Shadow Brokers Release a large number Files Revealing Windows Exploits, SWIFT Attacks

On the evening of April 14, Shadow Brokers organized a confidential document of the previously distorted part of the equation group. This part of the published document has been auctioned by Shadow Brokers hundreds of millions of dollars, because this part of the file contains a number of shocking hacking tools, including Windows, including attacks, including multiple system vulnerabilities. The leaked file consists of three parts: Windows, Swift, and Odd.

Which Windows directory hacker tool includes the use of IIS 6.0 remote vulnerability; SMB1 heavyweight use, can be used to attack the open 445 port of the Windows system and the right; RDP service remote vulnerability exploit, you can attack open 3389 port Windows machines and so on. Open the 135,445,3389 port Windows server has a great probability of being attacked.

The Formula Organization is said to be a hacker organization under the National Security Agency (NSA), with high technology and a lot of hacking tools. The leaked exploit tool covers most of the world’s Windows server, and anyone can download the direct use, but Microsoft (Microsoft) official also immediately issued a notice in Beijing on the 15th, said the attack against the Windows system has been large Part of the previous system upgrade patch to solve.

Affected version

The disclosure of the attack tool to take advantage of a large number of Windows vulnerabilities, the specific impact version, please click on the details of the vulnerability behind the view.

Attack tool code



MS17-010 has been resolved


MS10-061 resolved


CVE-2017-0146 & CVE-2017-0147 has been resolved


Windows Vista was released before it was released


MS14-068 resolved


MS17-010 has been resolved


MS09-050 resolved


MS17-010 has been resolved


MS08-067 has been resolved

Suggested users will be affected by the system immediately upgrade to the latest official support version.

Reference link:

How to precausion

If the user is temporarily unable to upgrade the relevant system, you can take the following temporary protection method:

In accordance with the principle of minimizing the opening of the server port, temporarily shut down 135,137,139,445 and 3389 and other service ports, and in the case of unnecessary closure of the corresponding port services.

Strictly limit the access of trusted IP to critical servers.


Related port description:

135 :

135 port is mainly used to use RPC (Remote Procedure Call) protocol and provide DCOM (Distributed Component Object Model) service, through RPC can ensure that a program running on a computer can successfully execute the remote computer code ; Use DCOM can communicate directly through the network, including HTTP protocol, including a variety of network transmission.

137 :

137 port is the main role in the LAN to provide the computer’s name or IP address query service, the general installation of the NetBIOS protocol, the port will automatically be open. 137 port belongs to the UDP port, the user only needs to send a request to the local area network or the 137 port of a computer on the Internet to obtain the name of the computer, the registered user name, and whether to install the main domain controller, whether IIS is running And other information.

139 :

139 NetBIOS File and Print Sharing The connection through this port attempts to obtain NetBIOS / SMB services. This protocol is used for Windows “File and Printer Sharing” and SAMBA. Sharing your hard drive on the Internet is probably the most common problem.

445 :

445 port is also a TCP port, the port in the windows 20XX Server system to play the role and 139 port is exactly the same. Specifically, it is also available in the LAN file or printer sharing service. However, the port is based on the CIFS protocol (Common Internet File System Protocol) work, and 139 port is based on the SMB protocol (server protocol family) to provide shared services. Similarly, the attacker and 445 port to establish a request to connect, but also access to the designated local area network of a variety of shared information.

3389 :

3389 port is Windows 20xx Server remote desktop service port, through this port, with “Remote Desktop” and other connection tools to connect to the remote server, if connected, enter the system administrator’s user name and password, will become You can operate the same machine as the remote computer, so the remote server will generally modify the value of this port or off.

The post Shadow Brokers Release a large number Files Revealing Windows Exploits, SWIFT Attacks appeared first on Penetration Testing in Linux.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair /  Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair /  Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )


Conectando a %s