http://www.infobyte.com.ar/down/isr-evilgrade-Readme.txt
ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates. It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems. Evilgrade needs the manipulation of the victim dns traffic.
Attack vectors - Internal scenary:
Internal DNS access
ARP spoofing
DNS Cache Poisoning
DHCP spoofing
Attack vectors - External scenary:
Internal DNS access
DNS Cache Poisoning
Implemented modules:
Java plugin
Winzip
Winamp
MacOS
OpenOffices
iTunes
Linkedin Toolbar
DAP [Download Accelerator]
notepad++
speedbit
Demo Slides (PDF)
Demo Video
---------------------------
Basically, an attacker can exploit a program's auto or manual update function to fully pwn a client. Add that with the current widespread DNS flaw..and you have a very dangerous mix for massive client pwnage.
Given all the great work already put into this framework by Francisco Amato, its should be pretty easy to make it a MSF module. Which is in progress as you read this...
No comments:
Post a Comment