Creating a PDF Document with a Launch Action

204
◾ 
Ethical Hacking and Penetration Testing Guide
Next scroll down the file to find the name object section, the section would look as follows:
Next add the following line replacing /Type/Action
/S/Launch
/Win
<<
/F (calc.exe)
Here is how it will look:
Next save it as a .pdf document and open it in your Adobe Reader. You will see the following 
warning box:
Now, let’s see what this syntax means:
/S
= This parameter defines the type of action that should be performed. In this case it’s /launch.
/Win
= This defines that the operating system on which we will execute it is Windows, which 
becomes /Mac if the OS is Mac and /unix if you are executing it on a Linux system.
/F
= This parameter defines what type of application should run. In this case, it’s calc.exe, 
which will launch the calculator when executed.

Client Side Exploitation
◾ 
205
Controlling the Dialog Boxes
From what we have done so far, it’s quite clear what we are executing on the victim’s machine, 
which will make the victim suspicious and will prevent him from launching it.
So in order to get things going, we need to control the dialog box. There are several methods 
to do that, but we will use the most effective one. You just need to add the following lines after 
/F (cmd.exe):
/p (The file has too many errors in it, In order for windows to open your file properly, Click 
“Ok” or if you wish to terminate this program click “Cancel”)
The 
/P
command is used to pass an additional parameter along with /F. Now after adding this 
line, you can save your PDF and launch it again. You will see that the calc.exe executing command 
has moved upward.
You might still be wondering of what use is a PDF launch action, but you will soon find out 
how dangerous PDF attacks can be when we come to the exploitation part.

Yüklə 22,44 Mb.

Dostları ilə paylaş: