Professional Documents
Culture Documents
Steps To Embed Payload in PDF (100% Working) - GoLinuxCloud
Steps To Embed Payload in PDF (100% Working) - GoLinuxCloud
Table of Contents
Pre-requisites
Conclusion
Further Reading
Over the years the adobe reader has had a bunch of vulnerabilities which are exploited by the hackers.
Hackers embed payload in PDF which looks legitimate and maybe important in the eyes of the victim. One
factor that makes this hack successful is due to the fact that adobe reader is a common PDF reader in
computers around the world. Over time, Linux tools have been developed to embed payload in PDF with the
main focus being on simplifying the process of embedding the payload.
X
By the end of this guide, you will be able to embed payload in PDF, send it to the victim and gain access to
his/her machine remotely.
WARNING:
Hacking is an illegal activity and you can be charged in a court of law. Make sure you have a mutual
consent with the victim prior attacking his/her system. This guide is for education purposes only.
ALSO READ:
Pre-requisites
The first step is to clone the evilpdf repository from github. We will use the well known command to clone
the repository.
After the download is completed, we have to install the dependencies required for the tool to work without
running in errors.
cd evilpdf
Then install the required dependencies according to evilpdf tool official repository on github.
Advertisement
ADVERTISEMENT
X
ADVERTISEMENT
We now run the evilpdf tool to start the process to embed payload in PDF.
python evilpdf.py
ALSO READ:
X
Step 4: provide the path to the legitimate pdf
As shown on the above screen, we have to provide a path to the legitimate pdf file on which we will embed
our payload. Make sure to use a pdf file of interest to the target. Ensure every aspect is compelling him/her
to open the file. You have to employ your social engineering skills here.
On this step we will choose what kind of file we want to embed in a pdf. We can embed a custom file (If you
already generated the payload using metasploit you will just provide its path on your PC)
| \\ /| | |_| | | ` \| \
github.com/thelinuxchoice/evilpdf
In this step we have to chose a name to call the file. Once again, use words that will compel the victim to
download and run the file on his/her pc. In our case, we can call it adobe_update.
ALSO READ:
X
This is where you are required to enter the host on which we will run the listener on. You can use the below
command to know your LHOST
ifconfig
Once you have set your host IP address, you will be required to choose the port to use. These configurations
of the port and the host are the ones to be used when after we embed payload in PDF. You should use a less
common port in order to ensure the success of your attack since the common ports are already being used
by existing services and any malicious activity on these ports will be easily detected.
X
When required to enter the phishing url on the next step, you can leave it as default as shown below and
wait as the evil too goes on with the process to embed payload in PDF. After embedding is over we just have
to start the listener. The url is the page where the victim will be redirected to as our payload exe downloads.
X
Advertisement
php -S 192.168.0.11:3333
$ php -S 192.168.0.11:3333
We can now navigate to our browser in the target machine and enter the provided link in order to download
our pdf which has the payload.
ALSO READ:
Once the victim opens the PDF file which we named based on victims interests, it will next prompt for user
to confirm if they want to open the file.
X
Once the victim confirms this prompt, we will have a remote connection to the victim’s PC.
X
c:\Users\administrator\Downloads>dir
dir
Directory of C:\Users\administrator\Downloads
Advertisement
X
Conclusion
In the above guide we were able to embed payload in PDF and run it on a victim machine gaining access to
the victim machine the same way hackers do in order to steal valuable information from the victims who fell
in our trap. For a person who does not understand the non-technical stuff, he/she can be lured to installing a
malware into his/her computer.
We recommend all the users to ensure their anti viruses and operating systems are up to date in order to
avoid being victims. Alternatively, they can choose to use other pdf readers which are more secure and also
ensure the pdf readers are up to date. With the help of processes such as obfuscation and other antivirus
evasion techniques, a hacker can get into your PC without raising any suspicion.
ALSO READ:
Further Reading
Related Keywords: how to make pdf payload, msfvenom create pdf payload, msfvenom create pdf payload
android, undetectable pdf payload
pdf payload github, create malicious pdf, hide android payload in pdf, pdf payload metasploit termux
Search …
If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of
appreciation.
For any other feedbacks or questions you can either use the comments section or contact me form.
whyudontcheck
november 12, 2021 at 11:49 am
Reply
admin
november 12, 2021 at 12:48 pm
Reply
X
200okstatushttps
november 12, 2021 at 3:52 pm
Reply
dimka
november 12, 2021 at 4:04 pm
python3 or python ?
Reply
admin
november 12, 2021 at 5:42 pm
Reply
hrutuj zode
august 31, 2022 at 10:04 am
Bro😭,
Reply
admin
august 31, 2022 at 10:05 pm
X
I didn’t get you, which authentication?
Reply
noname
january 4, 2023 at 3:42 pm
dear one method you can install the clone but clone authentication error no problem you can install
zip file and extract then use it
Reply
craig
november 22, 2022 at 11:45 am
Reply
craig
november 22, 2022 at 12:06 pm
[1;77m \/ \/ \/ [0m
[1;77mgithub.com/thelinuxchoice/evilpdf[0m
dependencies()
X
File "C:\Users\Administrator\Desktop\evilpdf.py", line 19, in dependencies
Reply
admin
december 12, 2022 at 2:56 pm
“You are trying to run the tool on Windows. Check this article https://www.golinuxcloud.com/setup-
virtual-penetration-testing-lab/ on how to run Linux on a virtual box”
Reply
anil
november 25, 2022 at 5:28 am
Reply
admin
december 12, 2022 at 2:58 pm
Hi Anil,
Reply
tarifreeman
X
december 11, 2022 at 7:22 am
Hi, when I start the php command when I go to the website I have : “404 not found” why??
Reply
admin
december 12, 2022 at 2:57 pm
Hi,
Reply
jhj
december 11, 2022 at 9:59 pm
nice
Reply
tnt
december 21, 2022 at 11:31 pm
Hello, Thank you for that Tutorial. I was able to create everything and when I’m executing the complete
command php -S 0.0.0.0:3333 & \ & ssh -R 80:localhost:3333 etc….. I’m getting the link that I must use
and when using that link I’m able to download the file but when opening it nothing happen and my
listener is on. Would you have a hint ? Do I absolutely need to open the file with Adobe reader ? Or If I
open it in linux for example it should work ?
Thank you
Reply X
tnt
december 21, 2022 at 11:45 pm
I also tried to open the .pdf with my Android cell phone and it’s also not working.
Reply
admin
december 23, 2022 at 11:26 am
Hello, you have to open the pdf using Adobe Reader on a windows pc.
Reply
rafael
january 25, 2023 at 1:10 pm
Great tutorial. If I just want to work with the payload, the pdf file to analyze it and using pdfcop I get a
hash that I insert into virustotal but the hash does not have matches in virustotal so it does not tell me
that the file is infected? Is there a way to analyze this file in a different way to see the payload in the PDF
file?
Reply
admin
january 25, 2023 at 4:35 pm
Reply
X
rafael araya
january 25, 2023 at 9:52 pm
Much appreciated.
Reply
Leave a Comment
Name *
Email *
Save my name and email in this browser for the next time I comment.
Post Comment