Client Side Exploitation
◾
205
Controlling the Dialog Boxes
From what we have done so far, it’s quite clear what we are executing on the victim’s machine,
which will make the victim suspicious and will prevent him from launching it.
So in order to get things going, we need to control the dialog box. There are several methods
to do that, but we will use the most effective one. You just need to add the following lines after
/F (cmd.exe):
/p (The file has too many errors in it, In order for windows to open your file properly, Click
“Ok” or if you wish to terminate this program click “Cancel”)
The
/P
command is used to pass an additional parameter along with /F. Now after adding this
line, you can save your PDF and launch it again. You will see that the calc.exe executing command
has moved upward.
You might still be wondering of what use is a PDF launch action, but you will soon find out
how dangerous PDF attacks can be when we come to the exploitation part.
Dostları ilə paylaş: