Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it’s own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents are set.
When should I use evilgrade?
This framework comes into play when the attacker is able to make hostname redirections (manipulation of victim’s dns traffic), and such thing can be done on 2 scenarios:
Injecting Fake Updates: Evilgrade
ºInternal DNS access
ºARP spoofing
ºDNS Cache Poisoning
ºDHCP spoofing
ºTCP hijacking
ºWi-Fi Access Point impersonation
External scenery:
ºInternal DNS access
ºDNS Cache Poisoning
How does it work?
Evilgrade works with modules, in each module there’s an implemented structure which is needed to emulate a fake update for an specific application/system.
What OS are supported?
ISR-Evilgrade is crossplatform, it only depends of having an appropriate payload for the right target platform to be exploited.
Implemented modules:
ºFreerip 3.30
ºJet photo 4.7.2
ºTeamviewer 5.1.9385
ºISOpen 4.5.0
ºIstat.
ºGom 2.1.25.5015
ºAtube catcher 1.0.300
ºVidbox 7.5
ºCcleaner 2.30.1130
ºFcleaner 1.2.9.409
ºAllmynotes 1.26
ºNotepad++ 5.8.2
ºJava 1.6.0_22 winxp/win7
ºaMSN 0.98.3
ºAppleupdate <= 2.1.1.116 ( Safari 5.0.2 7533.18.5, <= Itunes 10.0.1.22, <= Quicktime 7.6.8 1675)
ºMirc 7.14
ºWindows update (ie6 lastversion, ie7 7.0.5730.13, ie8 8.0.60001.18702, Microsoft works)
ºDap 9.5.0.3
ºWinscp 4.2.9
ºAutoIt Script 3.3.6.1
ºClamwin 0.96.0.1
ºAppTapp Installer 3.11 (Iphone/Itunes)
getjar (facebook.com)
ºGoogle Analytics Javascript injection
ºSpeedbit Optimizer 3.0 / Video Acceleration 2.2.1.8
ºWinamp 5.581
ºTechTracker (cnet) 1.3.1 (Build 55)
ºNokiasoftware firmware update 2.4.8es – (Windows software)
ºNokia firmware v20.2.011
ºBSplayer 2.53.1034
ºApt ( < Ubuntu 10.04 LTS)
ºUbertwitter 4.6 (0.971)
ºBlackberry Facebook 1.7.0.22 | Twitter 1.0.0.45
ºCpan 1.9402
ºVirtualBox (3.2.8 )
ºExpress talk
ºFilezilla
ºFlashget
ºMiranda
ºOrbit
ºPhotoscape.
ºPanda Antirootkit
ºSkype
ºSunbelt
ºSuperantispyware
ºTrillian <= 5.0.0.26
ºAdium 1.3.10 (Sparkle Framework)
ºVMware
ºmore…
º/docs/CHANGES
0 comentários:
Post a Comment
Note: Only a member of this blog may post a comment.