How to create a malicious PDF file

[Mutt]

This material is provided for educational purposes only and was created as part of the study of information security. The author did not publish material for malicious purposes. If someone uses the information for personal gain, then the author is not responsible for any harm or damage caused.

Today we will analyze one interesting attack that can be done by generating a malicious pdf file.
The lightweight tool Bad-Pdf will help us with this.

A malicious pdf file created with this utility is still not detected by many antiviruses.

GitHub Page-> https://github.com/deepzec/Bad-Pdf

Installation

# git clone https://github.com/deepzec/Bad-Pdf.git
# cd Bad-pdf/
# chmod +x badpdf.py
# python badpdf.py - run on kali Linux

Next, we indicate the IP of the attacking host (it can be local, if the attack is on the local network, it can be external, only then we will have to forward the ports on the router)
Then we indicate the name of the file that we get, I chose errorlog
And we indicate the network interface I chose wlan0
What I did seen in the screenshot below.

If anyone gets an error like:

/bin/sh: 1: -I: not found
/bin/sh: 1: -I: not found

then we indicate this path:

/ usr / sbin / responder

instead of

/ usr / bin / responder

Well, actually, that's all)