π I'm a Cyber Security guy living in FunΓ€sdalen, Sweden π
Here at GitHub you will find my contributions to various open-source projects and some quick ugly haacks of my own.
π Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
License: BSD 2-Clause "Simplified" License
test1.pdf
involves attempting to list \\HOST\
, which fails because there's no share name mentioned. Mentioning a share name (even if it's non-existent) will correctly call the attacker.
PR #15
Hi, I get some error messages while using your program. I use Python3.
python3 malicious-pdf.py mydomain.com
File "malicious-pdf.py", line 607
except IndexError, e:
^
SyntaxError: invalid syntax
'Fixed' by except IndexError:
in line 607 but again:
python3 malicious-pdf.py mydomain.com
Creating PDF files..
Traceback (most recent call last):
File "malicious-pdf.py", line 613, in <module>
create_malpdf("test1.pdf", '\\\\' + '\\\\' + host + '\\\\' )
File "malicious-pdf.py", line 533, in create_malpdf
file.write('''
TypeError: a bytes-like object is required, not 'str'
Can you explain what the cause of these problems is?
Regards
The generated PDFs have an empty line or comments at the beginning. This leads to errors when opening the pdf files depending on the technology.
For example, if a program looks for %PDF-1. at the beginning of the PDF file, uploading or opening the file will fail.
Best Regards
PDF Blind XSS payloads
Looking at the reference blog for Test4.pdf at https://insert-script.blogspot.com/2019/01/adobe-reader-pdf-callback-via-xslt.html it seems the href needs to be a UNC path like \\test.com\whatever.xslt. When running this script with test.com as the parameter the href is \https://test.com\whatever.xslt. This appears to incorrectly exploit CVE-2019-7089.
I don't have it
Mind adding a license to this project?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.