jonaslejon / malicious-pdf Goto Github PK

Using python 3.9

test1.pdf involves attempting to list \\HOST\, which fails because there's no share name mentioned. Mentioning a share name (even if it's non-existent) will correctly call the attacker.

PR #15

Maybe adding additional triggers? Like the Eicar string or similar

Hi, I get some error messages while using your program. I use Python3.

python3 malicious-pdf.py mydomain.com
  File "malicious-pdf.py", line 607
    except IndexError, e:
                     ^
SyntaxError: invalid syntax

'Fixed' by except IndexError: in line 607 but again:

python3 malicious-pdf.py mydomain.com
Creating PDF files..
Traceback (most recent call last):
  File "malicious-pdf.py", line 613, in <module>
    create_malpdf("test1.pdf", '\\\\' + '\\\\'  + host + '\\\\' )
  File "malicious-pdf.py", line 533, in create_malpdf
    file.write('''
TypeError: a bytes-like object is required, not 'str'

Can you explain what the cause of these problems is?

Regards

The generated PDFs have an empty line or comments at the beginning. This leads to errors when opening the pdf files depending on the technology.

For example, if a program looks for %PDF-1. at the beginning of the PDF file, uploading or opening the file will fail.

Best Regards

PDF Blind XSS payloads

https://portswigger.net/research/portable-data-exfiltration

Looking at the reference blog for Test4.pdf at https://insert-script.blogspot.com/2019/01/adobe-reader-pdf-callback-via-xslt.html it seems the href needs to be a UNC path like \\test.com\whatever.xslt. When running this script with test.com as the parameter the href is \https://test.com\whatever.xslt. This appears to incorrectly exploit CVE-2019-7089.

I don't have it

Mind adding a license to this project?

See: https://www.choosealicense.com