Thursday, 13 January 2011

PDF(adobe) attack analysis

So How These Hackers Trying Find Exploits In PDF(adobe reader), over the past twelve months, the following scenario was developed to highlight methods used by attackers to extract corporate secrets from a victim organization. Not every attack follows these steps in this order. However, this scenario illustrates some of the most common and damaging tactics used against commercial and government organizations today.

Here We Go

Step 1:  The attacker begins by using powerful free attack software to create a malicious PDF file that contains exploitation code. If this file is opened on a victim computer with unpatched PDF reader software, this code will execute commands of the attacker’s choosing.



Step 2: The attacker loads the malicious PDF file 2 a third-party website.The attacker then loads the malicious PDF file on a publicly accessible website.


STEP 3 : The attacker now sends e-mail to high-profile individualin the target organization, including corporate officers.This message contains a hyperlink to the attacker’s malicious PDF file on the external Web server. The e-mail message is finely tuned to each target individual with a focused effort to get the recipient to click on the link. some other trusted site. The attacker does not includethe malicious PDF file as an e-mail attachment, because such attacks are more likely to be blocked by e-mail filters, anti-virus software, and other defenses of the target organization.


Step4: The victim inside the targeted organization reads the e-mail, pulling down the attacker’s message with the link to the malicious PDF. The user reads the e-mail and clicks on the link.


Step5: When the user on the victim machine clicks on the link in the e-mail message, the victim’s computer automatically launches a browser to fetch the malicious PDF file. When the file arrives at the victim computer, the browser automatically invokes the PDF reader program to process and display the malicious PDF file.


Step6: When the PDF reader software processes the malicious PDF file for display, exploit code from the file executes on the victim machine. This code causes the system to launch an interactive command shell the attacker can use to control the victim machine. The exploit code also causes the machine to make an outbound connection back to the attacker through the enterprise firewall. Via this reverse shell connection, the attacker uses an outbound connection to gain inbound control of the victim machine.


Step 7 : With shell access of the victim machine, the attacker scours the system looking for sensitive files stored locally. After stealing some files from this first conquered system, the attacker looks for evidence of other nearby machines. In particular, the attacker focuses on identifying mounted file shares the user has connected to on a file server.



Step8: After identifying a file server, the attacker uses the command shell to access the server with the credentials of the victim user who clicked on the link to the malicious PDF. The attacker then analyzes the file server, looking for more files from the targetorganization.


Step9: Finally, with access to the file server, the attacker extracts a significant number of sensitive documents, possibly including the organization’s trade secrets and business plans, Personally Identifiable Information about customers and employees, or other important data the attacker could use or sell.



I Hope Guys You Liked The Scene Behind PDF Exploitation Steps, No Hesitation…!! Lets Share it..!!! This Contents Are Strictly Belongs To The Property Of (hackersbay.in)-> HACKERS

3 comments: