Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
4.1.1 General Operation
Tomato is generally operated as follows:
• Tomato user wirelessly connects to the network device.
• Tomato user runs the Tomato program which returns the network device’s
administrator password (and performs any other actions), or indicates an
error.
4.1.2 Linux Operation
To run Tomato on a Linux laptop:
• Wirelessly connect to the network device. This procedure can vary per
linux distribution, but typically one can use linux wireless tools (iwconfig)
and wpa_supplicant (pre-installed on most recent linux distributions).
Consult the man pages if necessary. Also, the wpa_supplicant GUI, is a
particularly useful tool (see
http://hostap.epitest.fi/wpa_supplicant/wpa_gui.html).
• Change to the Tomato Release directory. For example, if you unzipped
Nightshade in the “/home/myuser/foobar” directory, at a terminal prompt,
type:
cd /home/myuser/foobar/Nightshade/Tomato/Release
• Run Tomato.sh with the appropriate action argument (see section 4.1.4 for
a discussion of which action may be appropriate)::
o ./Tomato.sh pass fetches the password
o ./Tomato.sh passr fetches the password and reboots the
device
o ./Tomato.sh shell fetches the password and opens a telnet-
like interactive shell to the device
o ./Tomato.sh help prints help for Tomato, including device
coverage
4.1.3 Windows XP Operation
To run Tomato on a Windows XP laptop: