Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #14587667
DUT 2 - RB450G - Notes
Perseus 1.1.0
MikroTik RB450G
General Info
WAN (from TR-Core) 172.20.100.8/30
TR-CoreSwx: 172.20.100.9
DUT: 172.20.100.10 (ether1) , 192.168.88.1/24 (ether2), 10.0.0.2/30 (ether4), 192.168.20.1/24 (ether5)
ICON: 172.20.12.101/24
LAN Hosts
192.168.20.2 = Perseus Test2 #2 - 1.1.0b1 - UbuntuDesktop 14.10 x64
RIP Config
Neighbor (RB493G) = 10.0.0.1/30
/ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; default configuration
192.168.88.1/24 192.168.88.0 ether2-master-local
1 172.20.100.10/30 172.20.100.8 ether1-gateway
2 ;;; To_RB493G_ether4
10.0.0.2/30 10.0.0.0 ether4-slave-local
3 192.168.20.1/24 192.168.20.0 ether5-slave-local
Test Procedure
- Backup config (off the device)
- Perform netinstall to ROS6.X
- Restore config settings (if necessary).
- Capture output (screenshots) of:
- /system resource print
- /system resource monitor
- Throw CR, TSH, Flux, Perseus
- Capture output (screenshots) of:
- /system resource print
- /system resource monitor
- Compare outputs (before/after using exploits)
Pre-Implant Screenshots / Values
/system resource print
uptime: 57m47s
version: 6.20
build-time: Oct/01/2014 10:06:12
free-memory: 235.5MiB
total-memory: 256.0MiB
cpu: MIPS 24Kc V7.4
cpu-count: 1
cpu-frequency: 680MHz
cpu-load: 0%
free-hdd-space: 495.7MiB
total-hdd-space: 512.0MiB
write-sect-since-reboot: 137
write-sect-total: 38356
bad-blocks: 0%
architecture-name: mipsbe
board-name: RB450G
platform: MikroTik
/system resource cpu print
# CPU LOAD IRQ DISK
0 cpu0 0% 0% 0%
/system routerboard print
routerboard: yes
model: 450G
serial-number: 33B6045711E4
current-firmware: 3.18
upgrade-firmware: 3.18
/system routerboard settings print
baud-rate: 115200
boot-delay: 2s
enter-setup-on: any-key
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 680MHz
boot-protocol: bootp
enable-jumper-reset: yes
force-backup-booter: no
silent-boot: no
/system history print
Flags: U - undoable, R - redoable, F - floating-undo
ACTION BY POLICY
/system health print
voltage: 12.2V
temperature: 57C
/system resource monitor
cpu-used: 1%
cpu-used-per-cpu: 1%
free-memory: 241028KiB
Post Implant Screenshots / Values
/system resource print
uptime: 3h15m31s
version: 6.20
build-time: Oct/01/2014 10:06:12
free-memory: 231.0MiB
total-memory: 256.0MiB
cpu: MIPS 24Kc V7.4
cpu-count: 1
cpu-frequency: 680MHz
cpu-load: 1%
free-hdd-space: 495.3MiB
total-hdd-space: 512.0MiB
write-sect-since-reboot: 1363
write-sect-total: 39582
bad-blocks: 0%
architecture-name: mipsbe
board-name: RB450G
platform: MikroTik
[admin@MikroTik] >
[admin@MikroTik] > /system resource cpu print
# CPU LOAD IRQ DISK
0 cpu0 1% 0% 0%
/system routerboard print
routerboard: yes
model: 450G
serial-number: 33B6045711E4
current-firmware: 3.18
upgrade-firmware: 3.18
/system routerboard settings print
baud-rate: 115200
boot-delay: 2s
enter-setup-on: any-key
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 680MHz
boot-protocol: bootp
enable-jumper-reset: yes
force-backup-booter: no
silent-boot: no
/system history print
Flags: U - undoable, R - redoable, F - floating-undo
ACTION BY POLICY
/system health print
voltage: 12.2V
temperature: 57C
/system resource monitor
cpu-used: 1%
cpu-used-per-cpu: 1%
free-memory: 236536KiB
Diff of Resource Values
How to Connect
From the VMVirtual Machine named "DAB - ICON4 - COG":
/usr/bin/tshPatcher_v1.0.4/tsh-x86_64 172.20.100.10 12345 MyPassphrase
Perseus Files
BusyBox location: /flash/boot/hidden/busybox
Primary Files location: /flash/boot/hidden
Startup Scripts: /flash/etc/rc.d/run.d/S99mcc, /flash/etc/rc.d/run.d/S99tsh
Test Notes
7/9/2015
- Setup ICON4 VMVirtual Machine for DUT2 testing
- Take baseline measurements of CPU, RAM, and disk space
- Throw CR, Tsh, Flx, and Perseus (Thu Jul 9 16:39:50 UTCCoordinate Universal Time 2015).