Metasploit mailing list archives
Re: adobe_pdf_embedded_exe
From: Alexander Klink <alexander () klink name>
Date: Fri, 13 May 2011 15:37:37 +0200
Hi, On Fri, May 13, 2011 at 08:33:33AM -0400, macubergeek wrote:
I've been experimenting with adobe_pdf_embedded_exe The problem I'm having is that most of the AV's on virustotal detect the pdf I create with this module as an exploit. Is there any way to encode the exe before stuffing it into the pdf? Crypt it?
If it does not necessarily have to be a PDF where you embed it, but only something that is (automatically on a website with the correct content type) opened by Adobe Reader, you may want to look into the pdf2xdp.rb script which I submitted a while ago: http://dev.metasploit.com/redmine/issues/3679 It converts the PDF to an equivalent XDP (XML Data Package, basically a XML/Base64-representation of the PDF) file, which flys well under the radar of all of VirusTotal's scanners ... I guess it would work fine in a browser/drive-by scenario but might be more tricky if social engineering is involved as users might be sceptical about the .xdp extension (the icon on the other hand looks pretty similar to that of a PDF file). HTH, Cheers, Alex _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- svn update propfind problem Robin Wood (May 11)
- Re: svn update propfind problem HD Moore (May 11)
- Re: svn update propfind problem Robin Wood (May 11)
- adobe_pdf_embedded_exe macubergeek (May 13)
- Re: adobe_pdf_embedded_exe Stephen Haywood (May 13)
- Re: adobe_pdf_embedded_exe Alexander Klink (May 13)
- Re: svn update propfind problem Adam Othman (May 22)
- Re: svn update propfind problem HD Moore (May 22)
- Re: svn update propfind problem Adam Othman (May 22)
- Re: svn update propfind problem Robin Wood (May 23)
- Re: svn update propfind problem Robin Wood (May 25)
- Re: svn update propfind problem HD Moore (May 25)
- Re: svn update propfind problem Robin Wood (May 25)
- Re: svn update propfind problem Robin Wood (May 11)
- Re: svn update propfind problem HD Moore (May 11)