Scribd
Upload
88 views4 pages

Cherry Blossom Mobile VPN Software Installation and User Manual

The document provides instructions for installing and using Cherry Blossom's Mobile VPN software. Key points include: 1) The Mobile VPN software allows operators to access devices on a private network by connecting a Flytrap to the public-facing Mobile VPN server. 2) Installation involves booting an ICON workstation to Fedora Core 10, connecting to a Snowball/Fireball, installing from a provided CD, and obtaining the public IP. 3) Usage involves adding the Mobile VPN server's IP to CherryTree, planning missions with VPN actions that specify the server, and assigning missions to Flytraps.

Uploaded by

0xbit
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
88 views4 pages

Cherry Blossom Mobile VPN Software Installation and User Manual

The document provides instructions for installing and using Cherry Blossom's Mobile VPN software. Key points include: 1) The Mobile VPN software allows operators to access devices on a private network by connecting a Flytrap to the public-facing Mobile VPN server. 2) Installation involves booting an ICON workstation to Fedora Core 10, connecting to a Snowball/Fireball, installing from a provided CD, and obtaining the public IP. 3) Usage involves adding the Mobile VPN server's IP to CherryTree, planning missions with VPN actions that specify the server, and assigning missions to Flytraps.

Uploaded by

0xbit
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

SECRET

Cherry Blossom Mobile VPN Software (svn


9012)
Installation and User Guide

For use with CherryTree Server v5.0


(svn 9038)

Based on SRI document SLO-FF-2012-182, revision 1.0


Created 14 September 2012

SECRET
SECRET

1.(U) Introduction
(S) Cherry Blossom includes a Mobile VPN capability, wherein the Mobile VPN
software can be installed on a server with a publicly-accessible IP address. This
server is typically an ICON workstation. [The SRI-developed Mobile VPN software
was developed to run on a workstation booted in Fedora Core 10; COG has
requested that it be modified to run on a workstation booted into Ubuntu 10.04.]
This document explains how the SRI/Fedora version of the Mobile VPN server
software is installed and operated.

(S) Knowing the IP address of the Mobile VPN server, by interacting with the
CherryTree database via a different ICON workstation, a Cherry Blossom operator
can task a Flytrap to open a VPN link between the Flytrap and the Mobile VPN
server. Through this link, the operator can then access client workstations on the
(private) LAN or WLAN side of the Flytrap and perform exploits against the client
devices. Additionally, the mission tasked to the Flytrap can instruct the Flytrap to
use the Mobile VPN server to proxy all network traffic.

2.(U) Mobile VPN Server Installation


(S) To install the Mobile VPN server software onto an ICON workstation:

a) Follow standard ICON procedures to boot to the “Fedora Core 10” OS.
b) Follow standard ICON procedures to connect to the public/outward-facing
Snowball/Fireball of choice. Use the “tun” interface option.
c) Test Internet connectivity
d) Insert the Mobile VPN Software (svn 9012) CD.
e) Run the Mobile VPN software installer as root:
su –
cd /media/<CDROM> && ./install.sh

3.(U) Usage
(S) Typical usage of the Mobile VPN capability is to task a Flytrap with a mission
that will perform VPN Link/Prosy actions where the VPN server is the “Mobile”
server. This section gives a brief overview on how to plan missions with VPN
actions. See the Cherry Blossom User’s Manual for more details.

a. (S) Add the Mobile VPN Server to CherryTree/CherryWeb


(S) Once the Mobile VPN software has been installed on an ICON workstation,
determine the public IP address of the workstation (From a command terminal,

SECRET
SECRET

issue the command ‘ifconfig’ and examine the IP address of the ‘tun’ interface). On
your CherryWeb workstation, configure a VPN server address for the Mobile VPN
server:

• From the CherryWeb menu pane, click Plan ->Exploits ->VPN Link/Proxy
• On the “Add a VPN Server for ‘VPN Link’ or ‘VPN Proxy All’ action” page,
enter a name for the Mobile VPN server in the ‘Proxy Name’ text box, enter
the public IP address of the Mobile VPN server in the ‘Proxy Address’ text
box, leave the value ‘80’ in the ‘Port’ field, and click ‘Create’.

b) (S) Plan a Mission with VPN Link/Proxy actions


(S) Now plan a Mission with appropriate VPN Link/Proxy actions and assign it to the
Flytrap:

• On the CherryWeb menu pane, click Plan ->Missions


• If using a ‘Global’ VPN action (Global VPN Link or VPN Proxy All), select this
action in the ‘Global Action’ combo box of the ‘Support Parameters’ step of
the Mission workflow. In the ‘VPN Server IP’ combo box, select the newly
added Mobile VPN server. Select a ‘VPN Action Timer’ if appropriate. Click
‘Next’ when done.
• If using ‘Target’ VPN actions (i.e., the VPN action is to be triggered by the
detection of a target), select the appropriate VPN action and timeout for the
target(s) of interest on the ‘Target Exploit/Action(s)’ page of the Mission
workflow.
• When you are finished planning the Mission, click ‘Assign ->Mission to
Flytraps link on the CherryWeb menu pane. Select the Mission just planned,
check the desired Flytrap(s), and click ‘Assign’.
(S) New for Cherry Blossom v5.0 is the ability to add/edit Target actions directly to
Target Decks. In this case:

• On the CherryWeb menu pane, click Plan ->Target Decks


• Under ‘Edit a Target Deck’, select the Target Deck of interest
• On the ‘Target Action/Exploit Assignment’ step of the workflow, select the
appropriate VPN action and timeout for the Target(s) of interest. Then, at the
bottom of the Target list, select the newly added Mobile VPN server.
• Click the ‘Apply Actions’ button.
Note that when a Target Deck is edited, any Missions containing the Target Deck
are automatically revised and the new revision is automatically assigned to any
Flytraps currently executing that Mission.

SECRET
SECRET

4.(U) Caveats
(S) If the network interface of the Mobile VPN ICON workstation is modified after
the Mobile VPN server software is installed, or if the Mobile VPN software is
installed before the network interface has been configured, the workstation will
need to be rebooted and the server software reinstalled.

SECRET

You might also like