Land #4140, @wchen-r7's default template for adobe_pdf_embedded_exe

* Fixes #4134 * Adds a default PDF template
2024-09-04 20:18:27 +02:00 · 2014-11-05 20:21:14 -06:00 · 2014-11-05 20:21:14 -06:00 · 54c1e13a98
commit 54c1e13a98
parent adefb2326e 1b2554bc0d
2 changed files with 56 additions and 1 deletions
--- a/data/exploits/CVE-2010-1240/template.pdf
+++ b/data/exploits/CVE-2010-1240/template.pdf
@ -0,0 +1,55 @@
+%PDF-1.0
+1 0 obj
+<<
+	/Pages 2 0 R
+	/Type /Catalog
+>>
+endobj
+2 0 obj
+<<
+	/Count 1
+	/Kids [ 3 0 R ]
+	/Type /Pages
+>>
+endobj
+3 0 obj
+<<
+	/Contents 4 0 R
+	/Parent 2 0 R
+	/Resources <<
+		/Font <<
+			/F1 <<
+				/Type /Font
+				/Subtype /Type1
+				/BaseFont /Helvetica
+				/Name /F1
+			>>
+		>>
+	>>
+	/Type /Page
+	/MediaBox [ 0 0 795 842 ]
+>>
+endobj
+4 0 obj
+<<
+	/Length 0
+>>stream
+
+endstream
+endobj
+xref
+0 5
+0000000000 65535 f
+0000000010 00000 n
+0000000067 00000 n
+0000000136 00000 n
+0000000373 00000 n
+trailer
+<<
+	/Root 1 0 R
+	/Size 5
+	/Info 0 0
+>>
+startxref
+429
+%%EOF
--- a/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb
+++ b/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb
@ -50,7 +50,7 @@ class Metasploit3 < Msf::Exploit::Remote

    register_options(
      [
-        OptString.new('INFILENAME', [ true, 'The Input PDF filename.']),
+        OptPath.new('INFILENAME', [ true, 'The Input PDF filename.', ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2010-1240', 'template.pdf') ]),
        OptString.new('EXENAME', [ false, 'The Name of payload exe.']),
        OptString.new('FILENAME', [ false, 'The output filename.', 'evil.pdf']),
        OptString.new('LAUNCH_MESSAGE', [ false, 'The message to display in the File: area',