Jump to content

Scan Your Windows PC for NSA Vulnerabilities with This Freeware Tool


tao

Recommended Posts

Chinese company creates app to search for NSA security flaws

 

The WannaCry ransomware that affected thousands of computers across the world was based on a vulnerability stolen from the NSA from hacking group Shadow Brokers, who decided to publish it online earlier this year.

 

Furthermore, the same hacking group also revealed some other vulnerabilities that the NSA was holding and believed to be using for breaking into computers across the world, and there’s a good chance the agency owns more security flaws that haven’t yet been made public.

 

This is why security company Qihu developed the so-called 360 NSA Cyber Weapons Defense tool, an application whose purpose is to scan your computer and determine whether it’s vulnerable to any of the known vulnerabilities that were previously used by the NSA.

 

Scanning for NSA vulnerabilities

 

This involves the EternalBlue exploit, which was used for WannaCry, but also a bunch of other tools used in cyber attacks across the world, like EternalChampion, EternalRomance, and EternalSynergy.

 

“Attackers with these NSA cyber weapons can break into more than 70% of the Windows systems in the world. An unpatched PC may be infected as soon as it connects to the Internet even without any click on a link or a file,” the security company explains.

 

The application can scan your computer to see if it’s fully patched to block all known vulnerabilities, and if any security flaws are found, to automatically download and install the updates to keep you secure. What’s more, an Internet connection is not needed, so you can patch the system without actually going online and thus exposing to any risk of getting infected.

 

Without a doubt, some users might be worried that a Chinese company is building a software solution to block NSA’s hacking tools, but it’s one very easy method to search for any vulnerabilities that might expose your system when going online.

 

As usual, you can download the 360 NSA Cyber Weapons Defense tool from Softpedia, and keep in mind that an admin account is needed to patch your system.

 

< Here >

Link to comment
Share on other sites


  • Replies 11
  • Views 1.1k
  • Created
  • Last Reply

And what if this tool deploy the NSA's bloatware it self ?

one thing more , when they really want to take you down , there is nothing than who can save you from them :P

 

Happy computing !

Link to comment
Share on other sites


LOL  NSA is only part of  the problem  once you get the NSA out how do you get rid of the baked in spies from Microsoft ? :)

 

 

Windows 10 Enterprise ignores various privacy settings

https://twitter.com/m8urnett/status/866353982217699328

 

Link to comment
Share on other sites


55 minutes ago, PriSim said:

And what if this tool deploy the NSA's bloatware it self?

From the iNet:

 

Whatif by Shel Silverstein


Last night, while I lay thinking here,
some Whatifs crawled inside my ear
and pranced and partied all night long
and sang their same old Whatif song:
Whatif I'm dumb in school?
Whatif they've closed the swimming pool?
Whatif I get beat up?
Whatif there's poison in my cup?
Whatif I start to cry?
Whatif I get sick and die?
Whatif I flunk that test?
Whatif green hair grows on my chest?
Whatif nobody likes me?
Whatif a bolt of lightning strikes me?
Whatif I don't grow talle?
Whatif my head starts getting smaller?
Whatif the fish won't bite?
Whatif the wind tears up my kite?
Whatif they start a war?
Whatif my parents get divorced?
Whatif the bus is late?
Whatif my teeth don't grow in straight?
Whatif I tear my pants?
Whatif I never learn to dance?
Everything seems well, and then
the nighttime Whatifs strike again!  ;)

 

Cheers!  :cheers:

 

Link to comment
Share on other sites


Extra crap is not needed anymore.


Open PowerShell as admin  and type :

 

Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol

 

It should appear like below :

 

xLkKiu4.png

 

Greetings,

;)

 

Link to comment
Share on other sites


Removing NSA spyware from windows 10 you say, laughs.

I suppose you could pull the network cable.

Link to comment
Share on other sites


47 minutes ago, edwardecl said:

Removing NSA spyware from windows 10 you say, laughs.

I suppose you could pull the network cable.

 

that works 100% :D

edit: I forgot to turn off WIFI :eek:

Link to comment
Share on other sites


Disable SMB1 through Powershell as admin : 

 

Set-SmbServerConfiguration -EnableSMB1Protocol $false

 

Link to comment
Share on other sites


straycat19
12 hours ago, Recruit said:

Extra crap is not needed anymore.


Open PowerShell as admin  and type :

 


Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol

 

 

I was asked about SMB3.  Because SMB2 and SMB3 share the same stack whatever you do to SMB2 will also apply to SMB3.

 

You can also manage the configuration through a registry edit, through a group policy edit, the service controller, or through various versions of powershell..

 

Windows 8 Commands

You do not have to restart the computer after you run the Set-SMBServerConfiguration cmdlet.
To obtain the current state of the SMB server protocol configuration, run the following cmdlet:
Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol

 

To disable SMBv1 on the SMB server, run the following cmdlet:
Set-SmbServerConfiguration -EnableSMB1Protocol $false

 

To disable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:
Set-SmbServerConfiguration -EnableSMB2Protocol $false

 

To enable SMBv1 on the SMB server, run the following cmdlet:
Set-SmbServerConfiguration -EnableSMB1Protocol $true

 

To enable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:
Set-SmbServerConfiguration -EnableSMB2Protocol $true

 

Windows 7

Windows PowerShell 2.0 or a later version of PowerShell

 

To disable SMBv1 on the SMB server, run the following cmdlet:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force

 

To disable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 0 -Force

 

To enable SMBv1 on the SMB server, run the following cmdlet:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 -Force

 

To enable SMBv2 and SMBv3 on the SMB server, run the following cmdlet:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 1 -Force

 

Note You must restart the computer after you make these changes.

 

REGISTRY EDIT

 

To enable or disable SMBv1 on the SMB server, configure the following registry key:
Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ParametersRegistry entry: SMB1 
REG_DWORD: 0 = Disabled 
REG_DWORD: 1 = Enabled 
Default: 1 = Enabled

 

To enable or disable SMBv2 on the SMB server, configure the following registry key:
Registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ParametersRegistry entry: SMB2 
REG_DWORD: 0 = Disabled 
REG_DWORD: 1 = Enabled 
Default: 1 = Enabled

 

 

Windows 7 and 8

 

Service Controller

 

To disable SMBv1 on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi 
sc.exe config mrxsmb10 start= disabled

 

To enable SMBv1 on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi 
sc.exe config mrxsmb10 start= auto

 

To disable SMBv2 and SMBv3 on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi 
sc.exe config mrxsmb20 start= disabled

 

To enable SMBv2 and SMBv3 on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi 
sc.exe config mrxsmb20 start= auto


Notes
You must run these commands at an elevated command prompt.
You must restart the computer after you make these changes.

 

Group Policy

 

Disable SMBv1 Server with Group Policy
This will configure the following new item in the registry

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Registry entry: SMB1 REG_DWORD: 0 = Disabled

 

To configure this using Group Policy:

Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit.
In the console tree under Computer Configuration, expand the Preferences folder, and then expand the Windows Settings folder.
Right-click the Registry node, point to New, and select Registry Item. 

 

In the New Registry Properties dialog box, select the following:

Action: Create
Hive: HKEY_LOCAL_MACHINE
Key Path: SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Value name: SMB1
Value type: REG_DWORD
Value data: 0

 

This disables the SMBv1 Server components. This Group Policy needs to be applied to all necessary workstations, servers, and domain controllers in the domain.

 

Disable SMBv1 Client with Group Policy
To disable the SMBv1 client, the services registry key needs to be updated to disable the start of MRxSMB10 and then the dependency on MRxSMB10 needs to be removed from the entry for LanmanWorkstation so that it can start normally without requiring MRxSMB10 to first start.

This will update and replace the default values in the following 2 items in the registry

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb10

Registry entry: Start REG_DWORD: 4 = Disabled

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation

Registry entry: DependOnService REG_MULTI_SZ: “Bowser”,”MRxSmb20″,”NSI”

Note: The default included MRxSMB10 which is now removed as dependency

 

To configure this using Group Policy:

Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit.
In the console tree under Computer Configuration, expand the Preferences folder, and then expand the Windows Settings folder.
Right-click the Registry node, point to New, and select Registry Item.

 

In the New Registry Properties dialog box, select the following:

Action: Update
Hive: HKEY_LOCAL_MACHINE
Key Path: SYSTEM\CurrentControlSet\services\mrxsmb10
Value name: Start
Value type: REG_DWORD
Value data: 4

 

Then remove the dependency on the MRxSMB10 that was just disabled

In the New Registry Properties dialog box, select the following:

Action: Replace
Hive: HKEY_LOCAL_MACHINE
Key Path: SYSTEM\CurrentControlSet\Services\LanmanWorkstation
Value name: DependOnService
Value type REG_MULTI_SZ
Value data:
Bowser
MRxSmb20
NSI

 

The default value includes MRxSMB10 in many versions of Windows, so by replacing them with this multi-value string, it is in effect removing MRxSMB10 as a dependency for LanmanServer and going from four default values down to just these three values above.

 

Note: When using Group Policy Management Console, there is no need to use quotation marks or commas. Just type the each entry on individual lines as shown above:

 

Reboot Required

 

After the policy has applied and the registry settings are in place, the targeted systems must be rebooted before SMB v1 is disabled.

Link to comment
Share on other sites


JeffDunhill

I ain't going for that free tool after reading the latest post by Cracken! These policy tweaks seems really great to me though.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...