Metasploit mailing list archives
Re: Setting triple/quad PDF exploit system
From: Sachin Shinde <sachinshinde11 () gmail com>
Date: Tue, 29 Jun 2010 16:56:33 +0530
Hi , Can you point me the link? Collab.GetIcon() is javascript VM vulnerability(you know that) and Libtiff is int overflow in libtiff library. But I dont think metasploit right now can combine them together you have to do it manually.Its simple ,you can do it , if you know the pdf file format and have payloads :-).also see didder stevens blog for obfuscation techniques. additionally you can try my tool spiderpig (http://code.google.com/p/spiderpig-pdffuzzer/) to create your own triple exploit system based on javascript. there is python script(spig.py) which reads input file and write it as a javascript code into the pdf file but limitation is ,it will only target javascript VM. Regards, cons0ul On Tue, Jun 29, 2010 at 2:47 PM, Spring Systems <korund () hotmail com> wrote:
Hi, yes, something like this. I saw somewhere one tool(.NET application), as was noted in description, it creates pdf which include two modules exploiting Libtiff and Collab.Getlcon() exploits, and dedicated to execute embedded exe file (in one pdf) Regards, SpringDate: Tue, 29 Jun 2010 11:22:42 +0530 Subject: Re: [framework] Setting triple/quad PDF exploit system From: sachinshinde11 () gmail com To: framework () spool metasploit com CC: korund () hotmail com Hi , Are you talking about exploits that uses vulnerablilities in the PDF javascript VM ?if yes, then therotically it may be posssible(never tried) to create triple exploit file system by spraying donkey way and then trying mem currption exploits one by one.but latest trend is embedding swf exploits in pdf. Regards, cons0ul________________________________ Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox. Learn more.
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: Setting triple/quad PDF exploit system Sachin Shinde (Jun 28)
- Message not available
- Re: Setting triple/quad PDF exploit system Sachin Shinde (Jun 29)
- Re: Setting triple/quad PDF exploit system Spring Systems (Jun 29)
- Re: Setting triple/quad PDF exploit system Spring Systems (Jun 29)
- Re: Setting triple/quad PDF exploit system Sachin Shinde (Jun 29)
- Message not available