Evilgrade is an exploit toolkit pwns insecure online updates based on :
- Internal DNS access
- ARP spoofing
- DNS cache poisoning
- DHCP spoofing
The evilgrade 1.0 was released by Infobyte Security Research.
It is designed as a modular framework that accepts plug-ins capable of
mounting attacks on a variety of software packages that employ their
own autoupdate procedures. Currently supported targets include the Java
browser plug-in, WinZip, Winamp, OpenOffice.org, the LinkedIn Toolbar,
iTunes, Mac OS X, DAP, notepadplus, itunes and speedbit. Still more
plug-ins could be developed in coming months.
One of the important features is that this framework is multiplatform
and it only depends of having the right payload for the target platform
to be exploited.
The framework is written in perl and uses modules to carry out the exploit.
So u need to have a perl interpreter to carryout the exploit.
It works with modules, each module implements the structure needed to
emulate a false update of specific applications/systems.
Evilgrade needs the manipulation of the victim dns traffic.
It works similar to a IOS console CLI (command line interface)
If you don’t have these modules you can install them directly by typing
perl -MCPAN -e ‘install ‘
or you can emulate shell prompt
perl -MCPAN -e shell
and then install the module
you can download evilgrade 1.0 from