Possible prod to people to upgrade DNS

Tuc at T-B-O-H.NET ml at t-b-o-h.net
Mon Jul 28 14:51:41 CDT 2008


Hi,

	The demo takes a while to load, goes fast, but shows how the exploit for DNS can 
potentially be used to get into a persons machine w/o them even being involved.

			Tuc/TBOH


Forwarded message:
> 
> -- ISR - Infobyte Security Research
> -- | ISR-evilgrade | www.infobyte.com.ar |
> 
> ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates.
> 
> * How does it work?
> 
> It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems.
> Evilgrade needs the manipulation of the victim dns traffic.
> 
> Attack vectors:
> ---------------------
> 
> Internal scenary: (Internal DNS access,ARP spoofing,DNS Cache Poisoning, DHCP spoofing)
> External scenary: (Internal DNS access,DNS Cache Poisoning)
> 
> * What are the supported OS?
> 
> The framework is multiplaform, it only depends of having the right payload for the target platform to be exploited.
> 
> Implemented modules:
> ---------------------------------
> - Java plugin
> - Winzip
> - Winamp
> - MacOS
> - OpenOffices
> - iTunes
> - Linkedin Toolbar
> - DAP [Download Accelerator]
> - notepad++
> - speedbit
> 
> ..:: DEMO
> 
> Demo feature - (Java plugin + Dan Kaminsky´s Dns vulnerability) = remote pwned.
> http://www.infobyte.com.ar/demo/evilgrade.htm
> 
> ..:: AUTHOR
> 
> Francisco Amato
> famato+at+infobyte+dot+com+dot+ar
> 
> ..:: DOWNLOAD
> 
> http://www.infobyte.com.ar/developments.html
> 
> 
> ..:: MORE INFORMATION
> 
> Presentation:
> http://www.infobyte.com.ar/down/Francisco-Amato-evilgrade-ENG.html
> 
> 





More information about the NANOG mailing list