Social Engineering : About Social Engineering : Social Engineering Techniques in Metasploit Pro : File Format Exploits

File Format Exploits
File format exploits are attacks that take advantage of a vulnerability in the way that an application processes data in a particular kind of file format, such as PDF, DOC, or JPEG. A file format exploit can run when a human target opens a attachment that contains the exploit. For example, you can attach a malicious Word document that contains an exploit, like MS11-006, to an e-mail. When the human target downloads and views the attachment (in thumbnail view), a session opens on the target’s machine and gives you a shell to access their system.
To set up an e-mail attachment attack in Metasploit Pro, you need to create a campaign that contains the following component:
·
E-mail component - Attaches a file format exploit to the e-mail and defines the content that you want to send in the e-mail body, and the human targets that you want to receive the e-mail.
·
Portable file component - Generates a file format exploit that you can store on a USB key.