# PDF Files I will use LibreOffice and create a PDF Document with a Evil URL that will Harvest Credentials. We can create PDF files with any creative Social Engineering pretext so that we can get our user to click on the link on the Document, we can use small obfuscation to trick them that it come's from a legitimate source, or to be as tempting as possible to make them click the Link. This PDF will have a link that will ask the user to visit so they can verify there paycheck information. I will use SET here and create a custom Template asking the user for, his Name, Last Name and Password informing that the user's paycheck has arrived and they need to login onto this super secure portal, here I am trying to evade the email's protections since it can detected various forms of phishing. I will ask the user to follow a Link and send them to a server I control to harvest the credentials. I will open LibreOffice and create a simple PDF file stating that the user's Paycheck has been delivered and that he needs to login to a Secure Portal {% hint style="info" %} This is still considered and attachment, but their is no malicious payload loaded into the PDF so no warning signs here just the malicious Hyper Link {% endhint %} ![LibreOffice](/files/-Lx7o0v7jVazNgctfz7X) Here you will create a Hyperlink on a Text that will send the user into our Phishing page, you're method of Delivery should be an email, Text, or anything creative. In this scenario we will focus on Email, User has received the email and already downloaded to the machine. On our end we will setup SET to use a custom HTML file as the template to capture the user's credentials.\[Remember SET run's with root permissions to open common ports such as 80 and 443] We will choose option 1 for our Social-Engineering Attacks ![](/files/-Lx7qFc1df3SZuNRMxhw) Website attacks ![](/files/-Lx7qSRcjcOin5Fg-t7j) The Credential Harvester method will utilize web cloning of a web- site that has a username and password field and harvest all the information posted to the website. ![](/files/-Lx7qbiT5JrxxKkQ6ivv) And then we will select Custom Import ![](/files/-Lx7qiRIk-6zyUzeruDF) The next options are self explanatory, from the HTML file you created you will save this onto a folder named as `index.html` the path to your folder should be something like `/home/user/folder/` do not forget the last forward slash as you are indicating a folder not a file. You will setup the IP address or DNS name you control this will be with there respective setup's that are not explained here. User open the file and views the Content ![](/files/-Lx7swNcKsXtST12AsWV) Clicks on the Link And will receive a login page asking for the user's information. ![](/files/-Lx7t9CdS6g5biKeg5yu) Form is filled by the User ![](/files/-Lx7tK036aLlACW0JUWT) And once they hit Submit this button will redirect him to any given page you have chosen while in the background the credentials of the user were captured and sent back to our Terminal. ![](/files/-Lx7tgpvSH9O_vq9KqfU) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://dmcxblue.gitbook.io/red-team-notes/initial-acces/spear-phishing-links/pdf.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.