Just in case you missed it: The Shadow Brokers has published a rant and the password for their tool dump.
https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1
Password for c&p is:
CrDj"(;Va.*NdlnzB9M?@K2)#>deB7mN
Files, for those needing them, at:
(thanks to @kript3ia for reminding me)
For someone definitely active in the 90s this Equation Group dump is exactly as described by @osxreverser: a trip down memory lane.
There's exploits for Apache running on Linux for DEC Alpha, Netscape Enterprise Server, RedHat 5.x and stuff that you probably haven't heard except in "greybeard's storytime".
If you wander over to the birdsite @osxreverser is posting headers of all the interesting exploits he finds.
There is also an OpenSSH one (KWIKEMART): https://twitter.com/osxreverser/status/850678952138067969
# KWIKEMART
###################################3
# SSH-1.5-1.2.27
# SSH-1.5-OpenSSH-1.2.3
# SSH-1.99-OpenSSH_2.1.1
# SSH-1.99-OpenSSH_2.2.0
So, KWIKEMART, in /bin/km (not found source yet) has pearls such as the following in its strings:
echo CHRIS CHRIS
No Crash, might have worked
Reply from remote: %s
CHRIS
No Chris not found and since we can't live without her .. searching on
error on read, continuing
It looks suspiciously like we might have to RE them all to find out if the holes are all patched...
Oh, this is interesting (but expected):
#######################################
### ELITEHAMMER
#######################################
### Runs against RedFlag Webmail 4 (software install)
### Gives you user nobody, not root;
### Need a local to get root (EVENTSTART or ELASTICBANJO?)
### Webmail port is usually 80 or 443
For ref: Red Flag Linux is a, now defunct, Chinese distribution (see https://en.wikipedia.org/wiki/Red_Flag_Linux)
Another adorable "from the past" entry, interesting choice of name (CICADA, see https://en.wikipedia.org/wiki/Cicada_3301 and engage your conspiracy theories):
#########################################################
# ELVISCICADA
#########################################################
### only up to ealry Sol2.9; Sol2.10 not vulnerable
### snmpXdmid (/usr/lib/dmi/dmispd) daemon program (RPC program 300598 version 1)
This one is pure "History Channel" material:
############################################
# EXPOSITTRAG
############################################
# exploit pcnfsd version 2.x (fails on v.1 or 3+)
I cannot imagine many people in 2017 even remember pcnfsd: I used to run it so it brings back those pangs of infinite pain associated with something which should never have been born in IT.
Hey, I had to implement an almost-undocumented Microsoft RPC protocol using an unholy combination of FreeDCE and Samba for a job once - I've seen some atrocities in my time.
cynicalsecurity ->@bsd.network
Andreⓐ