Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations
From: "[ISR] - Infobyte Security Research" <noreply@xxxxxxxxxxxxxxx>
Date: Mon, 28 Jul 2008 07:21:09 -0300
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: KMail/1.9.7

-- ISR - Infobyte Security Research
-- | ISR-evilgrade | www.infobyte.com.ar |

ISR-evilgrade: is a modular framework that allow us to take advantage of poor 
upgrade implementations by injecting fake updates.

* How does it work?

It works with modules, each module implements the structure needed to emulate a 
false update of specific applications/systems.
Evilgrade needs the manipulation of the victim dns traffic.

Attack vectors:
---------------------

Internal scenary: (Internal DNS access,ARP spoofing,DNS Cache Poisoning, DHCP 
spoofing)
External scenary: (Internal DNS access,DNS Cache Poisoning)

* What are the supported OS?

The framework is multiplaform, it only depends of having the right payload for 
the target platform to be exploited.

Implemented modules:
---------------------------------
- Java plugin
- Winzip
- Winamp
- MacOS
- OpenOffices
- iTunes
- Linkedin Toolbar
- DAP [Download Accelerator]
- notepad++
- speedbit

..:: DEMO

Demo feature - (Java plugin + Dan Kaminsky´s Dns vulnerability) = remote pwned.
http://www.infobyte.com.ar/demo/evilgrade.htm

..:: AUTHOR

Francisco Amato
famato+at+infobyte+dot+com+dot+ar

..:: DOWNLOAD

http://www.infobyte.com.ar/developments.html


..:: MORE INFORMATION

Presentation:
http://www.infobyte.com.ar/down/Francisco-Amato-evilgrade-ENG.html

Prev by Date: [DSECRG-08-033] Local File Include Vulnerability in Pixelpost 1.7.1
Next by Date: [security bulletin] HPSBMA02353 SSRT080066 rev.1 - HP OpenView Internet Services Running Probe Builder, Remote Denial of Service (DoS)
Previous by thread: [DSECRG-08-033] Local File Include Vulnerability in Pixelpost 1.7.1
Next by thread: [security bulletin] HPSBMA02353 SSRT080066 rev.1 - HP OpenView Internet Services Running Probe Builder, Remote Denial of Service (DoS)
Index(es):
- Date
- Thread