Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #71467
Cytolysis-1h Testing
HG was delivered for Cytolysis on 10/12/2015 for SUP720. Testing scope will include SMITE, Redirection and Packet Collection capabilties
CONOP will be:
Testing Summary
Testing Notes
VMs Used
- Cytolysis-ICON-Debian8
- Cytolysis-Seeds-Ubuntu
- Cytolysis-Victim
- Cytolysis-Cust1-Host
- Cytolysis-Flux1
- Cytolysis-Flux2
- Cytolysis-Flux3
Console connections
- 6509 RP Slot 6: telnet 10.9.8.9 7013
- 6509 RP Slot 5: telnet 10.9.8.9 7014
- 4948-Osmo3 : telnet 10.9.8.9 7015
- 3750G-Cust2 : telnet 10.9.8.9 7016
- 3750-Cust1 : telnet 10.9.8.9 7017
- 3750E-Osmo : telnet 10.9.8.9 7018
Device Setup
- 6509E Chassis with the following linecards
- Slot 1 - WS-6148-GE-TX
- Slot 2 - WS-6148-GE-TX - powered down
- Slot 3 - WS-X6704-10GE
- Slot 4 - EMPTY
- Slot 5 - WS-SUP720-3B
- Slot 6 - WS-SUP720-3B
- DUT IOSApple operating system for small devices - sup-bootdisk:s72033-ipservices_wan-mz.122-33.SXI.bin
- DUT ROMRead-Only Memory - ROM: System Bootstrap, Version 12.2(17r)SX5, RELEASE SOFTWARE (fc1)
- OSPF running with Osmo-3 routers, rx equal-cost default route from two OSPFOpen Shortest Path First peers over Uplinks, along with other OSPFOpen Shortest Path First routes.
- Uplinks to Osmo-3 routers - one on 10G interface, other on 1G interface (target may actually have two 10G uplinks, however I do not have two 10G routers to link to).
- Uplinks use ISL trunk encapsulation
- Customer 2 is the target traffic, Customer 1 is just additional traffic. Customer routers replicated with 3750s.
- Customer 2 target network is NAT'd by the DUT
- Hop through three flux nodes to attack - one on Internet and two on Osmo network. Final Flux node on CONTROL network hanging off Osmo router.
- SNMP monitoring, Syslog and trap logging set up to Solarwinds
- Port mirror set up for VLANVirtual Local Area Network 3 and 47