INFORMATION CHANGE THE WORLD

International Journal of Education and Management Engineering(IJEME)

ISSN: 2305-3623 (Print), ISSN: 2305-8463 (Online)

Published By: MECS Press

IJEME Vol.7, No.5, Sep. 2017

Exploitation of PDF Reader Vulnerabilities using Metasploit Tool

Full Text (PDF, 417KB), PP.23-34


Views:73   Downloads:2

Author(s)

Ritu Choudhary, Mehak Khurana

Index Terms

Exploits;Vulnerability;Metasploit;Payload;Meterpreter;Shell

Abstract

With the rising importance of the client-side execution scenario, attackers also shifted their focus to the browser based attacks, and compromises based on client devices. Though security experts have come up with various solutions to such attacks but, the attackers at the same time find new ways and technologies to deal with such situations. In this paper, we will discuss about the framework called Metasploit and then we shall define what exactly the Metasploit Framework is and how it can be used in various attack scenarios, this will be followed by a brief description of the terms used including; the exploits, its modules, payloads and meterpreter. Later, the uses of the product will be discussed. The basic purpose of metasploit framework is a module launching, the attacker is able to configure an exploit module and initiate it at a target system. If the exploit succeeds, the payload is executed on the system for which it is targeted and the attacker can interact with the victim machine using the shell created on the host machine. There are number of exploits and payload options available in metasploit framework. It is one of the most useful frameworks as far as the security is concerned. Lastly, we will discuss the method to attack the compromised systems by malicious PDF file using Metasploit Framework. Therefore, the main purpose of this paper is to impart a deep understanding of what Metasploit is and how it can be utilized when one needs to get the access of the local or the remote machine.

Cite This Paper

Ritu Choudhary, Mehak Khurana,"Exploitation of PDF Reader Vulnerabilities using Metasploit Tool", International Journal of Education and Management Engineering(IJEME), Vol.7, No.5, pp.23-34, 2017.DOI: 10.5815/ijeme.2017.05.03

Reference

[1]Arya, Yash, Et Al.A Study Of Metasploit Tool. 2, S.L. : Thomson Reuters, 2016, Vol. 5.2016.

[2]Adobe. Pdf Reference. S.L. : Adobe Systems Incorporated, 2006.

[3]Brandis, Ron And Steller, Luke. Threat Modelling Adobe Pdf. Edinburgh South Australia  : Dsto Defence       Science And Technology Organisation , 2012.

[4]Kennedy, David, Et Al. Metasploit: The Penetration Tester's Guide. San Francisco : No Search Press, 2011.

[5]Lukan, Dejan. Infosec Institute. [Online] November 2012. Available:Http://Resources.Infosecinstitute.Com/Analyzing-Javascript/#Gref.

[6]Maynor, David, Et Al. Metasploit Toolkit. Burlington : Syngress Publishing, Inc, Elsevier, 2007.

[7]Lobiyal, D, Et Al.Proceedings Of The International Conference On Signal, Network, Computing And    Systems. New Delhi: Springer, 2016.

[8]Thomas, Kas. Mactech The Journal Of Apple Technology. [Online] 1999.  Available:Http://Www.Mactech.Com/Articles/Mactech/Vol.15/15.09/Pdfintro/Index.Html.

[9]M. Aharoni, "Offensive Security,". [Online] 2011. Available: Https://Www.Offensive-Security.Com/Metasploit-Unleashed/Meterpreter-Backdoor/.

[10]Holik, Filip, Et Al. "Effective Penetration Testing With Metasploit Framework And Methodologies." Computational Intelligence And Informatics (CINTI), IEEE 15th International Symposium On. IEEE, 2014.

[11]Tzermias, Zacharias, Et Al. "Combining Static And Dynamic Analysis For The Detection Of Malicious Documents." Proceedings Of The Fourth European Workshop On System Security. ACM, 2011.

[12]Selvaraj, Karthik, and Nino Fred Gutierres. "The rise of PDF malware, 2010. Available: http://www. symantec. com/connect/blogs/rise-pdf-malware.

[13]M. Khurana, Ruby Yadav, and Meena Kumari. "Buffer Overflow And Sql Injection: To Remotely Attack And Access Information." Paper Presented inBVICAM, CSI-2015.

[14]Thomas, K. "Portable document format: An introduction for programmers." (1999): 15-09.

[15]Fossi, Marc, et al. "Symantec internet security threat report trends for 2010."Volume XVI, 2011.

[16]Ramirez-Silva, E., and Marc Dacier. "Empirical study of the impact of metasploit-related attacks in 4 years of attack traces." Annual Asian Computing Science Conference. Springer Berlin Heidelberg, 2007.