Note: I did not do the original work for this. This is an adaptation from Sheila A. Berta’s Exploit DB guide and mdiazcl from github on how to do it.
With out further ado, let’s get right on into it shall we?!
So, everyone by now (unless you live under a rock) has heard about the NSA tools leaked by the Shadow Brokers, correct? Well, FuzzBunch is an exploit framework for Spooks. That’s right everyone…Metasploit for the government! No, it’s not a replica of Metasploit or anything but it is similar to it in the sense of what it’s used for.
Unfortunately, this toolset was meant to be used on an x32bit windows machine, however with some figuring we can get it to work on Linux with an application called Wine. If you’ve never used Wine before, it’s basically just a windows emulator that allows you to run individual programs meant for a windows system.
The first thing you’re going to want to do is install some programs. (I’ll be using Kali Linux for the duration of this tutorial.)
sudo apt-get install wine winbind winetricks
Here, we installed Wine (our base emulator), winbind (resolves user and group information from a Windows NT server), and winetricks (allows us to manage virtual Eindows environments using Wine).
Next, we’re going to install and setup a wine32 environment because FuzzBunch is setup to use Windows x32-bit binaries. This will also prevent you from screwing up any Wine environment you have going on.
Installation:
dpkg --add-architecture i386 && apt-get update && apt-get install wine32
Setting up the environment:
WINEPREFIX="$HOME/.wine-fuzzbunch" WINEARCH=win32 wine wineboot
Changing WinePrefix for your current session:
export WINEPREFIX=$HOME/.wine-fuzzbunch
Next up, we have to add Python2.6 and FuzzBunch to the Windows PATH variable.
Type:
wine regedit
Select the folder: “HKEY_CURRENT_USER”
Under that folder, select: “Environment”
Right Click in the registry editor.
Select “New”, then “String Value”
In the text box that just appeared, type “PATH”
Right click the item you just created and click “Modify”
Under the field labeled “Value Data” type (or copy /paste):
c:\\windows;c:\\windows\\system;C:\\Python26;C:\\fuzzbunch-debian\\windows\\fuzzbunch
Then click “Registry” in the upper left hand corner, and click “Exit” to exit the registry editor.
Now, we’re going to CD into our newly created Wine folder, and grab the files we need from github.
cd $HOME/.wine-fuzzbunch/drive_c
You will need to apt-get install git if it isn’t already.
git clone https://github.com/mdiazcl/fuzzbunch-debian.git
Now, we’re going to install Python2.6 and pywin32 into our Wine environment. (Have no fear, for WINETRICKS IS HERE!)
Simply type:
winetricks python26
Winetricks will install both Python2.6 and pywin32 for you with that one command. All you need to do is select “For all users” and keep on hitting next.
Now, we’re going to inspect our final product! The FuzzBunch python application.
First, we need to CD into where the program is located.
cd $HOME/.wine-fuzzbunch/drive_c/fuzzbunch-debian/windows
Now, we type “wine cmd.exe” and then “python fb.py”
There you have it folks!! You now have a functional NSA exploit framework at your fingertips. (Remember, neither I nor 0x00sec are responsible for what you do with this!)
In my next article, I’ll teach you how to use this wonderful piece of software and what exactly you can accomplish with it! (Hint, it will require Powershell Empire)
Stay paranoid, happy hacking, and use responsibly!
