1 / 27

Metasploit – Embedded PDF Exploit

Metasploit – Embedded PDF Exploit. Presented by: Jesse Lucas. Tools / Assumptions. Attacker – BackTrack 4.2. Victim – Windows XP. File and Printer Sharing Adobe Reader 8.0 – 9.0. Metasploit Framework 3.0 PDF file for embedding. Exploit Concept. Attacker embeds exploit in a PDF file

dash
Download Presentation

Metasploit – Embedded PDF Exploit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Metasploit – Embedded PDF Exploit Presented by: Jesse Lucas

  2. Tools / Assumptions Attacker – BackTrack 4.2 Victim – Windows XP File and Printer Sharing Adobe Reader 8.0 – 9.0 • Metasploit Framework 3.0 • PDF file for embedding

  3. Exploit Concept • Attacker embeds exploit in a PDF file • Victim opens the PDF file • Unknowingly saves and runs exploit • Attacker takes control of victim machine

  4. Exploit Demos • Live Demo • Offline Demo

  5. Start BackTrak

  6. Open 2 Terminals

  7. Open msfconsole in both Terminals

  8. Setup Exploit

  9. Setup Exploit Handler

  10. Wait for Victim to Open PDF

  11. Prey on their Ignorance

  12. Victim is now a Victim

  13. Attacker now has Access

  14. Example of Control

  15. Example of Control (cont)

  16. Setup Exploit 2

  17. Setup Handler 2

  18. Wait for Victim to Open

  19. Prey on Victim’s Ignorance

  20. Ta Da! Attacker has a VNC Session

  21. Example of Control

  22. Example of Control (cont)

  23. Prevent the Attack • DO NOT open files from people you don’t know • DO NOT allow firewall exceptions for applications you don’t know • KEEP popular programs up to date • DISABLE File and Printer Sharing if you aren’t using it

  24. Questions?

More Related