Forum Thread: Malicious PDF as an Exploit

Malicious PDF as an Exploit

A few days ago i created a malicious unsuspecting PDF using OTW's how-to. I created it using Metasploit. I have a few questions about the exploit and accessing it.

1.How can now that the victim opened it?

2.After he opened it How do i access his system?

3.If i create a persistent back door while I'm in his system can i access it when ever i want or only while his system is on?

4.I sent the file via Skype on my windows laptop.The victim didn't open it yet. Can i turn off The Linux PC that i created the file from or do i have to wait till the victim opens it?

I am still a beginner and i only now a bit of java and html but i am hoping to learn more and more about hacking because i find it very interesting!

Any answers or links are Appreciated :) .
Natadad

5 Responses

First off you have to set up a listener using multi/handler and then set the options accordingly. This way when your victim clicks on the pdf it should say something like "sending stage" or "meterpreter session opened". then you can do "sessions -l" to list the active sessions and "session -i (session number)" to interact with one. For question 2 if by system you mean cmd then you can just type shell in meterpreter. I don't know too much about persistent backdoors but I'm pretty sure the victim pc has to be on to access it. If your computer is off and the victim clicks on the file, it will send the meterpreter shell but if your computer isn't listening nothing will happen.

Dear JoeSmith thank you for your reply.
So,I have to create or put a listener in the PDF?
Will this prompt me with a message?
If you know about any posts or guides about creating listeners add a link if possible.

When you followed the PDF tutorial, you placed a listener in the PDF.

It won't prompt you when it opens. It simply opens a "session" in Metasploit. That session depends upon which listener you embedded, usually a cmd.exe or meterpreter.

What you need to do is..

In msfconsole.. start a multi handler.. set lhost and lport and payload and stuff you used to make the pdf.. then exploit...

It will then start waiting... as soon as you open the pdf.. you will get a session in the msfconsole..

Thank you.Tested it and worked great!

Share Your Thoughts

  • Hot
  • Active