Metasploit mailing list archives
Re: windows/fileformat/adobe_pdf_embedded_exe no more working
From: One Time <onetime99 () ymail com>
Date: Tue, 23 Feb 2010 22:48:18 -0800 (PST)
Same here. svn r8609 Adobe Reader 9.0 (English) on Windows XP SP3 (English). ________________________________ Da: Tedi Heriyanto <tedi.heriyanto () gmail com> A: framework () spool metasploit com Inviato: Mer 24 febbraio 2010, 03:57:41 Oggetto: Re: [framework] windows/fileformat/adobe_pdf_embedded_exe no more working Hi, On 02/23/2010 11:44 PM, Joshua J. Drake wrote:
On Mon, Feb 22, 2010 at 01:48:24PM +0100, Thomas Werth wrote:Hello, it seems that in latest svn version of msf the exploit module windows/fileformat/adobe_pdf_embedded_exe is no more working as expected. An ebemdded exe isn't executed anymore. I'm getting various error msg depending on pdf viewser use. Those are ranging von cmd.exe not found to "name of PDF" not found. Basicly i've tested this module with custom infile and custom exe combinded with generic/debug payload and from the set framework in backtrack using vnc payload. Both produce same error. In previous versions of msf this module worked fine ...Thomas, We would love to fix this! Unfortunately, we need alot more information about the softwares (PDF viewer) being used, the platform it is being opened on, the actual custom files you're using, etc. The platform that you are using to generate the output file isn't likely to affect this, but we can't rule it out at this point.
I am able to create the PDF with embedded EXE payload. But when the PDF is open, it will ask where to store the payload (disguise as PDF file), then the PDF reader will ask the user again whether to open that payload. After that the payload is executed. Here is my testing config : - Adobe Reader 8.1.2 and 9.1.0 in WinXP SP3 - The payload is meterpreter - Framework: 3.3.4-dev.8596 - Console : 3.3.4-dev.8615 -- Best Regards, Tedi Heriyanto Website : http://tedi.heriyanto.net Blog : http://theriyanto.wordpress.com PGP Key ID : 0xAC22DD11 PGP Fingerprint : 470A FF01 B4CF 93A4 78E5 0EAC 0103 BC76 AC22 DD11 _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Scanning machines Timm M.Schneider (Feb 19)
- Re: Scanning machines HD Moore (Feb 19)
- Re: Scanning machines Timm M.Schneider (Feb 19)
- windows/fileformat/adobe_pdf_embedded_exe no more working Thomas Werth (Feb 22)
- Re: windows/fileformat/adobe_pdf_embedded_exe no more working Joshua J. Drake (Feb 23)
- Re: windows/fileformat/adobe_pdf_embedded_exe no more working Tedi Heriyanto (Feb 23)
- Re: windows/fileformat/adobe_pdf_embedded_exe no more working One Time (Feb 23)
- Re: windows/fileformat/adobe_pdf_embedded_exe no more working Joshua J. Drake (Mar 02)
- Re: windows/fileformat/adobe_pdf_embedded_exe no more working Thomas Werth (Mar 02)
- Re: windows/fileformat/adobe_pdf_embedded_exe no more working Thomas Werth (Mar 02)
- Re: windows/fileformat/adobe_pdf_embedded_exe no more working Jonathan Cran (Mar 02)
- Re: windows/fileformat/adobe_pdf_embedded_exe no more working Joshua J. Drake (Feb 23)
- Re: Scanning machines HD Moore (Feb 19)
- <Possible follow-ups>
- Re: Scanning machines Timm M.Schneider (Feb 19)
- Re: Scanning machines HD Moore (Feb 19)
- Re: Scanning machines Timm M.Schneider (Feb 19)
- Re: Scanning machines HD Moore (Feb 19)
- Re: Scanning machines HD Moore (Feb 19)