Embed Payload in PDF File

In this article, I want to show you how to embed payload in PDF with EvilPDF tool. By the end of the article, you will be able to embed payload in PDF, and get a reverse shell from the victim, hopefully 🙂

EvilPDF is a Linux tool made in python and used to embed payload in PDF, and also have capability to launch a listener.

Below, I want to show you all steps together, instead of given step by step.

At the first step, we are showing the pdf file that we will embed payload in. We set LHOST and LPORT for the listener and after completing the steps, EvilPDF creates the payloaded pdf file. It is ready just in a few minutes.

Also, at the and of the processes, it asks to start listener.

There is one thing you should not forget that the victim should open this file with Acrobat Reader since EvilPDF uses some vulnerabilities in Acrobat Reader.

Let’s check what is happening on victim after downloading and running the pdf file with Acrobat Reader.

My victim has only Windows Defender on it as Antivirus and Defender directly detects the malicious after clicking, and no reverse shell is created. This is the screenshot of the alert of Windows Defender.

Let’s check our pdf via VirusTotal;

VirusTotal says that 10 of 62 antiviruses can detect our payload embedded pdf file.

As the result, it is very easy to embed a payload into a pdf file with EvilPDF but you need to test it very carefully with the victim’s antivirus tool.

Leave a Reply