[prev in list] [next in list] [prev in thread] [next in thread]
List: nanog
Subject: Possible prod to people to upgrade DNS
From: "Tuc at T-B-O-H.NET" <ml () t-b-o-h ! net>
Date: 2008-07-28 19:51:41
Message-ID: 200807281951.m6SJpf5v037239 () himinbjorg ! tucs-beachin-obx-house ! com
[Download RAW message or body]
Hi,
The demo takes a while to load, goes fast, but shows how the exploit for DNS can
potentially be used to get into a persons machine w/o them even being involved.
Tuc/TBOH
Forwarded message:
>
> -- ISR - Infobyte Security Research
> -- | ISR-evilgrade | www.infobyte.com.ar |
>
> ISR-evilgrade: is a modular framework that allow us to take advantage of poor \
> upgrade implementations by injecting fake updates.
> * How does it work?
>
> It works with modules, each module implements the structure needed to emulate a \
> false update of specific applications/systems. Evilgrade needs the manipulation of \
> the victim dns traffic.
> Attack vectors:
> ---------------------
>
> Internal scenary: (Internal DNS access,ARP spoofing,DNS Cache Poisoning, DHCP \
> spoofing) External scenary: (Internal DNS access,DNS Cache Poisoning)
>
> * What are the supported OS?
>
> The framework is multiplaform, it only depends of having the right payload for the \
> target platform to be exploited.
> Implemented modules:
> ---------------------------------
> - Java plugin
> - Winzip
> - Winamp
> - MacOS
> - OpenOffices
> - iTunes
> - Linkedin Toolbar
> - DAP [Download Accelerator]
> - notepad++
> - speedbit
>
> ..:: DEMO
>
> Demo feature - (Java plugin + Dan Kaminsky´s Dns vulnerability) = remote pwned.
> http://www.infobyte.com.ar/demo/evilgrade.htm
>
> ..:: AUTHOR
>
> Francisco Amato
> famato+at+infobyte+dot+com+dot+ar
>
> ..:: DOWNLOAD
>
> http://www.infobyte.com.ar/developments.html
>
>
> ..:: MORE INFORMATION
>
> Presentation:
> http://www.infobyte.com.ar/down/Francisco-Amato-evilgrade-ENG.html
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic