Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 30

Thread: Using-an-adobe-exploit-in-a-email-attack

  1. #11
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by prowl3r View Post
    Those tools are great, I have used them myself during incident response activities involving malicious PDF documents.

    I wrote some rough notes on how I use them in this thread here.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  2. #12
    prowl3r
    Guest

    Default

    Quote Originally Posted by lupin View Post
    Those tools are great, I have used them myself during incident response activities involving malicious PDF documents.

    I wrote some rough notes on how I use them in this thread here.
    Yep. Nice tools. Just launching pdfid.py and you get the picture: javascript + automation action = wtf?

    Everybody should give them a try after reading pureh@te 0day nice article.

    Saw your notes, thank you for the reference lupin, interesting stuff.

  3. #13
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    10

    Default

    Great stuff... thx...

  4. #14
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    21

    Default avi

    i was playing with this little christmas gift (thank you) and noticed that yahoo mail avi and a few others are all picking it up as a backdoor.... would it be possible to Hex edit the .exe or something of this nature? if so does anyone know what bits must be changed? thank you for your time. and another great post. a real no sleeper for me lol. thank you agian purehate

  5. #15
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Sure you can use msfencode and create the .pdf via the msfcli command line however those are the kinds of things I generally do not feel comfortable making tutorials on. There is lots of info on msfencode around.

  6. #16
    Senior Member
    Join Date
    Jun 2007
    Location
    UK
    Posts
    175

    Default

    I have sent email from BT4 gmail to hotmail account on XP sp2 with pdf attached ok. When I click on the attached pdf I get the following
    " The file security_update.pdf is infected with an unknown virus, so it isn't safe to download "
    any ideas as what next ?
    thanks

  7. #17
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default

    The post above yours tells you what to look for.

  8. #18
    Member
    Join Date
    Jun 2008
    Posts
    101

    Default

    Quote Originally Posted by pureh@te View Post
    I just wrote this article for a website my friend and I post on and I wanted to share it here, but I am to lazy to rewrite it so here is the link.

    Using an Adobe Exploit in a Email Attack
    Very nice pureh@te!! I also learn w/ this tut that my ISP blocks outgoing smtp packets. It is kind of obvious tho...
    QuadCore AMD Phenon X4 9950, 2600 MHz
    8GB DDR2 800MHz
    Dual Boot System: Windows Server 2008 x64 w/ Hyper-V, Ubuntu 9.10 x64

  9. #19
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    20

    Default

    Thanks for the excellent write up. I have been experimenting with this and it works fine on my x86 Win XP SP3 machine, but I can't get it to work with a x64 Win 7 Ultimate machine.

    I have tried both these payloads:
    1) windows/meterpreter/reverse_tcp
    2) windows/x64/meterpreter/reverse_tcp

    I noticed that in another post you mention that this is compatible with Win 7 so I'm curious as to what I'm doing wrong.

    Thanks in advance.

  10. #20
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    It maybe that it is 64 bit. I dont know. Exploit stuff is always really tricky over a wide range of machines. I had a friend fire up a windows 7 vm and download my .pdf and I gain a shell on his box. It may also be that microsoft released their own patch or work around to protect users.

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •