CS7038-Malware-Analysis

Course Repository for University of Cincinnati Malware Analysis Class (CS7038)

View on GitHub

HW02: Kali Metasploit Experiment

Kali Linux has Metasploit built into it. In this homework, you will select a PDF exploit from Metasploit and build an attack with it - similar to what we demonstrated in class during Week 02.

You will not be able to use the adobe_pdf_embedded_exe exploit we used in class. Rather, you must use one of the other exploits that targets the Adobe Acrobat Reader software. After you’ve created the exploit PDF, you must analyze it either using a tool of your choosing or the “pdf-parser.py” tool I demonstrated in class (and/or other tools, if needed).

Here are some examples of PDF exploits you might use, but also utilize “search type:exploit adobe” to find others. Make sure you use the “info” command in Metasploit to verify your exploit is for Adobe Acrobat Reader and not a different Adobe product.

Another demonstration of building exploits is here:
CVE-2013-3346 Adobe Reader ToolButton Use After Free

You must write a report that discusses your analysis of the exploit:

As with Homework 01, submit your assignments to the appropriate blackboard submission. PDF preferred for reports, upload any accompanying code or artifacts in a ZIP file

Home