A little video on using the fileformat mixin to exploit the adobe util.printf() vulnerability.
Sorry, no audio. You'll just have to follow along.
Metasploit adobe util.printf() client-side exploit from carnal0wnage on Vimeo.
**P.S. something is jacked on Vimeo and the video is playing 2x too fast. Start the vid, pull the slider back to the beginning and hit play again and it should play at the proper speed. You also click the link below the video for bigger view.
Subscribe to:
Post Comments (Atom)
15 comments:
Very nice video!
Thanks for posting.
Hey Chris, release this module/exploit for us!
Nice Video! ;P
http://metasploit.com/users/mc/rand/acrobat_js.rb
http://metasploit.com/users/mc/rand/adobe_utilprintf.rb
it's too fast! :)
Why does this not show up in Metasploit by default?
because its not in the trunk
Thanks Chris!!! To release the modules! ;)
(ulissescastro.wordpress.com)
Chris, I get the following error when I try load the modules... You know why? (yes, I try to search alot before posting here)
thanks!
LOL, sorry I forgot the errors:
/root/.msf3/modules/acrobat_js.rb: undefined method `[]' for nil:NilClass
/root/.msf3/modules/adobe_utilprintf.rb: undefined method `[]' for nil:NilClass
thx! :)
have you added the mixin?
what does the error output when you run ./msfconsole say?
and MC wrote the modules not me
Great demo Chris. Thanks for posting.
Syn
That was a nice surprise, seeing my PDF template after decoding the hex sequence in acrobat_js.rb! ;-)
I update the module with a new template. The template is a lot
smaller because I removed the objects used to display the text, and
removed whitespace I had added for readability. And the module also
calculates the XREF index dynamically.
However, I can't post the code here (Blogger thinks its html), but I'll post it on my blog. And I've mailed it to MC.
Hi,
nice video..
I tried the exploit from MC/Didier in the way the video explained. But it don't work, the pdf opens and crash but the handler can't connect to the target. I tried the exploit on computer with a adobe version 7.x maybe that is the reason?
Keep up the good work..
greets
@rudy
its for adobe 8.x, thats probably why its not working.
Post a Comment