Can I embed an exe payload in a pdf, doc, ppt or any other file format? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

开发者_如何学运维

Closed 6 years ago.

Improve this question

Is there any way that I can embed a .exe file in a .pdf, .doc, .xls, or .ppt file in such a way that upon opening the containing file, the document processor will run the .exe automatically without the user intentionally executing it?

---

Yes, this is totally possible and pretty easy to accomplish - so long as you have an active exploit in the PDF viewer. Check out one of the many Adobe Acrobat Exploits in the Metasploit framework. Next you can use a download+exec shellcode to download and execute your payload, err I mean ".exe".

---

You can embed files with EXE or any other format. However, the ability to have the EXE run automatically depends on the viewer application and its security settings. This PDF feature has been exploited by many malware. So, there is no guarantee that it will work on all end-user systems. Be warned that if you make this feature a part of some commercial application, then security software will soon flag it as a malware, which can adversly affect your company's reputation.

---

Yes. Besides using an exploit, you can just paste the file in using Acrobat Professional. Acrobat allows you to add arbitrary attachments these days.

If you make your PDF files with pdflatex, you can embed any file using the embedfile package. I use this frequently to add all kinds of files to PDF files. They show up as attachments.

\usepackage{embedfile}
\embedfile{my-wonderful-file.exe}

You can also use the Acrobat GUI to do it.

---

In short, no. These file formats have no provision for embedding a Win32 PE executable inside of them.

For the Office files, you could use VBA to write a script that runs when the document is opened.