|
| 1 | +## Description |
| 2 | + |
| 3 | +This module generates a macro-enabled Microsoft Office Word document. |
| 4 | + |
| 5 | +The module injects the Base64-encoded payload in the comments field, which will get decoded |
| 6 | +back by the macro and executed as a Windows executable when the Office document is launched. |
| 7 | + |
| 8 | +Please note that the user most likely will need to manually allow/enable the macro to run |
| 9 | +in order to be compromised. |
| 10 | + |
| 11 | + |
| 12 | +## Vulnerable Application |
| 13 | + |
| 14 | +A Windows machine with Microsoft Office installed. The Office application must support the docm |
| 15 | +format. |
| 16 | + |
| 17 | +Specifically, this module was tested specifically against Microsoft Office 2013. |
| 18 | + |
| 19 | +## Verification Steps |
| 20 | + |
| 21 | +1. ```use exploit/windows/fileformat/office_word_macro``` |
| 22 | +2. ```set PAYLOAD [PAYLOAD NAME]``` |
| 23 | +3. Configure the rest of the settings accordingly (BODY, LHOST, LPORT, etc) |
| 24 | +4. ```exploit``` |
| 25 | +5. The module should generate the malicious docm. |
| 26 | + |
| 27 | +## Options |
| 28 | + |
| 29 | +**BODY** Text to put in the Office document. |
| 30 | + |
| 31 | +## Modification |
| 32 | + |
| 33 | +To use this exploit in a real environment, you will most likely need to modify the docm content. |
| 34 | +Here's one approach you can do: |
| 35 | + |
| 36 | +1. Use the module to generate the malicious docm |
| 37 | +2. Copy the malicious docm to a Windows machine, and edit it with Microsoft Office (such as 2013). |
| 38 | + When you open the document, the payload will probably do something on your machine. It's ok, |
| 39 | + since you generated it, it should not cause any problems for you. |
| 40 | +3. Save the doc, and test again to make sure the payload still works. |
| 41 | + |
| 42 | +While editing, you should avoid modifying the following unless you are an advanced user: |
| 43 | + |
| 44 | +* The comments field. |
| 45 | +* The VB code in the macro. |
0 commit comments