PDF File Standard Fuzzer

#!/usr/bin/perl
# Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]
# PDF FUZZER -- TAKE IT TO THE HEAD
# :) HAVE FUN :)

use PDF::Create;
use Getopt::Std;

@overflow = ('A' x 8200, 'A' x 11000, 'A' x 110000, 'A' x 550000, 'A' x 1100000, 'A' x 2200000, 'A' x 12000000, "\0x99" x 1200, "//AAAA" x 250, "\\AAAA" x 250);

@fmtstring = ("%n%n%n%n%n", "%p%p%p%p%p", "%s%s%s%s%s", "%d%d%d%d%d", "%x%x%x%x%x",
              "%s%p%x%d", "%.1024d", "%.1025d", "%.2048d", "%.2049d", "%.4096d", "%.4097d",
              "%99999999999s", "%08x", "%%20n", "%%20p", "%%20s", "%%20d", "%%20x",
              "%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%", "\0xCD" x 50, "\0xCB" x 50);

@numbers = ("0", "-0", "1", "-1", "32767", "-32768", "2147483647", "-2147483647", "2147483648", "-2147483648",
            "4294967294", "4294967295", "4294967296", "357913942", "-357913942", "536870912", "-536870912",
            "1.79769313486231E+308", "3.39519326559384E-313", "99999999999", "-99999999999", "0x100", "0x1000",
            "0x3fffffff", "0x7ffffffe", "0x7fffffff", "0x80000000", "0xffff", "0xfffffffe", "0xfffffff", "0xffffffff",
            "0x10000", "0x100000", "0x99999999", "65535", "65536", "65537", "16777215", "16777216", "16777217", "-268435455");

@miscbugs = ("test|touch /tmp/ZfZ-PWNED|test", "test`touch /tmp/ZfZ-PWNED`test", "test'touch /tmp/ZfZ-PWNED'test", "test;touch /tmp/ZfZ-PWNED;test",
             "test&&touch /tmp/ZfZ-PWNED&&test", "test|C:/WINDOWS/system32/calc.exe|test", "test`C:/WINDOWS/system32/calc.exe`test",
             "test'C:/WINDOWS/system32/calc.exe'test", "test;C:/WINDOWS/system32/calc.exe;test", "/bin/sh", "C:/WINDOWS/system32/calc.exe", "%0xa", "%u000");

getopts('t:o:', \%opts);
$target = $opts{'t'};
$pdfdoc = $opts{'o'};

if(!defined($target) || !defined($pdfdoc))
{
     print "\n pdfUZZ - PDF Fuzzer";
     print "\nJeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com]";
     print "\n Usage: $0 -t <targetapp> -o <output.pdf>\n\n";
     exit(0);

}

     print "\n pdfUZZ - PDF Fuzzer";
     print "\nJeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com]\n";

print "\nFUZZING '$target' with '$pdfdoc' [STAGE->1(Version)]";

print "\n";
foreach(@numbers) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => $fuzz,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->2(Author)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => $fuzz,
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => $fuzz,
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => $fuzz,
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->3(Title)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => $fuzz,
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => $fuzz,
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => $fuzz,
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->4(page_size)]";

print "\n";
foreach(@numbers) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => [$fuzz, $fuzz, $fuzz, $fuzz]);
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->5(Subject)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => $fuzz,
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => $fuzz,
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => $fuzz,
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => $fuzz,
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => $fuzz,
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->6(Keywords)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => $fuzz);
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => $fuzz,
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => $fuzz);
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => $fuzz,
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => $fuzz);
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }

print "\nFUZZING '$target' with '$pdfdoc' [STAGE->7(font/Subtype)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => $fuzz,
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => $fuzz,
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => $fuzz,
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->8(font/Encoding)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => $fuzz,
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => $fuzz,
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => $fuzz,
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->9(font/BaseFont)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => $fuzz);
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => $fuzz);
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => $fuzz);
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }

print "\nFUZZING '$target' with '$pdfdoc' [STAGE->10(string/z+x+y)]";

print "\n";
foreach(@numbers) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, $fuzz, $fuzz, $fuzz, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->11(string/text)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, $fuzz);
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, $fuzz);
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, $fuzz);
$pdf->close;
system $target $pdfdoc; }

exit;



文章来自: 本站原创
引用通告: 查看所有引用 | 我要引用此文章
Tags:
评论: 37 | 引用: 0 | 查看次数: 19780
回复回复Paul[2017-02-27 07:18 AM | del]
You have superb stuff on this website.
回复回复Michelle[2017-01-02 09:00 AM | del]
Fastidious response in return of this issue with firm arguments and telling all on the topic of that.
回复回复Juliane[2017-01-02 03:44 AM | del]
It's appropriate time to make some plans for the future and it is time to be happy.
I have read this post and if I could I wish to suggest you some interesting things or advice. Maybe you can write next articles referring to this article. I wish to read even more things about it!
回复回复Jurgen[2016-11-23 06:05 PM | del]
Somos cerrajeros la villa de Madrid profesionales y realizamos aperturas, instalaciones y reparaciones con materiales de primera calidad y herramientas de avanzada tecnología eludiendo rupturas y desperfectos innecesarios.
回复回复Phoebe[2016-10-25 08:15 PM | del]
I enjoy the efforts you have put in this, thanks for all the great posts.
回复回复Betsey[2016-09-02 11:31 PM | del]
When it comes to local privacy, deleting your browsing history is one of the essentials in maintaining a private and secure browser.
However, the default options don't delete Internet Explorer history concerning your favorite websites. You can prevent any problem before it occurs by tightening the screws on Safari's security settings.
回复回复Nida[2016-09-02 12:52 AM | del]
When it comes to local privacy, deleting your browsing history is one of the essentials in maintaining a private and secure browser.
The components of an uninstaller typically include the following: - Uninstaller: a program remover reverses the modifications that the program made during installation. Sometimes even with our intuition telling us something is wrong we don't really notice the day to day interaction.
回复回复Candra[2016-09-02 05:08 AM | del]
Monitoring usage in this way is an important part of maintaining the integrity of your Windows installations - being aware of unusual websites might just be that vital clue to determining the origin of a piece of malware or some spam after an email address has been mistakenly or blindly entered into a web page form.
Chrome allows users to clear the entire cache with a few clicks and taps. South Africa's unprecedented cultural diversity ensures a rich and ever changing tapestry of arts and crafts.
回复回复Garnet[2016-09-02 03:30 AM | del]
eval(ez_write_tag([[580,400],'brighthub_com-netboard-1']));.
If you do not want your web browser to store your history, you can customize your settings in order to prohibit the browser from saving all pages, including encrypted pages. You don't have to be a victim, and as cliche as it sounds, love is not supposed to hurt - mentally or physically.
回复回复Shawna[2016-08-30 09:26 AM | del]
eval(ez_write_tag([[580,400],'brighthub_com-netboard-1']));.
With this, without your actually knowing about it, you may have some illicit images and information stored in the computer. As you can see from the screenshot below, we can choose to delete specific information types, or all types at the same time.
发表评论
昵 称:
密 码: 游客发言不需要密码.
内 容:
验证码: 验证码
选 项:
虽然发表评论不用注册,但是为了保护您的发言权,建议您注册帐号.
字数限制 1000 字 | UBB代码 开启 | [img]标签 关闭