27
Metasploit – Embedded PDF Exploit Presented by: Jesse Lucas
Metasploit – Embedded PDF Exploit
Metasploit – Embedded PDF Exploit
Presented by: Jesse LucasPresented by: Jesse Lucas
Tools / AssumptionsTools / Assumptions
Attacker – BackTrack 4.2
• Metasploit Framework 3.0• PDF file for embedding
Victim – Windows XP
• File and Printer Sharing• Adobe Reader 8.0 – 9.0
Exploit ConceptExploit Concept
• Attacker embeds exploit in a PDF file
• Victim opens the PDF file– Unknowingly saves and runs exploit
• Attacker takes control of victim machine
Exploit DemosExploit Demos
• Live Demo
• Offline Demo
Start BackTrakStart BackTrak
Open 2 TerminalsOpen 2 Terminals
Open msfconsole in both TerminalsOpen msfconsole in both Terminals
Setup ExploitSetup Exploit
Setup Exploit HandlerSetup Exploit Handler
Wait for Victim to Open PDFWait for Victim to Open PDF
Prey on their IgnorancePrey on their Ignorance
Victim is now a VictimVictim is now a Victim
Attacker now has AccessAttacker now has Access
Example of ControlExample of Control
Example of Control (cont)Example of Control (cont)
Setup Exploit 2Setup Exploit 2
Setup Handler 2Setup Handler 2
Wait for Victim to OpenWait for Victim to Open
Prey on Victim’s IgnorancePrey on Victim’s Ignorance
Ta Da! Attacker has a VNC Session
Ta Da! Attacker has a VNC Session
Example of ControlExample of Control
Example of Control (cont)Example of Control (cont)
Prevent the AttackPrevent the Attack
• DO NOT open files from people you don’t know
• DO NOT allow firewall exceptions for applications you don’t know
• KEEP popular programs up to date
• DISABLE File and Printer Sharing if you aren’t using it
Questions?Questions?
