search

peterpt / fuzzbunch

Shadow Brokers NSA fuzzbunch tool leak . With windows auto instalation script
194 stars 73 forks source link

daringneophyte #1

Open amagrupp opened 5 years ago

amagrupp commented 5 years ago

daringneophyte

where to get, how to use? Need the most detailed information. Help

peterpt commented 5 years ago

I believe that daringneophyte is the payload generated with the fuzzbunch package (using pc_prep) in conjuction with the java framework in the original package . While using fuzzbunch you can use a normal payload generated with metaploit , with this one the payload must be generated by the framework itself witch will connect to the framework using the live replay session . However i am not sure because i never test that option . Daringneophyte with use a normal reverse_shell instead the normal meterpreter payloads witch have a lot of functions .

amagrupp commented 5 years ago

maybe you are right but how to exploit Daringneophyte

Do I have a dll output? where are they going? write me a mail, can we figure it out? mail amagrupp@gmail.com

amagrupp commented 5 years ago

I believe that daringneophyte is the payload generated with the fuzzbunch package (using pc_prep) in conjuction with the java framework in the original package . While using fuzzbunch you can use a normal payload generated with metaploit , with this one the payload must be generated by the framework itself witch will connect to the framework using the live replay session . However i am not sure because i never test that option . Daringneophyte with use a normal reverse_shell instead the normal meterpreter payloads witch have a lot of functions .

Thanks

peterpt commented 5 years ago

After inspecting a bit better fuzzbunch , it looks that Daringneophyte is not a simple payload but various payloads merged in 1 single dll . dane

In this image it shows fuzzbunch using multiples dlls in his library to create a single payload , now how it will inject it into target i have no idea . However in fuzzbunch package there is an exe for danecfg , witch is used by fuzzbunch to generate this payload . This exe to configure the Dane payload is located in the "Storage" Folder inside fuzzbunch package . My guess is that these multi stage payloads will trigger some vulnerability not detected yet by microsoft . The Dane payload is +- 100Kb of size , witch is a very big size to be allocated in an smb vulnerability groom space . Usually the normal metasploit payloads used in fuzzbunch are a few Kb and not much bigger because they can not find space in target smb process to inject and run it . Again , i have no time or patience to test this .