If you would like to know more about this tool, visit http://www.pdflabs.com/docs/ pdftk-cli-examples/ Origami Framework

208
◾ 
Ethical Hacking and Penetration Testing Guide
I would strongly recommend you to get familiarized with this tool if you like to dig deeper into 
this subject.
Attacking with PDF
It’s finally time to attack with PDF. In this section, we will talk about some of the commonly used 
PDF exploits with Metasploit, then we will do it the easy way with the social engineering toolkit.
So without wasting any more time, let’s fire up Metasploit. Once in Metasploit console, type 
in the following command:
Search pdf
This will display all the exploits present in Metasploit with the pattern PDF. Most of the PDF 
exploits in Metasploit work by embedding an exe in the PDF file, making it harder for antivirus 
software or the victim to recognize the malicious file.
The exploits may range from buffer overflows to misuse of the configurations, such as PDF 
launch action discussed earlier. As you can see from the following screenshot that PDF exploits are 
generally been broken down into two categories:
1. Fileformat exploits
2. Browser exploits

Yüklə 22,44 Mb.

Dostları ilə paylaş: