Results 1 to 7 of 7

Thread: Spawn new Acrobat process

  1. #1
    Just burned his ISO
    Join Date
    Oct 2009
    Location
    Europe
    Posts
    16

    Default Spawn new Acrobat process

    Hello,

    I am about to give a demonstration how an attacker can take an existing pdf document and attach a payload to it.
    One alternative that I've got is to use the embedded-exe-exploit, but that is not what I would like. I would like the reader to render a correct document after being sploited. Is this doable in metasploit (with perhaps some kind of after-execution-script?)?

    Cheers, Alex

  2. #2
    Good friend of the forums espreto's Avatar
    Join Date
    Mar 2010
    Location
    Brazil
    Posts
    303

    Default Re: Spawn new Acrobat process

    I am about to give a demonstration how an attacker can take an existing pdf document and attach a payload to it.
    Will demonstrate something that does not understand?

    In one of the topics, contains your answer!

    Client Side Exploits

    Regards,
    (gdb) disass m(y_br)ain

    ®

  3. #3
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Spawn new Acrobat process

    Quote Originally Posted by espreto View Post
    Will demonstrate something that does not understand?
    They say the world is full of amateurs.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #4
    Just burned his ISO
    Join Date
    Oct 2009
    Location
    Europe
    Posts
    16

    Default Re: Spawn new Acrobat process

    Actually I have been reading exactly that online-metasploit-course before and what I can see it doesn't handle this subject. I will clearify myself:

    All the PDF exploits in metasploit (mostly JS) are showing you a blank PDF or just freezes the reader. An exploit kills the process, there is nothing strange about that. And there is this embedde-exe-exploit which is kind of obivious. "Save this document, ignore the strange pop-up (decrypt the pdf) and click OK".

    You can't know everything in the IT-sec-field. You have to focus in some areas. That is my opinion. I haven't had this exploit focus but I would like to know how this can be done. I have no problems in demonstrating how easy it is to develop and PDF exploit but it would interesting to know what methods are most commonly used when the Adobe reader crashes and restarts with an adequate document?

    Yes, I'm an amateur when it comes down to PDF exploits, thats why I posted in the beginners thread.

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Spawn new Acrobat process

    You should checkout Didier Stevens' blog.

    You can't know everything in the IT-sec-field. You have to focus in some areas. That is my opinion.
    This is true, which is why you should demonstrate something within your area of focus.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Just burned his ISO
    Join Date
    Oct 2009
    Location
    Europe
    Posts
    16

    Default Re: Spawn new Acrobat process

    You are absolutely right.
    I will here by never try to learn anything new.

  7. #7
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Spawn new Acrobat process

    Quote Originally Posted by fiuvertiz View Post
    You are absolutely right.
    I will here by never try to learn anything new.
    No one said you should not learn, they merely pointed out you are trying to demonstrate something in which you obviously know nothing about.
    That's about as bright as a car mechanic trying to demonstrate a heart transplant. I mean it's all the same right? Open the body up, take out the bad part put in a new one, and your set.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Similar Threads

  1. Have router access can i spawn shell?
    By techx in forum OLD BackTrack 4 (pre) Final
    Replies: 16
    Last Post: 09-03-2009, 04:56 AM
  2. Acrobat & PGP Keys
    By thorin in forum OLD General IT Discussion
    Replies: 1
    Last Post: 05-26-2009, 08:51 PM
  3. Process of setting up kismet
    By somethinguttered in forum OLD Newbie Area
    Replies: 6
    Last Post: 05-09-2008, 12:30 PM
  4. *New Registration Process*
    By samsung in forum OLD General IT Discussion
    Replies: 13
    Last Post: 03-16-2008, 11:42 AM
  5. Booting Process hangs up
    By imported_darkstar in forum OLD Newbie Area
    Replies: 11
    Last Post: 10-11-2007, 04:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •