May 26, 2017, 03:34:08 PM
Welcome, Guest. Please login or register.

telnet towel.blinkenlights.nl

Author Topic: Help to attach custom payload to a pdf  (Read 956 times)

Offline newbyte

  • Prospect
  • *
  • Posts: 4
  • Internets: +1/-0
Help to attach custom payload to a pdf
« on: March 13, 2016, 11:48:26 AM »
Greetings fellow humans and others,
Firstly, I am a noob so please type your responses slowly and use generous spaces.
I have created a custom payload ('payload.exe', using msfvenom, hyperion and a C compiler) and it does work on it's own, getting through and calling back (when using VirtualBox). However, I can't find a way to attach it to a crafted PDF ('clickme.pdf'). All my efforts have failed, in that the payload (once attached using msfvenom again), can be detected by Av's. Any assistance/guidance would be appreciated; but do not delay. This setback has delayed my dastardly plans to take over the world and my cat is getting grumpy. (She's the kind that sits on your lap and looks away disapprovingly when disappointed...)
A big thank you to Gingerbread Man for his suggestion to post this question.

Offline D4rk-50ld13r

  • Top Hat Member
  • Elite
  • ********
  • Posts: 877
  • Internets: +189/-0
  • I will hack for beer.
    • http://www.ghostsec.org/
Re: Help to attach custom payload to a pdf
« Reply #1 on: March 13, 2016, 03:52:33 PM »
Hi
Google is your best friend , remember that :)
Here , follow this tutorial :
https://www.offensive-security.com/metasploit-unleashed/client-side-exploits/

Good luck
If you sat a monkey down in front of a keyboard, the first thing typed would be
a unix command.

Offline newbyte

  • Prospect
  • *
  • Posts: 4
  • Internets: +1/-0
Re: Help to attach custom payload to a pdf
« Reply #2 on: March 13, 2016, 10:03:46 PM »
Thank you D4rk-50ld13r.
I know what you mean about using Google; nobody likes a lazy noob!

I did try the Adobe Reader ‘util.printf()’ but could not find a way to incorporate my custom payload.
Do you know of a way for me to use my payload with a PDF (it can also be an image or doc).

Regards.  :)

Offline ch3rn0byl

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 185
  • Internets: +1337/-0
  • Grumpy Old Man with Mounds of Salt
Re: Help to attach custom payload to a pdf
« Reply #3 on: March 13, 2016, 10:53:34 PM »
Thank you D4rk-50ld13r.
I know what you mean about using Google; nobody likes a lazy noob!

I did try the Adobe Reader ‘util.printf()’ but could not find a way to incorporate my custom payload.
Do you know of a way for me to use my payload with a PDF (it can also be an image or doc).

Regards.  :)


youre not going to get it to work because that exploits for Adobe Reader and Adobe Acrobat Professional < 8.1.3. itll be good to see how it works but even then...youll need to download version 8 or below, but that's literally it unless some companies are still using the older versions. just so you know, they are both at 10/11. so you would have to hope they are at 8 or before.
to use your own payload, you can use the '-p' option.
you can try the 'k' option, however, its going to turn your pdf into an exe. no bueno for 'the world' and your 'dastardly plan' will fail.
also, man is your friend ;)
bypassing av is another thing that youll spend quite a bit of time on. that is above your skillset right now. soo...dont worry about that
> but do not delay
theres never a delay if you do your own research ;)
The quieter you become, the more you are unlikely to sound stupid.

Offline newbyte

  • Prospect
  • *
  • Posts: 4
  • Internets: +1/-0
Re: Help to attach custom payload to a pdf
« Reply #4 on: March 14, 2016, 07:36:49 AM »
Thank you ch3rn0byl

The crazy thing is I have actually managed to create the payload that evades Av's (at least the one I am interested in). My payload, when clicked-on, does connect back, allowing me to escalate things.
As for using the Adobe Reader ‘util.printf()’ as listed by D4rk-50ld13r., this isn't my preference, I was just responding to the message.

I really want to be able to connect my custom payload to a PDF (or perhaps an image), since I have been able to make a payload work and evade the AV.

Thank you & regards.

Offline H4v0K

  • Administrator
  • Elite
  • *****
  • Posts: 1016
  • Internets: +986/-1
Re: Help to attach custom payload to a pdf
« Reply #5 on: March 14, 2016, 04:35:26 PM »


I really want to be able to connect my custom payload to a PDF (or perhaps an image), since I have been able to make a payload work and evade the AV.


If you are using MSF then you can go in and change the payload to your own if i remember correctly .

Also i think u can also use Veil , S.E.T and nettools to embed into a pdf . Its been a while so i cant remember.



Offline newbyte

  • Prospect
  • *
  • Posts: 4
  • Internets: +1/-0
Re: Help to attach custom payload to a pdf
« Reply #6 on: March 15, 2016, 01:21:54 AM »
 :) Excellent. Thank you H4v0K! I'll crank up the old girl and give this a whirl and report my progress.
Thank you for the directions mate.