EvilGrade: "ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates."
Metasploit: "Evilgrade Will Destroy Us All."
This is a "semi automate" script to help set-up an environment for EvilGrade so it can work its magic, and then there is a video demonstrating it in action which shows the effects of EvilGrade. EvilGrade is simply, another "option" to do after performing a "Man In The Middle" attack, that tricks certain software to believe there is an update available when really it's the attacker payload.
Watch video on-line:
Download video: http://download.g0tmi1k.com/videos_archive/evilGrade_v0.1.mp4
EvilGrade: "It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems.Evilgrade needs the manipulation of the victim dns traffic."
EvilGrade creates a web server, which when a program's auto-update feature queries back "home" to check for an update, EvilGrade creates a spoofed updated version. The program then notify the target that there is an "update" available, and would they like to update. The danger of this is most users trust the program with the "auto update feature" and download and executes the update, when in reality, this is our payload.
- EvilGrade Any Requirements - (Data::Dump, Digest::MD5, Time::HiRes)
- A Payload - (I'm using metasploit and SBD)
- A method of doing a MITM Attack - (I'm using arpspoof - part of dsniff suite)
- A way to spoof DNS - (I'm using dnsspoof - part of dsniff suite)
- evilGrade[v0.1.3].sh - (only if you wish for a helping hand to automate a few steps)
- evilGrade_install[v0.1.3].sh - (only if you wish for a helping hand to get this working with BackTrack 4 Final)
How to use it?
- Download the script(s).
- Install EvilGrade (If your lazy use the script!).
- Check to see what interface is going to be used (via ifconfig).
- Edit evilGrade[v0.1.3].sh (via kate evilGrade[v0.1.3].sh) to make it work with your system.
- bash evilGrade[v0.1.3].sh OR bash evilGrade[v0.1.3].sh TargetsIP (bash evilGrade[v0.1.3].sh 192.168.1.101).
- Pick your which software to attack (via show modules).
- Pick your "agent" (Which program to insert/inject/replace the update).
- Check any other options (via show options).
- ...Game Over.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
How can I protect myself from this?
- Don't use the self updating features on software.
- When prompted about an update, visit the official homepage to download the update.
- Check the official homepage for a MD5/SHA1 hash.
- The video uses evilGrade[v0.1].sh.
- It's worth doing this "manually" (without the script) before using the script, so you have an idea of what's happening, and why. The script is only meant to save time.
Video length: 2:44
Capture length: 7:59
- +Added arguments
- +Checks for superuser
- +Checks interfaces/paths/files exists
- *Fix it - Couple of silly typos
- *General code improvements
- *Improved checking the targets IP Address
- +Added debug mode
- +Added custom payload
- +Checks system setup before running
- +Fix gateway bug
- *General code improvements
- +First public release