The ShadowBrokers have released the password for the EQGRP files.
There is a repository on github that has downloaded and starting to delve deeper into the contents of these files.
These list various exploits, I’ve not had the chance to look through much of these yet, but over the next few days, I will be having a read and a play around with these files to see what things can be learnt from them.
The password for the original file leak is – CrDj”(;Va.*NdlnzB9M?@K2)#>deB7mN
Currently you can download the files from here.
Now that these have been released, the patches for many of these exploits should follow – if not so already patched.
Saw this article today and its quite interesting.
Websites compromised in ‘Decimal IP’ campaign
A quick search of the string “1760468715” shows there are quite a few websites that have been compromised.
This is quite a clever but old technique that is referred to as Dotless IP’s. A google search will find quite a few results, with several posts from around 15 or so years ago.
In order to work out the IP address the value represents you can perform a fairly straight forward calculation.
If you had the IP address 172.16.4.8
You can calculate this as follows
172 * 16777216 = 2885681152
16 * 65536 = 1048576
4 * 256 = 1024
8 * 1 = 8
Add the bold figures up.
So if you were to enter this address in your browser http://2886730760
It would attempt to take you to 172.16.4.8
Just another way of hiding in plain sight.