Kali Metasploit Experiment
by
HW02: Kali Metasploit Experiment
Kali Linux has Metasploit built into it. In this homework, you will select a PDF exploit from Metasploit and build an attack with it - similar to what we demonstrated in class during Week 02.
You will not be able to use the adobe_pdf_embedded_exe exploit we used in class. Rather, you must use one of the other exploits that targets the Adobe Acrobat Reader software. After you’ve created the exploit PDF, you must analyze it either using a tool of your choosing or the “pdf-parser.py” tool I demonstrated in class (and/or other tools, if needed).
Here are some examples of PDF exploits you might use, but also utilize
“search type:exploit adobe” to find others. Make sure you use
the “info” command in Metasploit to verify your exploit is for
Adobe Acrobat Reader and not a different Adobe product.
exploit/multi/fileformat/adobe_u3d_meshcontexploit/windows/fileformat/adobe_collectemailinfoexploit/windows/fileformat/adobe_libtiffexploit/windows/fileformat/adobe_geticonexploit/windows/fileformat/adobe_flatedecode_predictor02exploit/windows/fileformat/adobe_jbig2decode
Another demonstration of building exploits is here:
CVE-2013-3346 Adobe Reader ToolButton Use After Free
You must write a report that discusses your analysis of the exploit:
- Document the metasploit commands you used to create the attack
- Document the versions of Acrobat Reader and (where provided) Windows versions that it should target
- Using the pdf-parser.py utility (and/or other tools of your choosing), analyze the PDF structure and attempt to extract the PDF object and/or stream data containing the payload
- Document which object contains the exploit/payload and what characteristics it exhibits identifying it
- Document the encoding of the object (such as if compressed or ASCII85 encoded) and also the underlying data type (JPEG image data? JavaScript?)
As with Homework 01, submit your assignments to the appropriate blackboard submission. PDF preferred for reports, upload any accompanying code or artifacts in a ZIP file
tags: malware assignment