From the word compound of evil and grade, you see there will be something evil about this piece of software and upgrades. It is a modular framework for supplying clients with fake updates that can contain a wide scale of payloads. The problem of poorly implemented actualization routines has been well know for quite some time now, but it seems it has been greatly overlooked. In the time of creation Evilgrade (summer 2008), very popular software has been vulnerable to this kind of exploit such as
Content for ‘Exploiting’
Nessus is a security scanner of vulnerability. Lately there was a lot of discussion about this topic. First of all little bit of history. Project Nessus was originaly under GPL licence, but somebody smart has closed the source codes and GPL was over. The project continued as Tenable Nessus and free version (GPL licence) under name GNessUs. But this one died out after a year abd the application goes on as OpenVas. Parallel GPL project is based on the last opened source code
After one year of develop the new version of Metasploit Framework released for download. The 3.1 version include a graphical user interface, 450 modules and more than 200 remote exploits. Metasploit runs on Linux, Windows, Mac OS X and BSD. The Windows version of Metasploit includes GUI, console, web interface access, dependencies and networking tools. You can download Metasploit 3.1 version at end of this text. Changelog. Officially using Cygwin for Windows support, Additional stager used for large Windows stages
Cross-Site Scripting is an extensive topic that has been described in the past by several people. Although there is a but. I open a page and start to read a cool text, lots of examples and nice colours all around. But after one hour of reading you are still at the begining. So why after reading AirDump tutorial you should manage XSS in a while? This will be answered in this text called Hacking web applications – XSS. First of all most of the tutorials that can be found on the web are focused on technical and theoretical aspects.
Linux application cracking. What for it is? Primarily the application run can be understund. Not all Linux software is free (Macintos ? :). That could be for someone a challange and he can “converte” the application on freeware.
This experience can be used on other systems (Windows). With this knowledge you will be able to precisely tune applications and gain control on new boxes.
Art of exploitation – Mastering PC in the net Distribution: Backtrack 2 Final Wi-Fi: CM9, Yagi 17dB (driver: patched madwifi) Aplication: Aircrack, Kismet, Nmap, Ettercap, Metasploit Box: PI, 233MHz, 160MB RAM. Comes in useful: 1 piece active downloader on p2p net. Note: This is a description of a true situation. The critical moments are shonw in the promo. The Internet is full of Wi-Fi hardware offers, rules and regulation. But..
