Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

UNCLASSIFIED
Cherry Bomb Program Cherry Blossom Internal Test Procedures
From the Client Computer (in this case, it must be a Linux computer), ping the
web server with “ping -p 3A616263406465662E636F6D3A {WebserverIP}”. This
hex string converts to “:abc@def.com:?”. Verify that no Alert is sent (this tests
that protocol scanning is working properly).
Assign a Mission with “Port Scanning”=”Scan All Ports”, “Protocol
Scanning”=”Scan All Protocols”, Target abc@def.com, and other parameters as
in 4.2.1. Have the Flytrap beacon and receive this Mission. From the Client
Computer, open the webpage with abc@def.com on the web server (be sure that
your browser is not caching this page!).
Verify (using CherryWeb) that an Alert is sent for abc@def.com (this tests that
port scanning is working properly). Wait at least “Session Timeout”. Then, from
the Client Computer, ping the web server with “ping -p
3A616263406465662E636F6D3A {WebserverIP}”. This hex string converts to
“:abc@def.com:?”. Verify that an Alert is sent for abc@def.com (this tests that
protocol scanning is working properly). Be sure to set the Apache port back to
80.
Pass/Fail: the test passes if verification steps in the “Run” section are correct.
4.2.21 Firmware Upgrade Inhibit Test
Description: Tests that a Flytrap inhibits the user from upgrading the firmware
with a manufacturer’s error, and that a backdoor page exists for actually
upgrading the firmware. Note this feature is only supported on certain Flytrap
make/model/versions.
Setup: connect a client to the Flytrap’s LAN, and open the Flytrap’s web page.
Run: attempt to upgrade the firmware, and verify it doesn’t happen and a
reasonable error message is presented. Attempt to upgrade the firmware via the
backdoor web page, and verify that it is successful.
Pass/Fail: the test passes if verification steps in the “Run” section are correct.
4.2.22 Mission Manager NVRAM Reset Test
Description: Tests that the Mission Manager NVRAM reset feature works
properly (i.e., mm –x).
Setup: connect a client to the Flytrap’s LAN, telnet to the Flytrap. Get a listing of
the Mission Manager NVRAM settings using “mm -v”.
Run: at the telnet prompt, run “mm –x”. Verify the Mission Manager NVRAM
settings are all properly unset using “mm –v”.
UNCLASSIFIED
33

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh