Page 3 of 3 FirstFirst 123
Results 21 to 30 of 30

Thread: Using-an-adobe-exploit-in-a-email-attack

  1. #21
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    20

    Default

    I gotcha - Thanks. I'll keep trying with diffirent Win 7 machines and post back if I get anything.

  2. #22
    Just burned his ISO Bandito's Avatar
    Join Date
    Jan 2010
    Posts
    5

    Unhappy PDF not connecting to Handler?

    Ok, I am new at this but am familiar with linux and windows. I have been able to successfully exploit machines with other exploits.

    Senario:
    Both Backtrack 4 and Windows XP are on VMWare workstation

    Victim: Windows XP Service Pack 3, no antivirus - Adobe Reader 9.2.0 also tried 9.1.0 (javascript enabled)

    Attacker: Backtrack 4 lates SVN of Metasploit

    I am able to successfully create the pdf file then ftped it to the windows box. I opened the handler on the backtrack side. Then, on the windows box I launched the pdf and I get a blank page as explected. I then check backtrack and it is still waiting for connection. I thought that maybe I typed in the wrong IP or port numbers but it all matched up.

    I set it up like this when creating the pdf:
    LHOST:my backtrack box IP
    LPORT:8080

    Handler:
    LPORT:8080

    I ran wireshark on both boxes to find only to find that when I execute the pdf nothing happens, IP wise. There is no traffic leaving the XP box. I see SYN-AKS when I ping and try to connect to backtrack web. What the heck? Am I doing something wrong? obviously....

  3. #23
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default

    Quote Originally Posted by memzback View Post
    Thanks for the excellent write up. I have been experimenting with this and it works fine on my x86 Win XP SP3 machine, but I can't get it to work with a x64 Win 7 Ultimate machine.

    I have tried both these payloads:
    1) windows/meterpreter/reverse_tcp
    2) windows/x64/meterpreter/reverse_tcp

    I noticed that in another post you mention that this is compatible with Win 7 so I'm curious as to what I'm doing wrong.

    Thanks in advance.
    Quote Originally Posted by pureh@te View Post
    It maybe that it is 64 bit. I dont know. Exploit stuff is always really tricky over a wide range of machines. I had a friend fire up a windows 7 vm and download my .pdf and I gain a shell on his box. It may also be that microsoft released their own patch or work around to protect users.
    Doesn't work with Windows 7 32-bit, for me at least. Adobe 9.2. But I haven't tested it further, so i can't tell for sure.

  4. #24
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    I think it's been patched with the latest adobe updates.

  5. #25
    Junior Member g3ksan's Avatar
    Join Date
    Jan 2010
    Location
    Florida
    Posts
    93

    Default

    Quote Originally Posted by hhmatt81 View Post
    I think it's been patched with the latest adobe updates.
    Yeah, that update came out/is coming out today.

    Adobe - Security Advisories: APSA09-07 - Security Advisory for Adobe Reader and Acrobat
    This is the sixth time we have created a thread about it... and we have become exceedingly efficient at it.

  6. #26
    Just burned his ISO Bandito's Avatar
    Join Date
    Jan 2010
    Posts
    5

    Default

    I am using the old 9.2.0 and 9.1.0 un-patched versions of adobe from yesterday. Still my pdf file does not generate traffic going to backtrack. Is it possible that Microsoft released something in there critical updates to mitigate this?

  7. #27
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Quote Originally Posted by rshafer0 View Post
    I am using the old 9.2.0 and 9.1.0 un-patched versions of adobe from yesterday. Still my pdf file does not generate traffic going to backtrack. Is it possible that Microsoft released something in there critical updates to mitigate this?
    What O.S. are you using?

  8. #28
    Just burned his ISO Bandito's Avatar
    Join Date
    Jan 2010
    Posts
    5

    Default

    Windows XP Pro SP3

  9. #29
    Just burned his ISO Bandito's Avatar
    Join Date
    Jan 2010
    Posts
    5

    Default

    I think that I figured out the problem. I was reading another post about problems with VMware, using the physical network adapter instead of the virtual. I just recently had the same problem running a reverse_tcp .exe on a windows box. I started up wireshark on the windows machine and then clicked the exe file and saw nothing in wireshark. I was using the host network in my VMWare environment. I decided I had better switch to NAT as see what happened. It worked!! I haven't tried the Adobe Zero-Day but I think it will work now.

    Although, now that it is fixed I would like the HOST to Host network to work. I just want to avoid messing something up on my home network. Any suggestions with getting this to work would be appreciated

  10. #30
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default

    Quote Originally Posted by uvwx253 View Post
    high quality replica clothing wholesale,Juicy couture Kids clothing hotsale now.welcome to wholesale Juicy couture Kids clothing from us.
    Wow... First spam i see on this forums... Amazing!

Page 3 of 3 FirstFirst 123

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •