Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #71473
Payload Deployment Unit Tests Issue Tracker
SECRET//NOFORN
Background
I'm working to identify the ongoing issues we are having getting the Payload Deployment Unit Tests working properly under the gtest_parser. Here's what I have discovered so far:
- (FIXED) Some of the tests implementing SkipList were doing the skiplist check after CrtCheckMemory, which was causing bogus memory leak failures. Affected tests:
- COMLocalServerRun_SHTAUnitTests.COMLocalServerRun_SHTA_ValidPayload
- CreateProcessAsUser_LEPUnitTests.CreateProcessAsUser_LEP_ValidPayload
-
(FIXED) Some of the basic open process tests in InjectFromMemory_UnitTests needed skiplists to handle running these functions as system, where results vary greatly between OSOperating System versions
- InjectFromMemory_UnitTests.OpenProcessByPidErrorSystem
- InjectFromMemory_UnitTests.OpenProcessByPidErrorIdle
- InjectFromMemory_UnitTests.OpenProcessByNameErrorCsrss
-
(FIXED) One of TaskScheduleRun_SPKL_UnitTests had logic that was invalid when run as User, since the first call to schedule and start the task fails when run with an empty username (which attempts to schedule the task as SYSTEM).
- TaskScheduleRun_SPKLUnitTests.TaskScheduleRun_SPKL_ValidPayload
-
(POSSIBLY FIXED, Needs further investigation) One of the CreateProcessAsPipe_GHRN_UnitTests when run as user was hanging indefinitely on some platforms trying to kill a process that was apparently never started. This started to appear in TaskScheduleRun_SPKL_UnitTests once this was dummied out.
- CreateProcessAsPipe_GHRNUnitTests.CreateProcessAsPipe_GHRN_ValidPayload
- TaskScheduleRun_SPKLUnitTests.TaskScheduleRun_SPKL_ValidPayload
-
(POSSIBLY FIXED, Needs further investigation) Several other tests resulted in hangs after the previous hanging tests were dummied out:
- InjectFireAndForgetFromMemory_UnitTests.InjectFireAndForgetFromMemory_ValidPayload (when run as System)
- CreateProcessWMI_TIGUnitTests.CreateProcessWMI_TIG_ValidPayload (when run as User)
- ShellExecute_CRSUnitTests.ShellExecute_CRS_ValidPayload (when run as System)
- (FAILURE, Needs further investigation) When run as SYSTEM on 64-bit server platforms, CreateProcessAsUser_LEP is failing to get a token (presumably an admin token)
CONCERN: Some of the offending tests have possible infinite loop conditions such as: while(!DeleteFile(params.wcTargetPath) or WaitForSingleObject(hThread, INFINITE). While these may not be issues when the tests are working properly, they could be masking failure conditions that cannot be observed if the test process hangs.
NOTE: DeleteFile fails if the file does not exist – we need to either check that the target file exists before calling the above loop, or check that the return code does not equal ERROR_FILE_NOT_FOUND
Current Testing Status: (02 FEB 2015)
Build Tested | Operating System | SP Level | Bitness | User | Test Name | Status | Details |
---|---|---|---|---|---|---|---|
32-bit Debug | Windows 8 | SP 0 | 32 | - | - | SUCCESS | |
32-bit Debug | Windows Vista Ult. | SP 2 | 64 | - | - | SUCCESS | |
32-bit Debug | Windows Vista Ult. | SP 2 | 32 | - | - | SUCCESS | |
32-bit Debug | Windows 2012 R2 | SP 0 | 64 | SYSTEM | CreateProcessAsUser_LEP_ValidPayload | FAILURE | Execution failed with pErr == -91; TerminateProcesses failed with dwProcs == 0 |
32-bit Debug | Windows 2012 | SP 0 | 64 | SYSTEM | CreateProcessAsUser_LEP_ValidPayload | FAILURE | Execution failed with pErr == -91; TerminateProcesses failed with dwProcs == 0 |
32-bit Debug | Windows 2008 | SP 2 | 64 | SYSTEM | CreateProcessAsUser_LEP_ValidPayload | FAILURE | Execution failed with pErr == -91; TerminateProcesses failed with dwProcs == 0 |
32-bit Debug | Windows XPWindows operating system (Version) Pro | SP 3 | 32 | SYSTEM | InjectFireAndForgetFromMemory_ValidPayload | ERROR | Hang/Timeout |
32-bit Debug | Windows 2003 R2 | SP 2 | 32 | User | CreateProcessWMI_TIG_ValidPayload | ERROR | Hang/Timeout |
32-bit Debug | Windows 2003 | SP 2 | 32 | User | CreateProcessWMI_TIG_ValidPayload | ERROR | Hang/Timeout |
32-bit Debug | Windows XPWindows operating system (Version) Pro | SP 3 | 32 | SYSTEM | InjectFireAndForgetFromMemory_ValidPayload | ERROR | Hang/Timeout |
32-bit Debug | Windows 2003 R2 | SP 2 | 64 | User | CreateProcessWMI_TIG_ValidPayload | ERROR | Hang/Timeout |
32-bit Debug | Windows 2003 | SP 1 | 32 | SYSTEM | ShellExecute_CRS_ValidPayload | ERROR | Hang/Timeout |
32-bit Debug | Windows 2008 R2 | SP 1 | 64 | SYSTEM | InjectFireAndForgetFromMemory_ValidPayload | ERROR | Hang/Timeout |
32-bit Debug | Windows XPWindows operating system (Version) Pro | SP 2 | 32 | SYSTEM | InjectFireAndForgetFromMemory_ValidPayload | ERROR | Hang/Timeout |
32-bit Debug | Windows XPWindows operating system (Version) Pro | SP 2 | 64 | User | CreateProcessWMI_TIG_ValidPayload | ERROR | Hang/Timeout |
SECRET//NOFORN