Looking through some of the code and some of the docs, these look old. In absence of a lot of time or some missing docs, not sure how usable these things are.
In the article pointed out by Snowden:
https://www.nytimes.com/2016/08/17/us/shadow-brokers-leak-ra...
they state that the stolen code is from 2013 and Snowden was quoted in Wikipedia saying "circumstantial evidence and conventional wisdom indicates Russian responsibility".
To me it seems impossible that non-state-sponsored hackers would have gotten their hands into top secret NSA hacking tools. If I'd have guess it would seem that TheShadowBrokers are "useful idiots" that Russia gives information in the way they did (probably) with Wikileaks. The real question is why would anyone leak these files at this very moment? Did it take this long to get angry at Trump or are there some others factors at play?
> To me it seems impossible that non-state-sponsored hackers would have gotten their hands into top secret NSA hacking tools.
About as impossible as the Snowden exfiltration, so that makes it entirely believable.
All it takes is one rogue employee or plant. And if you don't want to burn an inside asset it would pay off to release files that are several years old.
Releasing several year old files is signalling. "Next time it may include your zero-days". Remember the previous threats?
> What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what "Equation Group" can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? "Do you feel in charge?"
These look much older than 2013. So much of this stuff is targeted at sun/sco.. the only thing I can suggest is: most state/government systems are simply ancient.. so their tools will be tailored to their targets.
# ELATEDMONKEY is a local privelege escalation exploit against systems running the cPanel Remote Management Web Interface, at least through version 24, and probably future versions too (althogh that should be checked before throwing).
It has been tested explicitly on cPanel 11.23.3 and 11.24.4 running CentOS 5.2 Linux
I wish I could say I'm unaware of a few thousand c5 machines still currently running prod and internet facing at just one of my previous clients; but I can't. These releases don't make things much worse than they were for those folks but let's not pretend there isnt a lot of unmaintained compute that this still applies to and that his is likely to change anytime soon.
Don't underestimate the ability of failing smbs to dismiss the risks involved with that when they can't pay to fix it.
