AdobeFips – Adobe Reader Lolbin
2024-11-17 02:12:32 Author: www.hexacorn.com(查看原文) 阅读量:8 收藏

Sometimes ‘research’ means browsing the folders of the ‘installed ‘target’ and… just executing programs present inside these directories to see what they do.

During this very engaging and fascinating activity I noticed that the program:

c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\OSSLLibs\AdobeFips.exe

produces a very familiar output:

Yup, it is the OpenSSL client signed by Adobe:

Verified:       Signed
Signing date:   10:59 2024-01-13
Publisher:      Adobe Inc.
Company:        The OpenSSL Project, https://www.openssl.org/
Description:    OpenSSL application
Product:        The OpenSSL Toolkit
Prod version:   3.0.10
File version:   3.0.10
MachineType:    32-bit

so, one can run f.ex.:

AdobeFips.exe s_client -connect domain:port

to connect to the domain and download stuff (f.ex. via GET request), plus any other rich features OpenSSL offers (download, encryption, reverse shell, etc.).


文章来源: https://www.hexacorn.com/blog/2024/11/16/adobefips-adobe-reader-lolbin/
如有侵权请联系:admin#unsafe.sh