Extracting Malicious Shellcode From PDF

Source: OpenSecurityTraining

  1. PDFStreamDumper
  2. Load -> Pdf File
  3. View objects list in left-side box
    • Tools -> About Listview Colors
  4. choose object of interest (click on it to select)
    • to export as-is: Right-click object number in left-side box -> Save Raw Stream
    • to deal with JavaScript…
      1. click on object in left-side box, to select it
      2. click Javascrip_UI (in the menubar)
      3. modify JavaScript so that you remove the exploit line(s) and just have a variable that contains the shellcode
      4. add to the end of the JavaScript box (replacing VAR_NAME): tb.writeFile(“C:\\shellcode.bin”,VAR_NAME)
      5. click the Run button

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: