GitHub - deepzec/Bad-Pdf: Steal NTLM Hashes with Bad-PDF
source link: https://github.com/deepzec/Bad-Pdf
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
Bad-Pdf
Bad-PDF create malicious PDF to steal NTLM Hashes from windows machines, it utilize vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf reads the NTLM hashes using Responder listener.
This method work on all PDF readers(Any version) and java scripts are not required for this attack.
Reference : https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/
Disclaimer:
All the code provided on this repository is for educational/research purposes only. Any actions and/or activities related to the material contained within this repository is solely your responsibility. The misuse of the code in this repository can result in criminal charges brought against the persons in question. Author will not be held responsible in the event any criminal charges be brought against any individuals misusing the code in this repository to break the law.
Dependency:
Responder/Kali Linux
Usage:
python badpdf.py
Run Bad-PDF in Kali linux:
Responder waiting for NTLM hash:
Run generated Bad-PDF file on a windows machine and get NTLM hash: :)
Author : Deepu TV Contact me @twitter.com/DeepZec
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK