Web Hacking Expert - Full-Stack Exploitation Mastery - Token Hijacking through PDF – Part 2

Installing a new software

Sending an email to the victim

Uploading a malicious PDF file

Connecting to a live environment

John

Sarah

David

Michael

Task Manager

Command Prompt

Developer Tools

File Explorer

To install malware

To redirect the user to a phishing site

To steal the anti-CSRF token

To delete user data

Xform Calc

Python

JavaScript

VBScript

It is used to bypass firewalls

It is used to log user activity

It is used to encrypt the PDF file

It is used to authenticate the user

Changes the domain settings

Disables the browser

Adds the host to privileged locations

Deletes the PDF file

Because Acrobat Reader is not installed

Because Acrobat Reader supports Xform Calc scripting

Because Internet Explorer is more secure

Because Internet Explorer has a built-in PDF reader

Chrome requires additional permissions

Chrome blocks all PDF files

Chrome uses its own PDF plugin

Chrome does not support JavaScript

User's lack of awareness

Advanced encryption techniques

Use of a powerful server

Complex network configurations