infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Be more clear that we dislike certain PDF templates

unstable
sinn3r 2012-08-31 14:07:58 -05:00
parent f48fbaccb0
commit d106a1150e
1 changed files with 20 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb
View File

@ -71,21 +71,32 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Reading in '#{file_name}'...") print_status("Reading in '#{file_name}'...")
stream = read_pdf() stream = read_pdf()
print_status("Parsing '#{file_name}'...")
pdf_objects = parse_pdf(stream)
print_status("Parsing Successful.")
xref_trailers = pdf_objects[0]
trailers = pdf_objects[1]
startxrefs = pdf_objects[2]
root_obj = pdf_objects[3]
begin begin
print_status("Parsing '#{file_name}'...")
pdf_objects = parse_pdf(stream)
xref_trailers = pdf_objects[0]
trailers = pdf_objects[1]
startxrefs = pdf_objects[2]
root_obj = pdf_objects[3]
output = basic_social_engineering_exploit(xref_trailers,root_obj,stream,trailers,file_name,exe_name,startxrefs.last) output = basic_social_engineering_exploit(xref_trailers,root_obj,stream,trailers,file_name,exe_name,startxrefs.last)
print_status("Creating '#{datastore['FILENAME']}' file...") print_status("Parsing Successful. Creating '#{datastore['FILENAME']}' file...")
file_create(output) file_create(output)
rescue KeyError => e rescue KeyError => e
print_error("Incompatible PDF structure: #{e.message}. Please try a different PDF.") # Lazy fix:
# Similar to the problem with NoMethod -- something we need is missing in the PDF.
# But really what happens is the module trusts the PDF too much.
print_error("Sorry, I'm picky. Incompatible PDF structure: #{e.message}. Please try a different PDF template.")
elog("Call stack:\n#{$!.backtrace.join("\n")}")
rescue NoMethodError => e
# Lazy fix:
# When a NoMethod error is hit, that means that something in the PDF is actually missing,
# so we can't parse it. If we can't parse it properly, then we can't garantee the exploit
# will work, either. So we might as well just reject it.
print_error("Sorry, I'm picky. Incompatible PDF structure, please try a different PDF template.")
elog("Call stack:\n#{$!.backtrace.join("\n")}")
end end
end end
@ -240,8 +251,6 @@ class Metasploit3 < Msf::Exploit::Remote
end end
end end
pages_obj = catalog.match(/Pages (\d+ \d) R/m)[1] pages_obj = catalog.match(/Pages (\d+ \d) R/m)[1]
pages = parse_object(xref_trailers,pages_obj,stream) pages = parse_object(xref_trailers,pages_obj,stream)