EQGRP-Auction-Files Password Released.

The ShadowBrokers have released the password for the EQGRP files.

There is a repository on github that has downloaded and starting to delve deeper into the contents of these files.

https://github.com/x0rz/EQGRP

These list various exploits, I’ve not had the chance to look through much of these yet, but over the next few days, I will be having a read and a play around with these files to see what things can be learnt from them.

The password for the original file leak is – CrDj”(;Va.*NdlnzB9M?@K2)#>deB7mN

Currently you can download the files from here.

Now that these have been released, the patches for many of these exploits should follow – if not so already patched.

 

Decimal IP Campaign

Saw this article today and its quite interesting.

Websites compromised in ‘Decimal IP’ campaign

A quick search of the string “1760468715” shows there are quite a few websites that have been compromised.

This is quite a clever but old technique that is referred to as Dotless IP’s.  A google search will find quite a few results, with several posts from around 15 or so years ago.

In order to work out the IP address the value represents you can perform a fairly straight forward calculation.

If you had the IP address 172.16.4.8

You can calculate this as follows

172 * 16777216 = 2885681152
16 * 65536 = 1048576
4 * 256 = 1024
8 * 1 = 8

Add the bold figures up.

2886730760

So if you were to enter this address in your browser http://2886730760

It would attempt to take you to 172.16.4.8

Just another way of hiding in plain sight.