Shadow Brokers Release Dangerous NSA Hacking Tools

The New Acunetix V12 Engine


It’s not the first time Shadow Brokers has been on the radar with NSA Hacking Tools, in August 2016 they exposed a bunch of 0-day exploits (also from 2013).

Shadow Brokers Release Dangerous NSA Hacking Tools

This cache of tools appears to be from 2013, so was probably snatched during the same intrusion. This is somewhat more dangerous though as it provides what are essentially point-and-click tools for exploiting all types of Microsoft systems.

The Shadow Brokers have leaked more hacking tools stolen from the NSA’s Equation Group – this time four-year-old exploits that attempt to hijack venerable Windows systems, from Windows 2000 up to Server 2012 and Windows 7 and 8.

The toolkit puts into anyone’s hands – from moronic script kiddies to hardened crims – highly classified nation-state-level weaponry that can potentially compromise and commandeer systems around the world. This is the same powerful toolkit Uncle Sam used once upon a time to hack into and secretly snoop on foreign governments, telcos, banks, and other organizations.

The files range from Microsoft Windows exploits to tools for monitoring SWIFT interbank payments. Ongoing analysis of the leaked documents and executables has revealed Cisco firewalls and VPN gateways are also targets.

The Shadow Brokers tried auctioning off the stolen cyber-weapons to the highest bidder, but when that sale flopped with no buyers, the team started releasing the gear online for free anyway.

“The shadow brokers not wanting going there. Is being too bad nobody deciding to be paying the shadow brokers for just to shutup and going away,” the group said in a typically garbled blog post.


Just exploits take a little more skill to use, but these tools allow the most n00b skiddies to carry out some pretty devastating attacks on machines running Win2k all the way to Windows 8 and Windows Server.

It seems like they tried to auction of this kit and got the cold shoulder, which should be expected as those with serious money are not gonna drop it on a bunch of 2013 software.

“The Shadow Brokers rather being getting drunk with McAfee on desert island with hot babes. Maybe if all suviving WWIII the shadow brokers be seeing you next week. Who knows what we having next time?”

For IT managers and normal folks, the Windows-hacking arsenal, which dates to around mid-2013, is the most concerning. It contains exploits for vulnerabilities that can be used to hack into unpatched Windows systems, from Windows 2000 to Windows 8 and Server 2012. In some cases this can be done across the network or internet via SMB, RDP, IMAP, and possibly other protocols.

If you have a vulnerable aging machine with those services running, it is possible they can be hijacked using today’s dumped tools – if not by strangers on the ‘net then potentially by malicious employees or malware already on your network. If you’re running the latest up-to-date gear, such as Windows 10, none of this will directly affect you – but not everyone is so lucky. There are plenty of organizations out there that cannot keep every box up to date, for various reasons.

The leaked archive also contains the NSA’s equivalent of the Metasploit hacking toolkit: FUZZBUNCH.

Matthew Hickey, cofounder of British security shop Hacker House, told The Register FUZZBUNCH is a very well-developed package that allows servers to be penetrated with a few strokes of the keyboard. The toolkit has modules to install a backdoor on invaded boxes to remote control the gear and romp through file systems.

Some part of me is glad to see the NSA software appears to be well written and well architected, at least they are doing well on those fronts. Plus 4 years later I’d imagine the malicious software capabilities they have are much more powerful.

We will have to wait and see if any more comes from this.

Source: The Register

Posted in: Exploits/Vulnerabilities, Legal Issues


Latest Posts:


Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.


4 Responses to Shadow Brokers Release Dangerous NSA Hacking Tools

  1. mithrandir April 20, 2017 at 4:26 am #

    So where are the tools??

    • Lucas May 14, 2017 at 12:15 pm #

      Have you already found them online?

  2. applejacks April 20, 2017 at 6:13 pm #

    Hello, I noticed what may be a spelling/typo error… “This cache of tools appears to be from 2013, so was properly snatched during the same intrusion.”

    • Darknet April 21, 2017 at 10:29 pm #

      Thanks,fixed!