Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Evilgrade - Upgrade injection tool
#1

Hidden Content:
You must register or login to view this content.


This tool is extremely useful for further "pentesting" a network. You get a foothold into one machine and are able to setup an upgrade spoofing service. It pushes updates to a lot of different applications prompting other users on the network that they need to download and install. This is part of the Blackhat Arsenal from the security conference. 


Code:
This framework comes into play when the attacker is able to make hostname redirections (manipulation of victim's dns traffic), and such thing can be done on 2 scenarios:
Internal scenery:

Internal DNS access

ARP spoofing

DNS Cache Poisoning

DHCP spoofing

TCP hijacking

Wi-Fi Access Point impersonation
External scenery:

Internal DNS access

DNS Cache Poisoning
* How does it work?
Evilgrade works with modules, in each module there's an implemented structure which is needed to emulate a fake update for an specific application/system.
* What OS are supported?
ISR-Evilgrade is crossplatform, it only depends of having an appropriate payload for the right target platform to be exploited.


Implemented modules:


  • Freerip 3.30

  • Jet photo 4.7.2

  • Teamviewer 5.1.9385

  • ISOpen 4.5.0

  • Istat.

  • Gom 2.1.25.5015

  • Atube catcher 1.0.300

  • Vidbox 7.5

  • Ccleaner 2.30.1130

  • Fcleaner 1.2.9.409

  • Allmynotes 1.26

  • Notepad++ 5.8.2

  • Java 1.6.0_22 winxp/win7

  • aMSN 0.98.3

  • Appleupdate <= 2.1.1.116 ( Safari 5.0.2 7533.18.5, <= Itunes 10.0.1.22, <= Quicktime 7.6.8 1675)

  • Mirc 7.14

  • Windows update (ie6 lastversion, ie7 7.0.5730.13, ie8 8.0.60001.18702, Microsoft works)

  • Dap 9.5.0.3

  • Winscp 4.2.9

  • AutoIt Script 3.3.6.1

  • Clamwin 0.96.0.1

  • AppTapp Installer 3.11 (Iphone/Itunes)

  • getjar (facebook.com)

  • Google Analytics Javascript injection

  • Speedbit Optimizer 3.0 / Video Acceleration 2.2.1.8

  • Winamp 5.581

  • TechTracker (cnet) 1.3.1 (Build 55)

  • Nokiasoftware firmware update 2.4.8es - (Windows software)

  • Nokia firmware v20.2.011

  • BSplayer 2.53.1034

  • Apt ( < Ubuntu 10.04 LTS)

  • Ubertwitter 4.6 (0.971)

  • Blackberry Facebook 1.7.0.22 | Twitter 1.0.0.45

  • Cpan 1.9402

  • VirtualBox (3.2.8 )

  • Express talk

  • Filezilla

  • Flashget

  • Miranda

  • Orbit

  • Photoscape.

  • Panda Antirootkit

  • Skype

  • Sunbelt

  • Superantispyware

  • Trillian <= 5.0.0.26

  • Adium 1.3.10 (Sparkle Framework)

  • VMware

  • more...

Reply
 


Possibly Related Threads...
Thread Author Replies Views Last Post
Tongue AsyncRAT - TCP Asynchronous Socket - Remote Administration Tool kelvinsecteamNew 0 51 12-13-2018, 02:11 PM
Last Post: kelvinsecteamNew
  [DDos] Source Code -DDos Attack Tool 1337み 6 689 12-11-2018, 03:32 PM
Last Post: NightwingLTU
  iKy Dark Web Tool - Open Source teamkelvinsecteam 4 309 11-30-2018, 03:08 AM
Last Post: MISHE1986
  UnstableDDoS Powerfull IP Stresser / DDoS Attack Tool teamkelvinsecteam 0 176 11-12-2018, 03:16 AM
Last Post: teamkelvinsecteam
  Loki - Remote Access Tool/Botnet teamkelvinsecteam 3 382 11-05-2018, 01:36 PM
Last Post: exei



Users browsing this thread: 1 Guest(s)