A security researcher has ported three leaked NSA exploits to work on all Versions of Windows OS

The three exploits are EternalChampion, EternalRomance, and EternalSynergy; all three dripped last April by a hacking group known as The Shadow Brokers who said to have stolen the code from the NSA.

Several exploits and hacking tools were written in the April 2017 Shadow Brokers dump, the most important being EternalBlue, the exploit used in the WannaCry, NotPetya, and Bad Rabbit ransomware crashes.

While EternalBlue grew a favorite tool among malware authors, the Shadow Brokers dump also included many lesser-known exploits. The reason many of these didn’t become public was that they only worked a small number of Windows versions, and did not sustain recent Windows distributions.

Now, RiskSense security researcher Sean Dillon@zerosum0x0 has adjusted the source code for some of these lesser-known exploits so they would be able to work and run SYSTEM-level system on a wide variety of Windows OS versions.

The researcher has recently joined these modified versions of EternalChampion, EternalRomance, and EternalSynergy into the Metasploit Framework, an open-source penetration testing project.

Dillon has crafted his revised exploits to take advantage of the resulting vulnerabilities:

CVE-2017-0143 – Type interference between WriteAndX and Transaction requests – EternalRomance/EternalSynergy

CVE-2017-0146 – Race condition with Transaction requests – EternalChampion/EternalSynergy

“Instead of working for shellcode execution, it overwrites the SMB connection assembly structures to gain Admin/SYSTEM session,” Dillon says. “The Metasploit Framework module is leaner stripped down packet count/padding, checks extra defined pipes, sprinkles randomness where possible, and has Metasploit’s psexec DCERPC implementation bolted onto it.”

Dillon says his modified exploits will work on both 32-bit and 64-bit architectures.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients