Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #1179928
JQJDISRUPT - WAG200G
Config steps:
- Created DHCPDynamic Host Configuration Protocol space from CoreSW for 172.20.100.248/29
- Assigned Linksys WAG200G "LAN" address of 172.20.100.254
- LAN VMVirtual Machine client pulled 172.20.100.252 .... connected to LANLocal Area Network port of Linksys
- WAN port, DHCPDynamic Host Configuration Protocol turned off on Linksys per CONOP
- On Cannoli LP:
- Unzipped Cannoli 2.0 zip in: /home/ndb/aquifer/canoli_v2.0.0/
- In /bin/ folder, copied the .cfg example file and make a linksys.cfg file with the LPListening Post IP as the #1 LPListening Post (172.20.13.50)
- Run the following command to create client & server files:
- ./CCT ../bin/mips-32-LE-static/client/client mod-client ../bin/mips-32-LE-static/server/server mod-server linksys.cfg
- The next step is apparently to use "puppetmon" to put Cannoli onto the target Linksys... unable to find puppetmon utility or any instructions on it... waiting for User #76673 to get back to me.
- After speaking with User #?... it was determined that puppetmon.py was not going to work to get Cannoli on the Linksys target. When running puppetmon.py it eventually always returns errors. User #? advised that it would only work if the targe twas in the 192.168.x.x space
- On LANLocal Area Network VM
- Put installer script on LANLocal Area Network VMVirtual Machine in /home/ndb/aquifer/WAG200G
- Also scp'd "mod-client" to the same folder above
- Ran script as directed in instructions: ./linksys-wag20g-installer.sh mod-client admin admin
- Seems to fail since it's looking for 192.168.1.1
- Replaced all the 192.168.1.1 fields in the installer.sh with the actual IP on the target of 172.20.100.254
- Ran scrip again: /linksys-wag20g-installer.sh mod-client admin admin