mailing list archives
Re: Encodding a payload in a PDF for AV subversion (Peter Fellini)
From: "Scott McClellan" <Scott.McClellan () tn gov>
Date: Mon, 06 Jun 2011 14:22:02 -0500
Yes...you can pick one of the PDF exploits using msfcli, and then pipe it to msfencode. I haven't used msfvenom yet,
but I think it would save a couple of steps, and maybe make things less complicated.
By SEP-11, do you mean Symantec EndPoint Protection? You may have to do some trial-and-error to build a poison PDF
that will bypass SEP.
Date: Mon, 6 Jun 2011 14:54:45 -0400
From: Peter Fellini <p_fellini () hotmail com>
To: <framework () spool metasploit com>
Subject: [framework] Encodding a payload in a PDF for AV subversion
Message-ID: <BAY160-w229C7F577717B1204B644F8D600 () phx gbl>
Content-Type: text/plain; charset="iso-8859-1"
Is there any way to Encode a payload inside a PDF to subvert SEP-11.
- Re: Encodding a payload in a PDF for AV subversion (Peter Fellini) Scott McClellan (Jun 06)