Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #14587667
Felix v1.0 Test Notes
Felix Smoke Tests
- Configurator
- configuration file
- command line
- interactive shell
- Base
- Trigger Module
- Trigger Client
MikroTik
RB493G (MIPSBE)
IP: 172.20.100.6
ROS: 6.30
Netinstall: 11/19/2015
Felix Attack Procedure
- Throw ChimayRed
- Upload TS
- Upload Felix, Flux, Perseus via TS
- Start Felix
- Test Felix
- Start Flux
- Test Felix, Flux
- Start Perseus
- Test Felix, Flux, Perseus
Matrix of Devices/Tests Performed
MikroTik
- MIPS-BE
- PPC
- x86
Ubiquiti
- MIPS-BE
AVTech
- ARM
Ubuntu
- 12.04 x86
-
12.04 x86_64
Debian
- 8.0 x86_64
CentOS
- 6.4 x86
Device/Test | 1a | 1b | 2 | 3a | 3b | 3c | 3d | 3e | 3f | 3g | 3h | 3i | 3j | 3k | 3l | 3m | 3n | 3o | 3p | 3pi | 4a | 4b | 4c | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
MT RB 493G (MIPS-BE) | Y | Y |
|
|
Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | |||||||||||||||
MikroTik (PPCPowerPC (IBM)) |
|
||||||||||||||||||||||||||||||||
MikroTik (x86) |
|
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
Smoke Test Performed
-
Run Configurator
- without persistance
- with persistence
- Install Felix
- Run Kickstarter
debug - Set the debug level
delete - Delete a file on the destination
end - End the current kickstart session
exec - Execute a command via the default shell on the remote side
exit - Exit the program (same as "quit" or CTRL+D)
get - Get a file from the destination
halt - End *all* sessions (including the current one).
help - List available commands with help or detailed help with help <cmd>.
kick - Send a kick to the destination
pexec - Execute a process with arguments on the remote side (without a shell!)
print - Retrieve a value set in the current CLICommand-Line Interface session
put - Copy a file to the destination
reset - Reset the current settings in the CLICommand-Line Interface back to defaults
set - Set a value in the current CLICommand-Line Interface session
status - Display status and history for this session
-
uninstall - Uninstall from the destination
- Cloned process is gone (ps ax | grep <cloned process>)
- Install other tools
- Install Tsh
- Install Perseus
- Install Flux
- Tweak settings
- Small MTU
- Large MTU
Potential Bugs
Error received when using felix to delete a file:
Session (172.20.100.6:21 tcp)> delete /flash/rw/test2.txt
Command response was an error! 120
ERROR: Failed to securely delete file /flash/rw/test2.txt