ISR-evilgrade – Inject Updates to Exploit Software

The New Acunetix V12 Engine


ISR-evilgrade is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates and exploiting the system or software.

How does it work?

It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems. Evilgrade needs the manipulation of the victims DNS traffic, it works in conjunction with man-in-the-middle techniques or MITM such as DNS, ARP, DHCP, etc.

Attack Vectors

Internal scenario:

  • Internal DNS access
  • ARP Spoofing
  • DNS Cache Poisoning
  • DHCP Spoofing

External scenario:

  • Internal DNS Access
  • DNS Cache Poisoning

What are the supported OS?

The framework is multiplatform, it only depends of having the right payload for the target platform to be exploited.

Implemented modules

  • Java plugin
  • Winzip
  • Winamp
  • MacOS
  • OpenOffice
  • iTunes
  • Linkedin Toolbar
  • DAP [Download Accelerator]
  • Notepad++

You can download ISR-evilgrade here:

isr-evilgrade-1.0.0.tar.gz

Or read more here.

Posted in: Exploits/Vulnerabilities, Hacking Tools, Secure Coding

, , ,


Latest Posts:


dcipher - Online Hash Cracking Using Rainbow & Lookup Tables dcipher – Online Hash Cracking Using Rainbow & Lookup Tables
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.
HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
Cangibrina - Admin Dashboard Finder Tool Cangibrina – Admin Dashboard Finder Tool
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists etc.
Enumall - Subdomain Discovery Using Recon-ng & AltDNS Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.


6 Responses to ISR-evilgrade – Inject Updates to Exploit Software

  1. Morgan Storey August 29, 2008 at 11:24 am #

    Thanks for the mention… Nah I am kidding. It is an awesome little proof of concept, I am wondering why they aren’t including windows updates. I am pretty sure from what I have seen it is only http (not https), so it could be broken as well in the same manner, anyone have a link to prove me wrong?

  2. lyz August 30, 2008 at 12:09 pm #

    Windows update crack prolly just in the making.. lol

  3. Morgan Storey August 31, 2008 at 12:01 am #

    well I decdied to check a bit how windows updates works, cause I was sure it is http.
    I google, no mention of any internal signing process.
    Next step a quick netstat. It is plain http traffic, as I originally thought. Makes me feel all safe and warm… sarcasm doesn’t present well on the internet, but yikes I am glad I have moved away from windows.

  4. d347hm4n September 1, 2008 at 7:42 am #

    Was wondering when a tool was going to come out to use this P.O.C.

  5. Navin September 1, 2008 at 9:55 am #

    +1
    c’mon its like a holy grail for a dark-hatter…the ability to infect millions of people at a go!! Windows Update seriously, as Morgan pointed out, shows how insecure Windows is compared to other OSes

  6. Morgan Storey September 1, 2008 at 10:33 am #

    @Navin: Well yes windows updates is insecure, but have a look at Redhat, its key was compromised, and a few packages signed with it. A lot of Linux package managers (except apt I am pretty sure) have been shown to install an older (vulnerable) version of a package over an existing newer package, so the same dns redirect would work there, as long as the repo’s gpg key was trusted, but how many users would just click continue…