Embedding backdoor into PDF files
Adobe keeps on being sub-par in security, and subsequently, a considerable number of customer operating systems are vulnerable.
PDF, or Portable Document Format, is an extraordinarily intricate file format, represented by numerous models and semi-principles. Like HTML and CSS, it was intended for document layout and introduction. Additionally, like HTML and CSS, it has been expanded with a JavaScript motor and document API that enables developers to transform PDF reports into applications — or agents for malware.
Among the most generally utilized Adobe items is Reader. Almost every PC has some variant of Adobe Reader on it for perusing PDFs. You presumably have it, as well. However, most people are ignorant of the security issues that Reader has encountered — and they neglect to upgrade or fix it.
In this article, we will show you how to compromise a target machine with a malicious PDF file.
First, start the msfconsole and search for the “adobe_pdf” exploit. Metasploit will present you with numerous exploits designed for various operating systems. The one that we are going to use is “exploit/windows/fileformat/adobe_pdf_embedded_exe” designed for Windows systems.
Ex: (msf > use exploit/windows/fileformat/adobe_pdf_embedded_exe).
