Entries in adobe (2)


Social Engineering using Metasploit Express

In honor of the release of the findings from Defcon 18 Social Engineering CTF ‐ "How Strong Is Your Schmooze” as well as the weekly update from Metasploit Express I will walk through a Social Engineering attack using Metasploit Express.

Step 1: Under Modules, pick your exploit.  I am using the Adobe CoolType SING exploit.  (We don't want to leave out Windows Vista and Windows 7.)

Step 2:  Leave every option as the default and launch the attack.

Step 3:  We could just have our target browse to the web address however we are going to use a different attack vector.  Go and Find a USB drive and load up FireFox with NoScript enabled.  Browse to the target URL and save the PDF.  NoScript will stop it from executing on your machine.

Step 4: Rename the file something sneaky.  I chose HR.pdf.  Copy this to your thumb drive.

Step 5: Take your USB Drive and drop it off somewhere.

Step 6: Wait for the finder of the USB drive to open and click the evil HR.pdf.  Gotcha!  Time to give Mr. X a lesson on Social Engineering and how we don't use thumb drives we find in the bathroom.




Pwn2Own Winner Tells Apple, Microsoft & Adobe to Find Their Own Bugs

If you feed a man, he eats for a day. If you teach him to phish, he eats everyday.