HW02: Kali Metasploit Experiment
Kali Linux has Metasploit built into it. In this homework, you will select a PDF exploit from Metasploit and build an attack with it - similar to what we demonstrated in class during Week 02.
You will not be able to use the adobe_pdf_embedded_exe exploit we used in class. Rather, you must use one of the other exploits that targets the Adobe Acrobat Reader software. After you’ve created the exploit PDF, you must analyze it either using a tool of your choosing or the “pdf-parser.py” tool I demonstrated in class (and/or other tools, if needed).
Here are some examples of PDF exploits you might use, but also utilize
search type:exploit adobe” to find others. Make sure you use
info” command in Metasploit to verify your exploit is for
Adobe Acrobat Reader and not a different Adobe product.
Another demonstration of building exploits is here:
CVE-2013-3346 Adobe Reader ToolButton Use After Free
You must write a report that discusses your analysis of the exploit:
- Document the metasploit commands you used to create the attack
- Document the versions of Acrobat Reader and (where provided) Windows versions that it should target
- Using the pdf-parser.py utility (and/or other tools of your choosing), analyze the PDF structure and attempt to extract the PDF object and/or stream data containing the payload
- Document which object contains the exploit/payload and what characteristics it exhibits identifying it
As with Homework 01, submit your assignments to the appropriate blackboard submission. PDF preferred for reports, upload any accompanying code or artifacts in a ZIP file