来源

关联漏洞

描述

CVE-2024-4367 is a critical vulnerability (CVSS 9.8) in PDF.js, allowing arbitrary JavaScript code execution due to insufficient type checks on the FontMatrix object within PDF files.

介绍

# WEAPONIZING-CVE-2024-4367
CVE-2024-4367 is a critical vulnerability (CVSS 9.8) in PDF.js, allowing arbitrary JavaScript code execution due to insufficient type checks on the FontMatrix object within PDF files.

# CVE-2024-4367 Exploit Wizard: User Guide

| **CVE IDENTIFIER** | **CVE-2024-4367** |
|--------------------|-------------------|
| **SEVERITY**       | Critical (CVSS Score: 9.8) |
| **VULNERABILITY**  | Arbitrary JavaScript code execution in PDF.js due to insufficient type checks on FontMatrix object |
| **EXPLOITATION**   | Maliciously crafted PDF files can execute JavaScript in the victim’s browser, leading to data theft, XSS, or RCE. |

---

## 1. Environment Setup

### Prerequisites

1. **Operating System**:
   - A Debian/Ubuntu-based Linux distribution or equivalent, with administrative privileges.
   - Ensure Python 3.x is installed (`python3 --version`).

2. **Script Setup**:
   - Save the exploit script in a directory of your choice (e.g., `~/cve-2024-4367/`) with the filename `cve_2024_4367_exploit_wizard.py`.

3. **Template PDF**:
   - Place a benign PDF file named `template.pdf` in the same directory. This file will serve as the base for the malicious PDF.

4. **Social Engineering Toolkit (SET)**:
   - Install SET (Social Engineering Toolkit):
     ```bash
     sudo apt-get update
     sudo apt-get install set
     ```
   - Verify installation with:
     ```bash
     which setoolkit
     ```

---

## 2. Running the Exploit Wizard

### Step 1: Make the Script Executable (Optional)

Grant executable permissions to the script:
```bash
chmod +x cve_2024_4367_exploit_wizard.py
```

### Step 2: Execute the Script

Run the script using either method below:
```bash
./cve_2024_4367_exploit_wizard.py
```
**or**
```bash
python3 cve_2024_4367_exploit_wizard.py
```

### Step 3: Follow On-Screen Prompts

The script will guide you through the attack process step-by-step.

---

## 3. Step-by-Step Wizard Workflow

### **Step 1: Verify and Install Dependencies**

- The script automatically checks for:
  - **PyPDF2**: Required for manipulating PDFs.
  - **SET**: Used for phishing campaigns.
- Missing dependencies will be installed automatically (or prompt for manual installation).

### **Step 2: Create a Malicious PDF**

- The script injects a JavaScript payload into the `/FontMatrix` field of the `template.pdf`.
- The output, `malicious.pdf`, will be saved in the same directory.
- Success or failure will be displayed.

### **Step 3: Manage Campaign Targets**

- Add target emails (or identifiers) interactively.
- Type each target email one by one.
- Finalize the list by typing `done`.

### **Step 4: Launch Social Engineering Toolkit (SET)**

- The script integrates with SET to deliver the malicious PDF via phishing.
- Follow SET’s prompts to configure the campaign:
  - Set up email templates.
  - Attach `malicious.pdf`.
- Exit SET to return to the wizard.

### **Step 5: Host Malicious PDF**

- The script launches an HTTP server at `http://localhost:8080`.
- `malicious.pdf` is accessible for download.
- Data exfiltrated by the payload (e.g., `document.cookie`) will be logged in the script’s console.

---

## 4. Testing the Exploit

### **Validate in a Controlled Environment**

1. Open `malicious.pdf` in a vulnerable version of PDF.js or a sandboxed VM.
2. Monitor server logs to confirm payload execution and data exfiltration.

### **Observe Exfiltration Logs**

- Data (e.g., cookies) submitted by the payload will be logged as:
  ```
  [+] Data exfiltrated: session_id=abcd1234; auth_token=xyz987
  ```

### **Modify Payload for Additional Tests**

- Customize the payload for actions like keylogging or redirection.
- Test your environment’s ability to detect or mitigate these threats.

---

## 5. Cleanup and Post-Execution Tasks

### Stop the Local Server

Terminate the HTTP server using `Ctrl+C` in the terminal.

### Secure Malicious Assets

- Delete or securely store `malicious.pdf` to prevent accidental misuse.
- Safely archive any logs or campaign data.

### Reset Test Environment

- If using a virtual machine, revert to a clean snapshot.
- Ensure no malicious artifacts remain on the system.

---

## 6. Important Notes and Legal Disclaimer

### **For Authorized Use Only**

- This script and guide are intended for **educational purposes** and **authorized penetration testing** within controlled environments.
- Unauthorized use is illegal and may result in severe legal consequences.
- Always obtain explicit permission before conducting any exploit tests.

### **Securing Your Systems**

1. **Update PDF.js**:
   - Ensure the latest version of PDF.js is installed to patch CVE-2024-4367.

2. **Restrict JavaScript in PDFs**:
   - Disable JavaScript execution in PDF viewers whenever possible.

3. **Implement Endpoint Protection**:
   - Use robust endpoint detection and response tools.

4. **Educate Users**:
   - Train employees to recognize phishing attempts and avoid opening unverified PDFs.

---

By following this guide responsibly, you can effectively simulate real-world attack scenarios and bolster your cybersecurity defenses.

文件快照

 [4.0K]  /data/pocs/faa1fa7a3bb3942893588cdf16769c696e14a2cc
├── [8.3K]  cve_2024_4367_exploit_wizard.py
└── [5.0K]  README.md

0 directories, 2 files

备注