deepzec / bad-pdf Goto Github PK

View Code? Open in Web Editor NEW

1.0K 1.0K 212.0 1.5 MB

Steal Net-NTLM Hash using Bad-PDF

License: GNU General Public License v3.0

Python 100.00%

badpdf cve-2018-4993 ntlm-hash-extraction ntlm-hashes vulnerability

bad-pdf's People

Contributors

Stargazers

Watchers

Forkers

josejamilena open-sec zshell shantanu561993 techlord-rce samyoyo security-geeks mlynchcogent vysecurity p3t3rp4rk3r gavz cclauss weeshlow l0gan rakesh72 rajivraj firefalc0n ankushgoel27 awesome-security zulou carlcj loveh4ck av1080p ashr h1d3r edwinlu fcccode moriarty2016 haimo918 arryboom suriya73 ro9ueadmin c002 mrtaheramine jermainlaforce redwifiteam rawachraf moheshmohan xuacker jbarcia 3gstudent tyekrgk guardianrg blacktrace saleem144 5bhuv4n35h cephurs paran0ids0ul quikilr pentest30 hax0rg1rl pabit z0edff0x3d sec-db iw00tr00t peterg75 mramu111 d4mn4t10n virgilcj vaginessa lolici123 minkione w00t3k hapazores koncybernet oscarandreu yaoyi2008 scorpioni4e rich-roth luca-m optionalg eltorobiz tim1512 benjitrapp exploit-inters br3ign kimusan ru-dust riviera12345 5up3rc nbg0x1 jakuta-tech qsdj 111cyber0cculte888 leomatias 1337g prodject trietptm-on-coding-algorithms ziednamouchi fingerleakers limkokholefork abraham313 skyw3lker dfirfpi dr1ipr sgachies neux7z iraqnophobia hfm attackgithub

bad-pdf's Issues

when i try to execute the command from the kali terminal ( python bad.pdf.py), i get the error message" Responder not found" I have responder program installed in my usr/bin folder. Any help? much appreciated. Thanks

Error

I am getting an error when testing this - any help is appreciated

Bad_PDF

http responder server support

Blocking port 445 on a gateway is considered a best practice which makes using responder's smb service less reliable. Luckily you can get the same results by using responder's http service and specifying the listener with http:/// as the /AA entry. Would it be possible to add support for this to Bad-PDF?

i think does not work for me :( why?

─[d3vil67@backbox]─[~/Hacking/Bad-Pdf]
└──╼ $sudo python badpdf.py

    ______                 __       _______  ______   ________  
    |_   _ \               |  ]     |_   __ \|_   _ `.|_   __  | 
      | |_) |  ,--.    .--.| | ______ | |__) | | | `. \ | |_ \_| 
      |  __'. `'_\ : / /'`' ||______||  ___/  | |  | | |  _|    
     _| |__) |// | |,| \__/  |       _| |_    _| |_.' /_| |_     
    |_______/ '-;__/ '.__.;__]     |_____|  |______.'|_____|

    By DeepZec 

    =============================================================

Responder detected :/usr/bin/responder
Please enter Bad-PDF host IP:
192.168.100.130
Please enter output file name:
titanic.pdf
Please enter the interface name to listen(Default eth0):
wlan0
[] Starting Process.. []
Bad PDF titanic.pdf created
__
.----.-----.-----.-----.-----.-----.--| |.-----.----.
| _| -| --| _ | _ | | _ || -| _|
|| ||| ||||||||
|_|

       NBT-NS, LLMNR & MDNS Responder 2.3

Author: Laurent Gaffie ([email protected])
To kill this script hit CRTL-C

[+] Poisoners:
LLMNR [ON]
NBT-NS [ON]
DNS/MDNS [ON]

[+] Servers:
HTTP server [ON]
HTTPS server [ON]
WPAD proxy [OFF]
SMB server [ON]
Kerberos server [ON]
SQL server [ON]
FTP server [ON]
IMAP server [ON]
POP3 server [ON]
SMTP server [ON]
DNS server [ON]
LDAP server [ON]

[+] HTTP Options:
Always serving EXE [OFF]
Serving EXE [OFF]
Serving HTML [OFF]
Upstream Proxy [OFF]

[+] Poisoning Options:
Analyze Mode [OFF]
Force WPAD auth [OFF]
Force Basic Auth [OFF]
Force LM downgrade [OFF]
Fingerprint hosts [OFF]

[+] Generic Options:
Responder NIC [wlan0]
Responder IP [192.168.100.130]
Challenge set [1122334455667788]

[!] Error starting TCP server on port 80, check permissions or other servers running.
[!] Error starting SSL server on port 443, check permissions or other servers running.
[!] Error starting TCP server on port 445, check permissions or other servers running.
[!] Error starting TCP server on port 139, check permissions or other servers running.
[!] Error starting TCP server on port 1433, check permissions or other servers running.
[!] Error starting TCP server on port 88, check permissions or other servers running.
[!] Error starting TCP server on port 21, check permissions or other servers running.
[!] Error starting TCP server on port 110, check permissions or other servers running.
[!] Error starting TCP server on port 389, check permissions or other servers running.
[!] Error starting TCP server on port 25, check permissions or other servers running.
[!] Error starting TCP server on port 587, check permissions or other servers running.
[!] Error starting TCP server on port 143, check permissions or other servers running.
[+] Listening for events...
[!] Error starting TCP server on port 53, check permissions or other servers running.

Compatibility with MAC OSX OS

OSX operating system requires a '-i' switch for this tool to work

Non responder

is there any possibility to use this rather responder? just like using sct or hta

Responder Not Found

"Responder not found..
Please enter responder path (Default /usr/bin/responder): "

That is what i get when i run 'python badpdf.py' as root.
I have googled, and read the 'Readme'
I am not sure what to do. Please help. Thank you

Other functions can also make it

In the original report by checkpoint, they use GoToR and GoToE.

By my work, Launch is also work. But you may remove the line of /D.

You can have a try. : )