Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
3.5.2 (S//NF) Fire and Forget (v3) mode
(S//NF) While not the preferred mode, BothanSpy does offer Fire and Forget (v3) mode
for instances where F&C can't be used or when the CONOPS requires this mode. Fire
and Forget (F&F) mode will create files on the target's machine that contain the
credential data parsed from Xshell, encrypted with AES-256.
(S//NF) No extra installation is needed to run in F&F mode. To unpack F&F files, you'll
need the fnf_unpack.py script on whatever machine you'd like to unpack on. Also,
determine what folder path you would like BothanSpy output files to go to on target, and
ensure those paths are writable by Xshell. For example, on Windows Vista+ machines,
user-mode processes (which likely will include Xshell) cannot write to C:\, C:\Windows,
etc. without UAC elevation. Xshell will have permissions to write to the user's temp
folder, or newly created folders off of the local drive (Ex. mkdir C:\tempfolder).
SECRET//NOFORN
6