Home page logo
/

metasploit logo Metasploit mailing list archives

Re: Encodding a payload in a PDF for AV subversion (Peter Fellini)
From: "Scott McClellan" <Scott.McClellan () tn gov>
Date: Mon, 06 Jun 2011 14:22:02 -0500

Yes...you can pick one of the PDF exploits using msfcli, and then pipe it to msfencode.  I haven't used msfvenom yet, 
but I think it would save a couple of steps, and maybe make things less complicated.
 
By SEP-11, do you mean Symantec EndPoint Protection?  You may have to do some trial-and-error to build a poison PDF 
that will bypass SEP.
 
Message: 5
Date: Mon, 6 Jun 2011 14:54:45 -0400
From: Peter Fellini <p_fellini () hotmail com>
To: <framework () spool metasploit com>
Subject: [framework] Encodding a payload in a PDF for AV subversion
Message-ID: <BAY160-w229C7F577717B1204B644F8D600 () phx gbl>
Content-Type: text/plain; charset="iso-8859-1"
 

Is there any way to Encode a payload inside a PDF to subvert SEP-11.
 
Thanks
Pete
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

  By Date           By Thread  

Current thread:
  • Re: Encodding a payload in a PDF for AV subversion (Peter Fellini) Scott McClellan (Jun 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault