🖥️
Offensive security concepts
  • Introduction
  • 💿Virtualbox network setup
    • What is VirtualBox?
    • NAT
    • NAT network
    • Bridged adapter
    • Internal network
    • pfSense
    • vboxmanage
    • Overview
  • 🕵️OSINT
    • What is OSINT?
    • Google dorks
    • Metadata
    • Social media
      • osintagram
  • Tools
    • waybackurls
    • recon-ng
    • sherlock
    • maltego
    • theHarvester
    • photon
  • 😨Social Engineering
    • What is social engineering?
    • 7 tricks of social engineering
    • Email phishing
    • Typosquatting
    • Compiled resources
  • 😈MitM attack
    • What is MitM attack?
    • ARP spoof/poison
    • DNS spoof/poison
    • HTTP MitM attack
    • ICMP redirect attack
    • DHCP spoofing
    • Evil twin attack
    • Experiment (guest network)
    • Compiled resources
  • 🔌UPnP exploitation
    • What is UPnP?
    • What is SSDP?
    • IGD functions
    • LAN devices
    • Compiled resources
  • Network Reconnaissance & Attacks
    • What is network hacking?
  • 1️⃣Network live host discovery
    • What is network live host discovery?
    • nmap
    • arp-scan
    • masscan
  • 2️⃣Network port scan/services enumeration
    • What is network port scan/services enumeration?
    • nmap
    • netcat
  • 3️⃣Network services vulnerability scanning & exploitation
    • What is network vulnerability scanning/exploitation?
    • 20/21 ~ FTP
    • 22 ~ SSH
    • 25 ~ SMTP
    • 53 ~ DNS
    • 80/443 ~ HTTP/HTTPS
    • 110 ~ POP3
    • 111/2049 ~ RPC/NFS
    • 139/445 ~ SMB
    • 143 ~ IMAP
    • 3389 ~ RDP
  • Vulnerability & exploitation
    • Database
    • Metasploit
    • Msfvenom
  • Misconfigurations
    • .DS_Store
  • Web Application Penetration Testing
    • Introduction
    • Directories/URLs gathering
    • Subdomain enumeration
    • File inclusion & Path traversal
    • Insecure Direct Object Reference (IDOR)
    • Upload vulnerabilities
      • File extension cheat-sheet
    • SSRF
    • CSRF
    • XSS
    • SQL injection
  • Authentication/session management
    • OWASP WSTG-SESS-10 ~ JSON Web Token (JWT)
    • OWASP WSTG-ATHZ-05 ~ OAuth weaknesses
  • Webshell
  • Web API pentesting
    • Resources
    • Methodology
    • jq
    • httpx
    • ParamSpider
  • Web app pentesting methodology
  • OWASP
    • OWASP top 10
    • OWASP API top 10
    • Web Security Testing Guide (WSTG)
      • WSTG-ATHZ
        • WSTG-ATHZ-05 ~ OAuth weaknesses
      • WSTG-SESS
        • WSTG-SESS-10 ~ JWT
  • General web knowledge
    • URI standard (RFC 3986)
    • HTTP headers
  • 🛣️Attacks on routing protocols
    • What are attacks on routing protocols?
    • BGP hijacking
  • 🏕️To explore
    • MQTT
    • Routersploit
    • DNS rebinding attack
    • LLMNR/mDNS poisoning
  • 👤Anonymity
    • VPN
    • Proxychains
    • TOR
    • Obfuscation
  • Credentials brute-force/cracking
    • Introduction
    • Windows SAM database
    • Dictionary attack
    • Rainbow attack
      • Hash database
    • Tools
      • Hydra
      • John the ripper
      • Hashcat
      • hash-identifier
  • Post-exploitation
    • Gaining shell
      • netcat
      • socat
      • powershell
      • bash
      • PHP
    • Repository
  • Privilege escalation
    • Linux
      • Repositories
      • Enumeration
      • Vulnerabilities exploit
        • General
        • Kernel exploit
        • Sudo
        • SUID
        • Capabilities
        • Cronjobs
        • $PATH
        • NFS (target-machine)
        • Filesystem sharing
          • NFS (attacker-machine)
    • Windows
      • Password harvesting
      • Vulnerabilities exploit
        • Scheduled tasks
        • AlwaysInstallElevated
        • Service misconfigurations
          • Insecure permissions on service executable
          • Unquoted service path
          • Insecure service permission
        • Abusing privileges
  • Ⓜ️MITRE ATT&CK
    • Introduction
  • 🧰Tools/services
    • Introduction
    • Web hacking
      • Web fuzzing
      • Password brute-forcing
      • Burp Suite (Community)
      • nikto
      • ZAP (Zed Attack Proxy)
      • nuclei
    • Information gathering/reconnaissance
    • Network hacking
      • nmap (general overview)
      • scapy
      • bettercap
    • General
      • impacket
    • Wordlists
      • cewl
  • Professional report writing
    • Report template
      • Web applicaton pentesting
        • OWASP report layout
  • Tasks on-the-go
    • Note taking on-the-go
    • Other tips
  • Practice
    • Metasploitable 2
    • TryHackMe
  • Operational Security (OpSec)
    • Hardening
      • General
      • Oracle VirtualBox
      • Web Browser
      • VPN/Proxy
  • Safe document viewer
    • PDF
    • .docx
  • Write-ups
    • TryHackMe
      • Silver Platter
      • Light
      • Pickle Rick
      • Hammer
        • Enumeration (active recon)
          • /hmr
          • Further directory discovery
          • /phpmyadmin
          • burp suite sitemap
        • Brute forcing 4-digit code
        • Retrieving the flag
      • OWASP Top 10 - 2021 (task 22)
    • OverTheWire
      • Untitled
    • OWASP
      • OWASP Juice Shop
      • OWASP WebGoat
  • AI prompt
    • ChatGPT
Powered by GitBook
On this page
  1. Safe document viewer

PDF

PreviousSafe document viewerNext.docx

Last updated 2 days ago

To safely view a PDF document, while preventing damage from exploitation of vulnerabilities or malware infection, we can use firejail.

Firejail is a lightweight secuirty tool intended to protectd a Linux system by setting up a restricted environment for running (potentially untrusted) applications.

For the PDF document viewer, mudpdf will be a great option, due to it being lightweight and open-sourced.

firejail can be used to create a sandboxed environment for secure viewing of the PDF using mupdf :

$ firejail --net=none --caps.drop=all --nogroups --noroot --private=[pdf_dir] mupdf [pdf_to_view].pdf

# eg.
$ firejail --net=none --caps.drop=all --nogroups --noroot  --private=/home/user/sandbox mupdf view.pdf

Flags

  • --net=none: Disables all network acccess, expect for a new loopback interface (lo).

  • --caps.drop=all: Drop all capabilities for the processes running in the sandbox.

  • --nogroups : Disable supplementary groups.

  • --noroot: Install a user namespace with a single user - the current user. The root user does not exist in the new namespace.

  • --private=directory: Use directory as user home. This should be the directory where the .pdf file is present.

Reusable Bash function (~/.bashrc)

We can create a Bash function in ~/.bashrc that can be used as a simple command:

# .bashrc
safeviewpdf() {
   local pdf_path="$1"
   
    if [ -z "$pdf_path" ]; then
       echo "Usage: safepdf /absolute_path/to/file.pdf";
    
    elif [ ! -f "$pdf_path" ]; then
       echo "File not found" $pdf_path". Please provide the absolute path.";
    
    else
       firejail --net=none --private="$(dirname "$pdf_path")" --caps.drop=all --nogroups --noroot mupdf "$(basename "$pdf_path")";
       
}

To load changes in ~/.bashrc:

Run this command after each update to the function in ~/.bashrc

$ source ~/.bashrc

To call the function:

$ safeviewpdf /absolute_path/to/file.pdf
GitHub - netblue30/firejail: Linux namespaces and seccomp-bpf sandboxGitHub
GitHub - ArtifexSoftware/mupdf: mupdf mirrorGitHub
firejail(1) - Linux manual page
Logo
Logo