Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
AngerManagement - Under Construction
What is AngerManagerment?
AngerManagement is a collection of Hamr plugins for Android Remote Exploitation.
How to get the AngerManagement project
- In Stash, go to angermanagement_manifest project and copy the link from "Clone" (on the left hand side).
- ie. SSH: ssh://git@stash.devlan.net:7999/droid/angermanagement_manifest.git
- In your desired repo directory:
- repo init -u ssh://stash/droid/angermanagement_manifest.git --no-repo-verify
- repo sync
**NOTE: AngerMangement repo project contains multiple git projects
Components of AngerManagement
('image' missing)
AngerManagement repo project contains multiple git projects where the goal is to output an executable that builds the necessary plugins for Mission Control (MC) to target a particular Android mobile device. This executable is a python zip file called angerquake, but in the future, it will be renamed to angermanagement to fit with the naming convention of all the plugins. The reason why it's called angerquake is because the first plugin incorporated was Dugtrio, and as a Pokemon, Dugtrio's ability is to quake; therefore, it is named angerquake.
To build a Mission Control Server based on the output of AngerManagement, please see the section "How to Build Mission Control Server using AngerManagement."
To understand what exploits we integrate with AngerManagement (remote exploit, privilege escalation, information leak, etc), please see Android Exploits and Techniques
-
Enumeration Stage Plugins
- androidua
-
Information Leak Stage Plugins
- dugtrio info leak
- spearow
-
Access Stage Plugins
-
helios
- barracuda
- dragonfly
- orion
- sparta
- starmie
- dugtrio access plugin
-
helios
-
Resource Plugins
-
Privilege Escalation
- chronos
- chronos suckerpunch
- flameskimmer
- flameskimmer suckerpunch
- hyperion
- hyperion suckerpunch
-
Terminal Payloads
- bowtie
- downloader-server
- roid rage installer
- suckerpunch-client
-
Long Term Payloads
- downloader-server
- suckerpunch-server
- sporker
-
How to build AngerManagement
From your Angermanagement repo directory:
- "make -j all runtests"
- To display verbose, use "V=1" flag ("make V=1 -j all runtests")
Plugins/ Components
- AndroidUA - A plugin that produces a device enumeration by parsing the browser user agent (UA) to include the device and build info, OS, platform, webkit version, and browser name and version. Written in Python.
- Angry - Written in C.
- Bleak - An infoleak. Written in C.
- Bowtie - A payload survey tool. Written in Java. Non-persitent.
- Chronos - A privesc for Samsung GrandPrime and Mini4 devices. Written in C.
- Cowpy
- Downloader Downloader is a Java program that is used to fetch a RoidRage download or an arbitrary payload.
- Dropper - Dropper is a library that adds drop and execute support to those privs that include/need it, such as Bowtie.
- Dugtrio - A plugin
- Flameskimmer - A privesc for Broadcom wifi chipset devices such as Galaxy Note 4. Written in C.
- Freedroid
- Googletest - a simple wrapper to get Googletest libs built using NDK.
- Hamdroid
- Hamrtest
- Hamrtime
- Helios - provides the remote access via JavaScript
- Hyperion
- Legba - a 3rd party utility to wrap elf binaries with a bit shellcode
- to be run from a browser.
- Makederps
- Mission Control
- Quafflehamr
- Remoterage
- RoidRage - implant. Supports persistence.
- Salazar
- Sepol
- Skor
- Spearow
- Starmie
- Stringobfuscation
- Stubbydroid
- Sulfur
- Totodile
- Webutils
**privesc = privilage escalation
How to deploy AngerManagement