Bad-PDF To Steal NTLM Hashes From Windows Machines

May 1, 2018

Bad-PDF make pernicious PDF to steal NTLM Hashes from windows machines, it use defenselessness revealed by checkpoint group to make the malicious PDF record. Bad-Pdf peruses the NTLM hashes utilizing Responder listener.

This strategy deal with all PDF readers(Any version) and java scripts are not required for this attack.

Reference : https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/

Also Read EggShell – Remote Administration Tool For iOS/macOS

Dependency To Steal NTLM Hashes

Responder/Kali Linux

Usage: python badpdf.py

Run Bad-PDF in Kali linux:

Responder waiting for NTLM hash:

Run generated Bad-PDF file on a windows machine and get NTLM hash:

Author : Deepu

Bad-PDF To Steal NTLM Hashes From Windows Machines

Dependency To Steal NTLM Hashes

Run Bad-PDF in Kali linux:

Responder waiting for NTLM hash:

Run generated Bad-PDF file on a windows machine and get NTLM hash:

APPLICATIONS

Process Injection Techniques – For Advanced Adversary Emulation

GoScan : Interactive Network Scanner 2019

SocialFish : Educational Phishing Tool & Information Collector

Second-Order : Subdomain Takeover Scanner

HOT NEWS

FinalRecon : The Last Web Recon Tool You’ll Need

EVEN MORE NEWS

Bomber : Navigating Security Vulnerabilities In SBOMs

EmbedPayloadInPng : A Guide To Embedding And Extracting Encrypted Payloads In...

Exploit Street – Navigating The New Terrain Of Windows LPEs

POPULAR CATEGORY

Shennina : Automating Host Exploitation With AI

BaseQuery : A Way To Organize Public Combo-Lists And Leaks...

Wsh : Web Shell Generator And Command Line Interface