9/14/2023 0 Comments Foxit reader setup download![]() This is just an example of how easy it is to create a malicious pdf and how quickly someone can take advantage of the vulnerability. The payload is not spawning a reverse shell or giving us any access, but that is something that can definitely be done. Whoa, what just happened there? My payload in this case is just triggering the reuse of previously free memory to allow me to run arbitrary code execution. I will go to the same Exploit-DB page and download our code or exploit it again. As a proof of concept you don't even need an attacking machine, or in this case, Kali Linux to demonstrate the vulnerability, you can just convert the downloaded text to a PDF and then open it using Foxit Reader but for added fun, I decided to go that route. Now from here, there are a few different ways I can go about this. Any text between a */ and /* are comments explaining what each line of code is doing. Below is the entire script, written and beautifully annotated by Steven Seeley. ![]() Next is the text from the exploit I downloaded. Downloading and installing Foxit reader is straightforward, just click through the prompts and I’m done there.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |