Re: Setting triple/quad PDF exploit system

[Spring Systems <korund () hotmail com>]

Hi,

here is screenshot, I read only short description published on one private forum, author didn't share it yet;

works on Adobe 5.0 to Adobe 9.3
2 modules use Launch Action + 2 modules uses Libtiff и exploit Collab.Getlcon() exploits.
http://img88.imageshack.us/img88/1654/indexpf.jpg

Regards,
Spring


> Date: Tue, 29 Jun 2010 16:56:33 +0530
> Subject: Re: [framework] Setting triple/quad PDF exploit system
> From: sachinshinde11 () gmail com
> To: korund () hotmail com; framework () spool metasploit com
>
> Hi ,
>
> Can you point me the link?
>
> Collab.GetIcon() is javascript VM vulnerability(you know that) and
> Libtiff is int overflow in libtiff library. But I dont think
> metasploit right now can combine them together you have to do it
> manually.Its simple ,you can do it , if you know the pdf file format
> and have payloads :-).also see didder stevens blog for obfuscation
> techniques.
>
> additionally you can  try my tool spiderpig
> (http://code.google.com/p/spiderpig-pdffuzzer/) to create your own
> triple exploit system based on javascript. there is python
> script(spig.py) which reads input file and write it as a javascript
> code into the pdf file but limitation is ,it will only target
> javascript VM.
>
> Regards,
> cons0ul
>
> On Tue, Jun 29, 2010 at 2:47 PM, Spring Systems <korund () hotmail com> wrote:
> > Hi,
> >
> > yes, something like this. I saw somewhere one tool(.NET application), as was
> > noted in description, it creates pdf which include two modules exploiting
> > Libtiff and Collab.Getlcon() exploits, and dedicated to execute embedded exe
> > file (in one pdf)
> >
> > Regards,
> > Spring
> >
> >
> > > Date: Tue, 29 Jun 2010 11:22:42 +0530
> > > Subject: Re: [framework] Setting triple/quad PDF exploit system
> > > From: sachinshinde11 () gmail com
> > > To: framework () spool metasploit com
> > > CC: korund () hotmail com
> > >
> > > Hi ,
> > >
> > > Are you talking about exploits that uses vulnerablilities in the PDF
> > > javascript VM ?if yes,
> > >
> > > then therotically it may be posssible(never tried) to create triple
> > > exploit file system by spraying donkey way and then trying mem
> > > currption exploits one by one.but latest trend is embedding swf
> > > exploits in pdf.
> > >
> > > Regards,
> > > cons0ul
> >
> > ________________________________
> > Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox.
> > Learn more.
                                          
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. 
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework