[vc_row type=”in_container” full_screen_row_position=”middle” scene_position=”center” text_color=”dark” text_align=”left” overlay_strength=”0.3″][vc_column column_padding=”no-extra-padding” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ width=”2/3″ tablet_text_alignment=”default” phone_text_alignment=”default”]
Attacking Microsoft Office & OpenOffice with Metasploit Macro Exploits
You must know how it happen if you really are looking to protect yourself. Practical people can think that they don’t need to know how the engine works, they just need to know to drive the car and that’s enough (talking in a metaphoric way) but sometime is good to know what’s behind an attack.
So the goal of this is to make you understand what a hacker do to attack you.
“It is fair to say that Microsoft Office and OpenOffice are some of the most popular applications in the world. We use them for writing papers, making slides for presentations, analyzing sales or financial data, and more. This software is so important to businesses that, even in developing countries, workers that are proficient in an Office suite can make a decent living based on this skill alone.
Unfortunately, high popularity for software also means more high-value targets in the eyes of an attacker, and malware-infested Office macros are like an irritating rash that doesn’t go away for IT professionals.
A macro is a feature that allows users to create automated processes inside of a document used by software like Microsoft Word, Excel, or PowerPoint. This is used to enhance user experience, increase productivity, or automate otherwise manual tasks. But, in other words, it executes code. What kind of code? Well, pretty much whatever you want, even a Meterpreter session!
Macro attacks are nothing new or unusual. A typical attack usually involves embedding malicious macro code in an Office document, sending it to the victim, and asking him or her very nicely to enable that code. The saddest part isn’t how lame the attack is, since you are basically begging the victim to run your malware. It’s that people have been falling for this trick for decades!” –Rapid7 Community
This Microsoft Office macro exploit is specifically written for the Word document format. It has been tested against these environments:
Microsoft Office 2010 for Windows
- Microsoft Office 2013 or 2016
- Microsoft Office Word for Mac OS X 2011 (If you have a Mac I recommend you to use Pages, Keynote and Number apps).
The following demonstrates how to create a macro exploit for Microsoft Office for OS X, setting up a handler, as well as obtaining a session:
In the example up there, the hacker use Metasploit (you can do it in Kali Linux OS > Terminal > msfupdate > msfconsole) but there are many others tools that can create an exploit in a simple way.
On the nexts posts you will find out how to use Kali and you will understand what the hackers do, with that you will understand what how to protect your information and gadgets.
Post extracted from rapid7.com/community/metasploit…
learn, learning, the best security practice, ethical hacking, IT, Admin, Administrator, Server, User, Kali Linux, Phone, Download, Blog, WordPress, Free, Lab, Pentest, Pentester