PDF smuggling

Using HTML smuggling to create malicious PDFs

PDF documents can be weaponised by attackers in many different ways to perform malicious actions, such as delivering malware or harvest user credentials. PDF viewers implement various measures to prevent and mitigate risks associated with malicious PDFs including security warnings, sandboxing, patching vulnerabilities, restricting JavaScript, and white/blacklisting file types and folders.

In this post, we explore a technique to exploit Adobe Acrobat Reader default security settings to create a potentially malicious PDF file using HTML smuggling. The technique utilised in this blog saves a potentially malicious file when the PDF document is opened. This works with the default security options enabled. While the attack does require social engineering, the user interaction is minimal to download and execute the file.

The following Acrobat Reader (64-bit) version was used in testing for this post: 2023.003.20215.

Default security settings

Let’s have a quick look at some of the default security features implemented in Acrobat Reader.

Acrobat Reader utilises a blacklist of file extensions as a security measure to block potentially malicious files from being opened or saved from an attachment in a PDF. The blacklist includes executables, scripts and archive file extensions such as .exe, .lnk, .ps1, .vbs, .js, .bat, .zip and many more.

reg query "HKLM\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cDefaultLaunchAttachmentPerms"
Image: Registry query returning default file extensions in cDefaultLaunchAttachmentPerms.

Interestingly we note that the .html file extension is by default not included in the blacklist.

Another security feature is Enabled Protected Mode at startup. By default, Acrobat Reader runs in protected mode to provide an added layer of security. In protected mode, malicious PDF documents can’t launch arbitrary executable files or write to system directories or the Windows Registry.

Image: Default Security (Enhanced) settings.

In the example below, this feature blocks a direct attempt to launch a file from an archive type which is not blacklisted.

Image: calc.exe blocked

Process Monitor shows ACCESS DENIED when attempting to open calc.exe from the 7z archive file attached to the PDF document.

Image: Process Monitor of Acrobat.exe when attempting to open attachment.

A PDF using HTML smuggling to create the downloaded executable is unaffected by this security setting.

HTML smuggling

Adversaries may smuggle data and files past content filters by hiding malicious payloads inside of seemingly benign HTML files. HTML documents can store large binary objects known as JavaScript Blobs (immutable data that represents raw bytes) that can later be constructed into file-like objects. Data may also be stored in Data URLs, which enable embedding media type or MIME files inline of HTML documents. HTML5 also introduced a download attribute that may be used to initiate file downloads.” – MITRE ATT3CK

For an example, I have created a HTML smuggling file called calc.html using a Python script I wrote called html_smuggle.py.

Image: create HTML smuggling file

The Python script enables the creation of a smuggled HTML document by base64 encoding a specified file and replacing placeholders within a template file. The script takes a file as a parameter and encodes its content using base64.

Image: html_smuggle.py

It then reads a template HTML file, which contains placeholders for the base64 content and the name of the file. The placeholders are replaced with the corresponding values, and a new HTML file is generated with the modified content.

Image: smuggle_template.html

In the given template, the code snippet:

a.download = payloadfilename; a.click(); window.URL.revokeObjectURL(url);

is responsible for initiating the download of a file in the user’s browser.

Image: File created in Downloads folder automatically when HTML file opens

Analysing the malicious PDF

This section looks at performing simple analyse of the potentially malicious PDF using tools pdfid.py and pdf-parser.py from Didier Stevens.

To weaponise a PDF, a malicious actor can leverage attachments, JavaScript, and open actions. These combined can enable embedded malicious content to download with minimal user interaction. In this example the attachment will be the HTML smuggling document – calc.html. Using the tool pdfid.py we can see that these are all present in the PDF document.

Image: Analysing PDF with pdfid.py finds evidence of JavaScript, OpenAction and EmbeddedFile

Further analysing the potentially malicious PDF using the tool pdf-parser.py we can explore the embedded JavaScript and open actions.

Image: Analysing with tool pdf-parser.py

Now we have an understanding of the basic building blocks for the PDF, how do we go about creating it to test?

The next section will cover this by utilising the Python library – PyPDF2.

Creating the malicious PDF

The Python library PyPDF2 is used to create the PDF with the HTML smuggling attachment, JavaScript and OpenAction so that the potentially malicious file is created and downloaded on opening of the document. Certain parts of the script are heavily influenced by the tool EvilPDF.py which is included in the References section. The script developed and used to create the PDF in this blog is more specialised in its purpose of attaching a payload provided by the user of the tool.

Image: pdf-smuggler.py

The script pdf-smuggler.py requires 3 parameters, the inputPDF file which is the original PDF document to be weaponised, the file to be attached which is the HTML smuggling file, and the outputPDF which is the final PDF to deliver the payload. For the input PDF document, I used a PDF saved from a Word document I created.

Image: inputPDF pdf-smuggler.pdf

The final PDF was created by running the script pdf-smuggler.py.

Testing the final PDF

When opening the final PDF, the attached file automatically attempts to open but the user is first warned to only open the file if they are sure it is safe.

Image: Prompted to Open this file with warning

After clicking OK, the HTML file opens and the smuggled file automatically attempts to save to the Downloads folder.

Image: HTML smuggling of file

In this example, the file provided no additional warnings for Windows calc.exe however there will most likely be warnings that you should trust the file before opening it.

Image: Download Warning


Utilising a HTML smuggled payload as an attachment, JavaScript and an open action, a potentially malicious file can be saved when a PDF document is opened with Adobe Acrobat Reader. This works with the default security options enabled. While it still requires social engineering to be successful, it only requires minimal user interaction.

See Resources and References section for a link to the scripts used to create the final PDF document.

Resources and References