LISTSERV mailing list manager LISTSERV 16.0

Help for LINUX-L Archives


LINUX-L Archives

LINUX-L Archives


LINUX-L@LISTS.UFL.EDU


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Monospaced Font

LISTSERV Archives

LISTSERV Archives

LINUX-L Home

LINUX-L Home

LINUX-L  2010

LINUX-L 2010

Subject:

Evilgrade

From:

Bill Merriam <[log in to unmask]>

Reply-To:

Platform Independent Linux List! <[log in to unmask]>

Date:

Fri, 5 Nov 2010 19:22:06 -0400

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (152 lines)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here is an interesting software package, Evilgrade. It appears to be
able to attack various Linux things, including Debian and Ubuntu. It
seems to require that the attacker be on the same subnet as the victim,
as would be the case when on a wifi hotspot. Too much fun!

Get your own copy here:
http://www.infobytesec.com/down/isr-evilgrade-2.0.0.tar.gz

Bill

Evilgrade is a modular framework that allows the user to take advantage
of poor upgrade implementations by injecting fake updates. It comes
with pre-made binaries (agents), a working default configuration for
fast pentests, and has it's own WebServer and DNSServer modules. Easy
to set up new settings, and has an autoconfiguration when new binary
agents are set.

* When should I use evilgrade?
 
This framework comes into play when the attacker is able to make
  hostname redirections (manipulation of victim's dns traffic), and
  such thing can be done on 2 scenarios:

Internal scenery:
- - - Internal DNS access
- - - ARP spoofing
- - - DNS Cache Poisoning
- - - DHCP spoofing
- - - TCP hijacking
- - - Wi-Fi Access Point impersonation

External scenery:
- - - Internal DNS access
- - - DNS Cache Poisoning

* How does it work?

Evilgrade works with modules, in each module there's an implemented
structure which is needed to emulate a fake update for an specific
application/system.

* What OS are supported?

ISR-Evilgrade is crossplatform, it only depends of having an
appropriate payload for the right target platform to be exploited.

Implemented modules:
- - -------------------
- - - Freerip
3.30
- - - Jet photo
4.7.2
- - - Teamviewer
5.1.9385
- - - ISOpen
4.5.0
- - -
Istat.
- - - Gom
2.1.25.5015
- - - Atube catcher
1.0.300
- - - Vidbox
7.5
- - - Ccleaner
2.30.1130
- - - Fcleaner
1.2.9.409
- - - Allmynotes
1.26
- - - Notepad++
5.8.2
- - - Java 1.6.0_22
winxp/win7
- - - aMSN
0.98.3
- - - Appleupdate <= 2.1.1.116 ( Safari 5.0.2 7533.18.5, <= Itunes
10.0.1.22, <= Quicktime 7.6.8 1675)
- - - Mirc
7.14
- - - Windows update (ie6 lastversion, ie7 7.0.5730.13, ie8
8.0.60001.18702, Microsoft works)
- - - Dap
9.5.0.3
- - - Winscp
4.2.9
- - - AutoIt Script
3.3.6.1
- - - Clamwin
0.96.0.1
- - - AppTapp Installer 3.11
(Iphone/Itunes)
- - - getjar
(facebook.com)
- - - Google Analytics Javascript
injection
- - - Speedbit Optimizer 3.0 / Video Acceleration
2.2.1.8
- - - Winamp
5.581
- - - TechTracker (cnet) 1.3.1 (Build
55)
- - - Nokiasoftware firmware update 2.4.8es - (Windows
software)
- - - Nokia firmware
v20.2.011
- - - BSplayer
2.53.1034
- - - Apt ( < Ubuntu 10.04
LTS)
- - - Ubertwitter 4.6
(0.971)
- - - Blackberry Facebook 1.7.0.22 | Twitter
1.0.0.45
- - - Cpan
1.9402
- - - VirtualBox
(3.2.8 )
- - - Express
talk
- - -
Filezilla
- - -
Flashget
- - -
Miranda
- - -
Orbit
- - -
Photoscape.
- - - Panda
Antirootkit
- - -
Skype
- - -
Sunbelt
- - -
Superantispyware
- - - Trillian <= 5.0.0.26
- - - Adium 1.3.10 (Sparkle Framework)
- - - VMware
- - - more...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)

iEYEARECAAYFAkzUkaAACgkQ1uwH30QHmFS23ACeORKb7cGf1dVnATCSEOZ1+xTo
GkcAn07El/NJzJTNeuLuLTmrgg4nWsUL
=MWJ6
-----END PGP SIGNATURE-----

Top of Message | Previous Page | Permalink

Advanced Options


Options

Log In

Log In

Get Password

Get Password


Search Archives

Search Archives


Subscribe or Unsubscribe

Subscribe or Unsubscribe


Archives

2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997

ATOM RSS1 RSS2



LISTS.UFL.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager