[106427] in North American Network Operators' Group
Possible prod to people to upgrade DNS
daemon@ATHENA.MIT.EDU (Tuc at T-B-O-H.NET)
Mon Jul 28 15:52:11 2008
From: "Tuc at T-B-O-H.NET" <ml@t-b-o-h.net>
To: nanog@nanog.org
Date: Mon, 28 Jul 2008 15:51:41 -0400 (EDT)
Errors-To: nanog-bounces@nanog.org
Hi,
The demo takes a while to load, goes fast, but shows how the exploit for DNS can
potentially be used to get into a persons machine w/o them even being involved.
Tuc/TBOH
Forwarded message:
>
> -- ISR - Infobyte Security Research
> -- | ISR-evilgrade | www.infobyte.com.ar |
>
> ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates.
>
> * How does it work?
>
> It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems.
> Evilgrade needs the manipulation of the victim dns traffic.
>
> Attack vectors:
> ---------------------
>
> Internal scenary: (Internal DNS access,ARP spoofing,DNS Cache Poisoning, DHCP spoofing)
> External scenary: (Internal DNS access,DNS Cache Poisoning)
>
> * What are the supported OS?
>
> The framework is multiplaform, it only depends of having the right payload for the target platform to be exploited.
>
> Implemented modules:
> ---------------------------------
> - Java plugin
> - Winzip
> - Winamp
> - MacOS
> - OpenOffices
> - iTunes
> - Linkedin Toolbar
> - DAP [Download Accelerator]
> - notepad++
> - speedbit
>
> ..:: DEMO
>
> Demo feature - (Java plugin + Dan Kaminsky´s Dns vulnerability) = remote pwned.
> http://www.infobyte.com.ar/demo/evilgrade.htm
>
> ..:: AUTHOR
>
> Francisco Amato
> famato+at+infobyte+dot+com+dot+ar
>
> ..:: DOWNLOAD
>
> http://www.infobyte.com.ar/developments.html
>
>
> ..:: MORE INFORMATION
>
> Presentation:
> http://www.infobyte.com.ar/down/Francisco-Amato-evilgrade-ENG.html
>
>
