[dns-operations] Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations (fwd)

Gadi Evron ge at linuxbox.org
Mon Jul 28 23:20:23 UTC 2008

---------- Forwarded message ----------
Date: Mon, 28 Jul 2008 07:21:09 -0300
From: "[ISR] - Infobyte Security Research" <noreply at infobyte.com.ar>
To: bugtraq at securityfocus.com
Subject: Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor
     update implementations

-- ISR - Infobyte Security Research
-- | ISR-evilgrade | www.infobyte.com.ar |

ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates.

* How does it work?

It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems.
Evilgrade needs the manipulation of the victim dns traffic.

Attack vectors:

Internal scenary: (Internal DNS access,ARP spoofing,DNS Cache Poisoning, DHCP spoofing)
External scenary: (Internal DNS access,DNS Cache Poisoning)

* What are the supported OS?

The framework is multiplaform, it only depends of having the right payload for the target platform to be exploited.

Implemented modules:
- Java plugin
- Winzip
- Winamp
- MacOS
- OpenOffices
- iTunes
- Linkedin Toolbar
- DAP [Download Accelerator]
- notepad++
- speedbit

..:: DEMO

Demo feature - (Java plugin + Dan Kaminsky´s Dns vulnerability) = remote pwned.


Francisco Amato





More information about the dns-operations mailing list