Evilgrade – New exploit

Evilgrade is an exploit toolkit pwns insecure online updates based on :

  • Internal DNS access
  • ARP spoofing
  • DNS cache poisoning
  • DHCP spoofing

The evilgrade 1.0 was released by Infobyte Security Research.

INTRODUCTION:

It is designed as a modular framework that accepts plug-ins capable of
mounting attacks on a variety of software packages that employ their
own autoupdate procedures. Currently supported targets include the Java
browser plug-in, WinZip, Winamp, OpenOffice.org, the LinkedIn Toolbar,
iTunes, Mac OS X, DAP, notepadplus, itunes and speedbit. Still more
plug-ins could be developed in coming months.

One of the important features is that this framework is multiplatform
and it only depends of having the right payload for the target platform
to be exploited.

The framework is written in perl and uses modules to carry out the exploit.
So u need to have a perl interpreter to carryout the exploit.

WORKING:

It works with modules, each module implements the structure needed to
emulate a false update of specific applications/systems.
Evilgrade needs the manipulation of the victim dns traffic.

It works similar to a IOS console CLI (command line interface)

REQUIREMENTS:

Data::Dump
[http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/Data-Dump-1.08.tar.gz]
Digest::MD5
[http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/Digest-MD5-2.36.tar.gz]
Time::HiRes
[http://search.cpan.org/CPAN/authors/id/J/JH/JHI/Time-HiRes-1.9715.tar.gz]
If you don’t have these modules you can install them directly by typing

perl -MCPAN -e ‘install

or you can emulate shell prompt

perl -MCPAN -e shell


and then install the module

 

DOWNLOAD:

you can download evilgrade 1.0 from
http://www.infobyte.com.ar/developments.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s