Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//NOFORN
8. (S//NF) Example 1: Using Grasshopper to install SG2.1
(S//NF) This example will configure a Grasshopper installer for Stolen Goods 2.1. The
target will be Windows XP, SG2 will use the network component, the payloads will be
ICEPICK and JediMindTricks, and it will use the GH1 stub. This example assumes
you've run Vbr.exe in the Grasshopper StolenGoods2 folder. Make sure you've generated
ipl.asm (or ipl_832.asm/ipl_864.asm if building for Windows 8.1) and that the file is in
the StolenGoods2 module folder in the Grasshopper build directory.
(S//NF) Figure 1 – We want to use a 32-bit payload, so we select the generic, Persistence-spec compliant 32-bit
entry, #8
(S//NF) Figure 2 – The 'payload' here is really the correct on-disk stub. Since we're going to use a GH1 payload
on a 32-bit machine, we write the path to MemStub32-GH1.dll here.
(S//NF) Figure 3 – We want to use Stolen Goods 2 on XP, so we choose #6
SECRET//NOFORN
- xvi -

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh