Metasploit – Embedded PDF Exploit

Metasploit – Embedded PDF Exploit

Metasploit – Embedded PDF Exploit

Presented by: Jesse LucasPresented by: Jesse Lucas

Tools / AssumptionsTools / Assumptions

Attacker – BackTrack 4.2

• Metasploit Framework 3.0• PDF file for embedding

Victim – Windows XP

• File and Printer Sharing• Adobe Reader 8.0 – 9.0

Exploit ConceptExploit Concept

• Attacker embeds exploit in a PDF file

• Victim opens the PDF file– Unknowingly saves and runs exploit

• Attacker takes control of victim machine

Exploit DemosExploit Demos

• Live Demo

• Offline Demo

Start BackTrakStart BackTrak

Open 2 TerminalsOpen 2 Terminals

Open msfconsole in both TerminalsOpen msfconsole in both Terminals

Setup ExploitSetup Exploit

Setup Exploit HandlerSetup Exploit Handler

Wait for Victim to Open PDFWait for Victim to Open PDF

Prey on their IgnorancePrey on their Ignorance

Victim is now a VictimVictim is now a Victim

Attacker now has AccessAttacker now has Access

Example of ControlExample of Control

Example of Control (cont)Example of Control (cont)

Setup Exploit 2Setup Exploit 2

Setup Handler 2Setup Handler 2

Wait for Victim to OpenWait for Victim to Open

Prey on Victim’s IgnorancePrey on Victim’s Ignorance

Ta Da! Attacker has a VNC Session

Ta Da! Attacker has a VNC Session

Example of ControlExample of Control

Example of Control (cont)Example of Control (cont)

Prevent the AttackPrevent the Attack

• DO NOT open files from people you don’t know

• DO NOT allow firewall exceptions for applications you don’t know

• KEEP popular programs up to date

• DISABLE File and Printer Sharing if you aren’t using it

Questions?Questions?