Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
UNCLASSIFIED//LES
UNCLASSIFIED//LES Page4
2 INTRODUCTION
Fulcrumisaproactivecapabilitywhichfacilitatestheuseofacontrolledmachinetopivottoanother
uncompromisedtargetmachinethatisonthesameremoteLAN.Theapplicationwillperformamanin
themiddleattackonthetargetcomputer.Theapplicationwillthenmonitorthetargetmachine’sHTTP
trafficandredirectthetargettotheprovidedURLwhentheproperconditionsaremet.
Tobeclear,Fulcrumisnotisanexploitoraworm.Itwillnotgainarbitrarycodeexecutiononaremote
machinenorwillitperformprivilegeescalationonthepivotmachine.Itwillnotcrashapplicationsor
operatingsystemsonthepivotortargetmachines.Fulcrumwillnotreplicateitselforautomatically
targetmachinesonaLANnorwillitworkacrossarouterboundary.
Simplyput,Fulcrumwilldirectatargetmachine’sHTTPclienttraffictotheURLoftheattacker’schoice.
2.1 PURPOSE
ThisistheUser’sManualfortheinitialproductionrelease,Version0.6,oftheFulcrumproduct.The
purposeofthisdocumentistoguideendusersonalltechnicalmannerssurroundingtheproperuseof
theFulcrumproduct.Thisguideincludesstepbysteptutorials,informationonsupported
environments,referenceinformation,andknownissues.
2.2 INTENDEDAUDIENCE
ThisdocumentisintendedprimarilyfortheendusersoftheFulcrumproductandtoalesserextentthe
testersanddevelopers.
2.3 TERMINOLOGY
PivotMachine–ThemachinewhereFulcrumwillrun.
TargetMachine–ThemachinethatFulcrumwilltargetwithitsmaninthemiddleandHTTP
trafficinjectioncapabilities.
DeploymentPreparationMachine–ThemachinewhereFulcrumispreparedandconfigured
fordeployment.
2.4 PRODUCTCOMPONENTS
Theproductconsistsofthreeseparatebinaries:FULCRUM,FULCRUMSHUTDOWN,and
FULCRUM ENCRYPTER.
TheFULCRUMbinaryistheprimaryapplicationoftheproduct.ItisdeployedtothePivotMachineand
isresponsibleforperformingtheactualpivotingtechnique.
FULCRUM SHUTDOWNisahelperutilitywhichcanbedeployedtothePivotMachineinorderto
explicitlyinitiateashutdownoftheFULCRUMapplication.