{"id":9657,"date":"2024-11-16T18:12:32","date_gmt":"2024-11-16T18:12:32","guid":{"rendered":"https:\/\/www.hexacorn.com\/blog\/?p=9657"},"modified":"2024-11-16T18:12:32","modified_gmt":"2024-11-16T18:12:32","slug":"adobefips-adobe-reader-lolbin","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2024\/11\/16\/adobefips-adobe-reader-lolbin\/","title":{"rendered":"AdobeFips – Adobe Reader Lolbin"},"content":{"rendered":"\n

Sometimes ‘research’ means browsing the folders of the ‘installed ‘target’ and… just executing programs present inside these directories to see what they do.<\/p>\n\n\n\n

During this very engaging and fascinating activity I noticed that the program:<\/p>\n\n\n\n

c:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\OSSLLibs\\AdobeFips.exe<\/pre>\n\n\n\n
produces a very familiar output:<\/p>\n\n\n\n
\"\"<\/a><\/figure>\n\n\n\n
Yup, it is the OpenSSL client signed by Adobe:<\/p>\n\n\n\n
Verified:       Signed\nSigning date:   10:59 2024-01-13\nPublisher:      Adobe Inc.\nCompany:        The OpenSSL Project, https:\/\/www.openssl.org\/\nDescription:    OpenSSL application\nProduct:        The OpenSSL Toolkit\nProd version:   3.0.10\nFile version:   3.0.10\nMachineType:    32-bit<\/pre>\n\n\n\n
so, one can run f.ex.:<\/p>\n\n\n\n
AdobeFips.exe s_client -connect domain:port<\/pre>\n\n\n\n
to connect to the domain<\/em> and download stuff (f.ex. via GET request), plus any other rich features OpenSSL offers (download, encryption, reverse shell, etc.).<\/p>\n","protected":false},"excerpt":{"rendered":"
Sometimes ‘research’ means browsing the folders of the ‘installed ‘target’ and… just executing programs present inside these directories to see what they do. During this very engaging and fascinating activity I noticed that the program: c:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\OSSLLibs\\AdobeFips.exe … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[56,64],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/9657"}],"collection":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/comments?post=9657"}],"version-history":[{"count":1,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/9657\/revisions"}],"predecessor-version":[{"id":9659,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/9657\/revisions\/9659"}],"wp:attachment":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/media?parent=9657"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/categories?post=9657"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/tags?post=9657"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}