Home page logo
/

metasploit logo Metasploit mailing list archives

Re: Setting triple/quad PDF exploit system
From: Sachin Shinde <sachinshinde11 () gmail com>
Date: Tue, 29 Jun 2010 16:56:33 +0530

Hi ,

Can you point me the link?

Collab.GetIcon() is javascript VM vulnerability(you know that) and
Libtiff is int overflow in libtiff library. But I dont think
metasploit right now can combine them together you have to do it
manually.Its simple ,you can do it , if you know the pdf file format
and have payloads :-).also see didder stevens blog for obfuscation
techniques.

additionally you can  try my tool spiderpig
(http://code.google.com/p/spiderpig-pdffuzzer/) to create your own
triple exploit system based on javascript. there is python
script(spig.py) which reads input file and write it as a javascript
code into the pdf file but limitation is ,it will only target
javascript VM.

Regards,
cons0ul

On Tue, Jun 29, 2010 at 2:47 PM, Spring Systems <korund () hotmail com> wrote:
Hi,

yes, something like this. I saw somewhere one tool(.NET application), as was
noted in description, it creates pdf which include two modules exploiting
Libtiff and Collab.Getlcon() exploits, and dedicated to execute embedded exe
file (in one pdf)

Regards,
Spring


Date: Tue, 29 Jun 2010 11:22:42 +0530
Subject: Re: [framework] Setting triple/quad PDF exploit system
From: sachinshinde11 () gmail com
To: framework () spool metasploit com
CC: korund () hotmail com

Hi ,

Are you talking about exploits that uses vulnerablilities in the PDF
javascript VM ?if yes,

then therotically it may be posssible(never tried) to create triple
exploit file system by spraying donkey way and then trying mem
currption exploits one by one.but latest trend is embedding swf
exploits in pdf.

Regards,
cons0ul

________________________________
Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox.
Learn more.
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]