Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #71467
JQJTHRESHER Test Notes
3/4/2015 - User #76781
Followed README instructions to trigger HG. Opened and setup Listening window first, then followed steps to open and setup Trigger window. When I entered ./prep-ct.sh in the Trigger window, got the following message in the Listening window:
Bus error (core dumped) - spoke with User #76782/Xetron about this. He says this is because ./prep-ct.sh is only meant to be run once. It is in the README to run twice because the README assumes you are not triggering and listening on the same VM.
Progress / Notes
- TR team has performed initial review of configuration and Ops provided diagrams
- TR team is moving required VMs at this time
- Created Blot-Proxy, Blot-Onslaught, Blot-CoverWeb, ICON-CutThroat VMs. Copied Fedora10-hg2960-Seeds VMVirtual Machine from NDBNetwork Devices Branch Lab to use for seed traffic.
- Built test network with 2960S-24TS-L target switch, 3750G-24T Router and 3 2960-24TT-L switches.
- Upgraded IOSApple operating system for small devices on target 2960S switch to c2960s-universalk9-mz.122-55.SE7.bin. Updated confiugration to match config obtained from COG.
- Uploaded Aquaman delivery package to ICON-CutThroat VMVirtual Machine and installed in /home/ubuntu.
- Successfully attacked target 2960S switch with SSHIAC and installed Hun-Grrr. Note:
- On ICON-CutThroat VMVirtual Machine - had to move to Devlan temporarily to download the ia32-lib from the repo in order for SSHIAC to run
- Must enable the root account and su - root in each window you use when you attack with SSHIAC and use CutThroat
- Modified Seeds scripts on Fedora10-hg2960-Seeds VMVirtual Machine to generate ICMP/ARP, DNSDomain Name System and HTTPHypertext Transfer Protocol traffic in our test network.
- Established comms between Hun-Grrr and ICON-Cuthroat VM.
- Used beacon get_current_trigger_number and beacon set_current_trigger_number to make sure HG trigger sequence number was correct
- Had successful trigger packets however did not receive a callback
- User #76780/Xteron recommended to use beacon call_me_back https 443 -ii 172.31.255.2 and then finally comms came up, successful SSLSecure Socket Layer handshake in listening window.
- Created new WebServer VMVirtual Machine to use as web destination for seed traffic - 172.20.13.25.