204
◾
Ethical Hacking and Penetration Testing Guide
Next scroll down the file to
find the name object section, the section would look as follows:
Next add the following line replacing
/Type/Action
/S/Launch
/Win
<<
/F (calc.exe)
Here is how it will look:
Next save it as a .pdf document and open it in your Adobe Reader. You will see the following
warning box:
Now, let’s see what this syntax means:
/S
= This parameter defines the type of action that should be performed. In this case it’s /launch.
/Win
= This defines that the operating system on which
we will execute it is Windows, which
becomes /Mac if the OS is Mac and /unix if you are executing it on a Linux system.
/F
= This parameter defines what type of application should run. In this case, it’s calc.exe,
which will launch the calculator when executed.
Client Side Exploitation
◾
205
Controlling the Dialog Boxes
From what we have done so far, it’s quite clear what we are executing on the victim’s machine,
which will make the victim suspicious and will prevent him from launching it.
So in order to get things going, we need to control the dialog box.
There are several methods
to do that, but we will use the most effective one. You just need to add the following lines after
/F (cmd.exe):
/p (The file has too many errors in it, In order for windows
to open your file properly, Click
“Ok” or if you wish to terminate this program click “Cancel”)
The
/P
command is used to pass an additional parameter along with /F. Now after adding this
line, you can save your PDF and launch it again. You will see that the calc.exe
executing command
has moved upward.
You might still be wondering of what use is a PDF launch action, but you will soon find out
how dangerous PDF attacks can be when we come to the exploitation part.
Dostları ilə paylaş: 
