Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

(S) It is important to determine and record the WLAN and LAN MAC addresses of the
device you are implanting, as CherryWeb uses these as the Flytrap’s unique identifiers.
The user can then use these MAC addresses to configure the Flytrap -- assign it a more
meaningful name, group, and location, and potentially pre-assign it a particular Mission
(see CBUM Sections 5.7 and 5.9). The user can view a list of the WLAN MAC addresses
of surveyed devices via the Claymore GUI or in the report log file. Wireless sniffers (for
example Airopeek) will typically show the WLAN MAC as the ESSID. Most devices
have this information labeled somewhere on the device. In some cases, the MAC address
printed on the device is the LAN or WAN MAC, and it is usually similar (only the last
octet differs) or identical to the WLAN MAC. The CBUM documents which MAC
address(es) are labeled/printed on the supported devices that have passed FAT. When the
Flytrap beacons, it sends WLAN, LAN, and WAN MAC addresses, and CherryWeb
displays these three MAC addresses on the “Flytrap Details” page (see Figure 6), so that
the user can disambiguate if necessary.
5.2 (U) Logging Into CherryWeb
(S) To log into CherryWeb (CW):
1. Login to an Icon terminal
2. Using the Cisco VPN Client software, connect to the “TDN-VPN-ASA01”
(Thunderdome) profile.
3. Open a web browser (see CBUM for recommended browsers) to the CW site:
https://<CherryBlossomServiceIP>/CherryWeb
See “Cherry Blossom Installation Guide” for the <CherryBlossomServiceIP>.
4. Enter the username and password for your CB User and click “Login”. If you do
not have a User account, have a User with “cwadmin” privileges (see CBUM)
create a User account for you.
10

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh