Evilgrade – MITM Attack Framework

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.

It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it’s own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents are set.

When should I use evilgrade?

This framework comes into play when the attacker is able to make hostname redirections (manipulation of victim’s dns traffic), and such thing can be done on 2 scenarios:

Also read: Netripper – Smart Traffic Sniffing

Injecting Fake Updates: Evilgrade

• Internal DNS access
• ARP spoofing
• DNS Cache Poisoning
• DHCP spoofing
• TCP hijacking
• Wi-Fi Access Point impersonation
  

  

External scenery:

• Internal DNS access
• DNS Cache Poisoning

How does it work?

Evilgrade works with modules, in each module there’s an implemented structure which is needed to emulate a fake update for a specific application/system.

What OS are supported?

ISR-Evilgrade is crossplatform, it only depends of having an appropriate payload for the right target platform to be exploited.

Implemented modules:

• Freerip 3.30
• Jet photo 4.7.2
• Teamviewer 5.1.9385
• ISOpen 4.5.0
• Istat.
• Gom 2.1.25.5015
• Atube catcher 1.0.300
• Vidbox 7.5
• Ccleaner 2.30.1130
• Fcleaner 1.2.9.409
• Allmynotes 1.26
• Notepad++ 5.8.2
• Java 1.6.0_22 winxp/win7
• aMSN 0.98.3
• Appleupdate <= 2.1.1.116 ( Safari 5.0.2 7533.18.5, <= Itunes 10.0.1.22, <= Quicktime 7.6.8 1675)
• Mirc 7.14
• Windows update (ie6 lastversion, ie7 7.0.5730.13, ie8 8.0.60001.18702, Microsoft works)
• Dap 9.5.0.3
• Winscp 4.2.9
• AutoIt Script 3.3.6.1
• Clamwin 0.96.0.1
• AppTapp Installer 3.11 (Iphone/Itunes)
• getjar (facebook.com)
• Google Analytics Javascript injection
• Speedbit Optimizer 3.0 / Video Acceleration 2.2.1.8
• Winamp 5.581
• TechTracker (cnet) 1.3.1 (Build 55)
• Nokiasoftware firmware update 2.4.8es – (Windows software)
• Nokia firmware v20.2.011
• BSplayer 2.53.1034
• Apt ( < Ubuntu 10.04 LTS)
• Ubertwitter 4.6 (0.971)
• Blackberry Facebook 1.7.0.22 | Twitter 1.0.0.45
• Cpan 1.9402
• VirtualBox (3.2.8 )
• Express talk
• Filezilla
• Flashget
• Miranda
• Orbit
• Photoscape.
• Panda Antirootkit
• Skype
• Sunbelt
• Superantispyware
• Trillian <= 5.0.0.26
• Adium 1.3.10 (Sparkle Framework)
• VMware
• more…
• /docs/CHANGES

Also read: Evil Foca – Network Security Testing

Evilgrade Tutorial