Presentation is loading. Please wait.

Presentation is loading. Please wait.

Metasploit – Embedded PDF Exploit Presented by: Jesse Lucas.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Metasploit – Embedded PDF Exploit Presented by: Jesse Lucas."— Presentation transcript:

1 Metasploit – Embedded PDF Exploit Presented by: Jesse Lucas

2 Tools / Assumptions Attacker – BackTrack 4.2 Metasploit Framework 3.0 PDF file for embedding Victim – Windows XP File and Printer Sharing Adobe Reader 8.0 – 9.0

3 Exploit Concept Attacker embeds exploit in a PDF file Victim opens the PDF file –Unknowingly saves and runs exploit Attacker takes control of victim machine

4

5

6

7 Exploit Demos Live Demo Offline Demo

8 Start BackTrak

9 Open 2 Terminals

10 Open msfconsole in both Terminals

11 Setup Exploit

12 Setup Exploit Handler

13 Wait for Victim to Open PDF

14 Prey on their Ignorance

15 Victim is now a Victim

16 Attacker now has Access

17 Example of Control

18 Example of Control (cont)

19 Setup Exploit 2

20 Setup Handler 2

21 Wait for Victim to Open

22 Prey on Victim’s Ignorance

23 Ta Da! Attacker has a VNC Session

24 Example of Control

25 Example of Control (cont)

26 Prevent the Attack DO NOT open files from people you don’t know DO NOT allow firewall exceptions for applications you don’t know KEEP popular programs up to date DISABLE File and Printer Sharing if you aren’t using it

27 Questions?

Download ppt "Metasploit – Embedded PDF Exploit Presented by: Jesse Lucas."

Similar presentations

Armitage and Metasploit Penetration Testing Lab

Armitage and Metasploit Penetration Testing Lab
Offensive Security Part 1 Basics of Penetration Testing

Offensive Security Part 1 Basics of Penetration Testing
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
METASPLOIT.

METASPLOIT.
1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.

1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.

Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
MIS 5212.001 Week 2 Site:

MIS Week 2 Site:
Exploitation: Buffer Overflow, SQL injection, Adobe files Source:

Exploitation: Buffer Overflow, SQL injection, Adobe files Source:
Kali Linx Attacks Jim Nasto. Window 8 Computer On my Windows 8 64 bit OS machine. I started using a Virtual Machine using Hyper V Manager and shared the.

Kali Linx Attacks Jim Nasto. Window 8 Computer On my Windows 8 64 bit OS machine. I started using a Virtual Machine using Hyper V Manager and shared the.
Demo: Rubber Quack Quack.

Demo: Rubber Quack Quack.
Social Engineering Toolkit Computer Science Innovations, LLC.

Social Engineering Toolkit Computer Science Innovations, LLC.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.

CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.
Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration.

Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration.
JMU GenCyber Boot Camp Summer, 2015. “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.

JMU GenCyber Boot Camp Summer, “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.
Testing Exploits and Malware in an isolated environment Luca Allodi – Fabio Massacci – Vadim Kotov

Testing Exploits and Malware in an isolated environment Luca Allodi – Fabio Massacci – Vadim Kotov
Common System Exploits Tom Chothia Computer Security, Lecture 17.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Similar presentations

Ads by Google