223 VPS/Dedicated Server Another method you can use would be a VPS server or a dedicated server installed with BackTrack,
which is better, faster, and safer. On a dedicated server, you would have more freedom to install
whatever you want. But, as it’s expensive than a VPS server, I recommend you buy a VPS server
with BackTrack installed and use its public IP to launch different types of attacks.
Attack Scenario 3: Compromising Client Side Update In this scenario, we will compromise client side updates by using a neat tool called Evilgrade,
which comes preinstalled with BackTrack. Evilgrade takes advantage of insecure update processes
as the user normally does not double-check before an update because they trust that the applica-
tion is being downloaded from the right place.
The other point worth noting is that the application being updated performs integrity checks
by comparing the MD5/SHA-1 hashes, which means that the application will only check if the
correct update file is being downloaded but not the authenticity of its origin. The bottom line is
that the integrity is checked, but the authenticity of the update is not checked.
How Evilgrade Works Evilgrade is an open-source modular framework developed in Perl. It is capable of injecting its own
fake updates. Evilgrade comes with built-in modules of different applications such as Notepad,
iTunes, Safari, Windows Upgrade, and many other applications.
Prerequisites In order for Evilgrade to work, you need to be able to manipulate the victim’s DNS traffic, which
can be achieved in many ways. We will talk about this later.
Attack Vectors Let’s talk about some of the possible attack vectors for Evilgrade, for both internal and external
networks. Basically, any attack that can be used to manipulate the victim’s DNS traffic could be
performed via evilgrade.
