Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

TRITON INSTALLER STATUS CODES
The Triton installer outputs a status code with the string "XXXXX:" followed by a number:
0: Install Success
5: Install failed (internal error)
6: Install failed because the install script was not run by the root user
7: Install failed because the running system was not Lion or Mountain Lion
LP GUIDE
Here's what a typical Apache setup will look like:
An LP configured for SSL should have the following files in it's vhost configuration
directory:
some.domain.conf...............(required for SSL) Vhost configuration file for
the LP
some.domain/cacert.pem.........(required for SSL) The Certificate Authority file
some.domain/cert.pem...........(required for SSL) The LP's certificate
some.domain/privkey.pem........(required for SSL) The LP's private keyâ¨
A typical Apache setup should have the following directives enabled:
Listen A.B.C.D:443.............The IP address and port upon which the Apache
server will listen
NameVirtualHost A.B.C.D:443....The IP address and port to which Apache should
apply Name Virtual Host rules. Should match the Listen directive above
Include YYYY/.conf............The directory where apache expects to find vhost
config files
Group XXXX.....................The group under which the apache process executes
SSL...........................(required for SSL) SSL options, usually in
mod_ssl.conf
SSLStrictSNIVHostCheck on......(required for SSL) Only enable if multiple SSL
vhosts share a single IP address
The LP can be configured manually, or by using the supplied vhost.sh script:
Identify a location to put the LP's web root (htdocs directory)
Identify the Apache user/group from httpd.conf
Identify the IP address/port that Apache uses for SSL (the
Listen/NameVirtualHost directives above)
Identify the Apache vhost configuration directory, as noted above
Identify the Apache logs directory from httpd.conf (ErrorLog...)
Note the domain name of the LP, as specified to the builder
copy the implant's APACHEFILES directory to a temporary directory on the LP
chmod 755 APACHEFILES/vhost.sh
edit the APACHEFILES/some.domain.conf file so that matches the IP address/port
above
execute the vhost.sh script with no arguments to see it's help output
execute the vhost.sh script with the information/arguments identified above
restart Apache, check the Apache logs for errors
test the LP by using curl on another system: curl --cert target.cert --cacert
cacert.pem --key target.privkey LPURL
check the Apache logs for errorsâ¨
The LP's web root should contain the following files:
/........................(required) Root web directory. Apache must have
read/execute permissions
/a.......................(optional) Encrypted automatic task file. Apache must
have read/execute permissions
/c.......................(optional) Encrypted config file
/fls/....................(required) Upload directory. Apache must have
read/write/execute/unlink permissions
/fls/s...................(optional) Encrypted state file created by LP. Apache
must have read/write permissions
/fls/i...................(optional) Encrypted immediate task file. Apache must
have read/unlink permissions
/fls/*.up................(optional) Uploaded data. Apache must have write/unlink
permissions
SECRET//NOFORN

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh