OffSec Blog

Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

Tuesday, January 19, 2016

Injecting Fake Updates - Evilgrade

      ,       No comments    


Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it’s own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents are set.


When should I use evilgrade?

This framework comes into play when the attacker is able to make hostname redirections (manipulation of victim’s dns traffic), and such thing can be done on 2 scenarios:

Injecting Fake Updates: Evilgrade

ÂşInternal DNS access
ÂşARP spoofing
ÂşDNS Cache Poisoning
ÂşDHCP spoofing
ÂşTCP hijacking
ÂşWi-Fi Access Point impersonation


External scenery:

ÂşInternal DNS access
ÂşDNS Cache Poisoning


How does it work?

Evilgrade works with modules, in each module there’s an implemented structure which is needed to emulate a fake update for an specific application/system.


What OS are supported?

ISR-Evilgrade is crossplatform, it only depends of having an appropriate payload for the right target platform to be exploited.


Implemented modules:

ÂşFreerip 3.30
ÂşJet photo 4.7.2
ÂşTeamviewer 5.1.9385
ÂşISOpen 4.5.0
ÂşIstat.
ÂşGom 2.1.25.5015
ÂşAtube catcher 1.0.300
ÂşVidbox 7.5
ÂşCcleaner 2.30.1130
ÂşFcleaner 1.2.9.409
ÂşAllmynotes 1.26
ÂşNotepad++ 5.8.2
ÂşJava 1.6.0_22 winxp/win7
ÂşaMSN 0.98.3
ÂşAppleupdate <= 2.1.1.116 ( Safari 5.0.2 7533.18.5, <= Itunes 10.0.1.22, <= Quicktime 7.6.8 1675)
ÂşMirc 7.14
ÂşWindows update (ie6 lastversion, ie7 7.0.5730.13, ie8 8.0.60001.18702, Microsoft works)
ÂşDap 9.5.0.3
ÂşWinscp 4.2.9
ÂşAutoIt Script 3.3.6.1
ÂşClamwin 0.96.0.1
ÂşAppTapp Installer 3.11 (Iphone/Itunes)
getjar (facebook.com)
ÂşGoogle Analytics Javascript injection
ÂşSpeedbit Optimizer 3.0 / Video Acceleration 2.2.1.8
ÂşWinamp 5.581
ÂşTechTracker (cnet) 1.3.1 (Build 55)
ÂşNokiasoftware firmware update 2.4.8es – (Windows software)
ÂşNokia firmware v20.2.011
ÂşBSplayer 2.53.1034
ÂşApt ( < Ubuntu 10.04 LTS)
ÂşUbertwitter 4.6 (0.971)
ÂşBlackberry Facebook 1.7.0.22 | Twitter 1.0.0.45
ÂşCpan 1.9402
ÂşVirtualBox (3.2.8 )
ÂşExpress talk
ÂşFilezilla
ÂşFlashget
ÂşMiranda
ÂşOrbit
ÂşPhotoscape.
ÂşPanda Antirootkit
ÂşSkype
ÂşSunbelt
ÂşSuperantispyware
ÂşTrillian <= 5.0.0.26
ÂşAdium 1.3.10 (Sparkle Framework)
ÂşVMware
Âşmore…
Âş/docs/CHANGES

Share:

0 comentários:

Post a Comment

Note: Only a member of this blog may post a comment.

Established in 2015. Offensive Sec Blog has been sharing security research, hacking tools, threat intelligence, and offensive security content since 2015.
Copyright © OffSec Blog | Powered by OffensiveSec
Design by OffSec | Built for the security community