations unit."""
Fuzzbunch is an Exploitation Framework Written In Python2.6 By NSA Computer & Networking Experts For Exploiting Various Victim Computers Remotely. This Framework contains many types of exploits, spy software, malicious files and other tools that can easily help any hacker to hack and gain access to various operating systems in minutes. In Simple Words, This tool also works like Metasploit Exploitation Framework. As Metasploit, it also has capabilities of being able to profile target and suggest exploits that may be successful on the target as we as a comprehensive framework for exploit development and exploitation. The Only Difference Between Metasploit and Fuzzbunch is Metasploit is Open Source And Completely Available To Public But Fuzzbunch is an NSA Secret Hacking Tool, Completely Secret.
Available Exploits/tools and Their Features.
- EARLYSHOVEL RedHat 7.0 - 7.1 Sendmail 8.11.x exploit
- EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86.
- ECHOWRECKER remote Samba 3.0.x Linux exploit.
- EASYBEE appears to be an MDaemon email server vulnerability
- EASYFUN EasyFun 2.2.0 Exploit for WDaemon / IIS MDaemon/WorldClient pre 9.5.6
- EASYPI is an IBM Lotus Notes exploit that gets detected as Stuxnet
- EWOKFRENZY is an exploit for IBM Lotus Domino 6.5.4 & 7.0.2
- EXPLODINGCAN is an IIS 6.0 exploit that creates a remote backdoor
- ETERNALROMANCE is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges (MS17-010)
- EDUCATEDSCHOLAR is a SMB exploit (MS09-050)
- EMERALDTHREAD is a SMB exploit for Windows XP and Server 2003 (MS10-061)
- EMPHASISMINE is a remote IMAP exploit for IBM Lotus Domino 6.6.4 to 8.5.2
- ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users
- EPICHERO 0-day exploit (RCE) for Avaya Call Server
- ERRATICGOPHER is a SMBv1 exploit targeting Windows XP and Server 2003
- ETERNALSYNERGY is a SMBv3 remote code execution flaw for Windows 8 and Server 2012 SP0 (MS17-010)
- ETERNALBLUE is a SMBv2 exploit for Windows 7 SP1 (MS17-010)
- ETERNALCHAMPION is a SMBv1 exploit
- ESKIMOROLL is a Kerberos exploit targeting 2000, 2003, 2008 and 2008 R2 domain controllers
- ESTEEMAUDIT is an RDP exploit and backdoor for Windows Server 2003
- ECLIPSEDWING is an RCE exploit for the Server service in Windows Server 2008 and later (MS08-067)
- ETRE is an exploit for IMail 8.10 to 8.22
- ETCETERABLUE is an exploit for IMail 7.04 to 8.05
- FUZZBUNCH is an exploit framework, similar to MetaSploit
- ODDJOB is an implant builder and C&C server that can deliver exploits for Windows 2000 and later, also not detected by any AV vendors
- EXPIREDPAYCHECK IIS6 exploit
- EAGERLEVER NBT/SMB exploit for Windows NT4.0, 2000, XP SP1 & SP2, 2003 SP1 & Base Release
- EASYFUN WordClient / IIS6.0 exploit
- PASSFREELY utility which "Bypasses authentication for Oracle servers"
- SMBTOUCH check if the target is vulnerable to samba exploits like ETERNALSYNERGY, ETERNALBLUE, ETERNALROMANCE
- ERRATICGOPHERTOUCH Check if the target is running some RPC
- IISTOUCH check if the running IIS version is vulnerable
- RPCOUTCH get info about windows via RPC
- DOPU used to connect to machines exploited by ETERNALCHAMPIONS
- NAMEDPIPETOUCH Utility to test for a predefined list of named pipes, mostly AV detection. User can add checks for custom named pipes.
To Run This Exploitation Framework, You Need
1. Windows Xp/7 (32 bit)
2. Python 2.6... click here
3. pyWin2.6... click here
And Now, Click Here To Download Fuzzbunch Tool
In my Next Post, I Will Show you how to use it.