By that time you are probably aware that have leaked hacking tools from the NSA. In this blog post I’m going to play NSA agent and show you how a hacking OPS from the NSA would look like. We’re going to use exploits to take over a Windows 7 host and see what we can do with the Dander Spritiz tool from there. theshadowbrokers If you want a list of the exploits & tools (to be updated) you can head over my Github page: _shadowbroker - The Shadow Brokers "Lost In Translation" leak_github.com misterch0c/shadowbroker I setup a lab with 2 Windows 7 machines (32 Bit but should wokr on 64 too), one for the attacker and one for the victim. I am using the FIZZBUNCH tool from the leak which is some kind of exploit framework kinda like metasploit. Basically you use it to run exploits. Let’s use the ETERNALBLUE ( ) exploits to take over the victim machine MS07–10 After that we have several option. We can run shellcode on the machine or any .dll or .exe. In this case I wanted to try out the Dander Spiritz tool. It came with “pc_prep” another utility to generate payloads for Dander Spiritz A.K.A. PEDDLECHEAP. complete output https://gist.github.com/misterch0c/ec4b10cebabd9ba6ec0df8fb21822498 Now that we have our dll payload we can start the listener in Dander Spiritz: Upload our payload to the target using DOUBLEPULSAR: And now we have a connection: https://gist.github.com/misterch0c/d75509a699ec1f518b6978ab0968af54 Just after the connection an automatic “survey” is launched. It basically collects information about the system, tries to crack passwords, look for “PSP” (Personal Security Products) etc and saves everything into log files. PSP found After the connection is made you have different options with Dander Spiritz GUI such as taking screenshots, browsing files, managing processes etc. But the most interesting parts are the plugins in the “Terminal” window. Here are some of them: logedit : edit Windows event logs YAK: install keylogger ripper: steal information from Skype, Firefox & Chrome runassystem: does what it says Here’s a full list of all the commands Voilà, that was just a quick overview. There are a lot more exploits and files to look into and I’m sure what researchers will find in the future will be interesting (: YAK Keylogger in action Taking a screenshot of the victim’s desktop
