Home 0P3N Blog Launch a Client-Side Attack Using Excel Files
Ready to Start Your Career?
Create Free Account
Chilico s profile image
By: Chilico
June 23, 2016

Launch a Client-Side Attack Using Excel Files

By: Chilico
June 23, 2016
Chilico s profile image
By: Chilico
June 23, 2016
Launch a Client-Side Attack Using Excel Files - CybraryHello Cybrarians, once again,In this article, we'll discuss client-side attacks with Excel files.Client-side attacks are always a fun topic for attackers today. As network administrators and software developers fortify the perimeter, pentesters need to find a way to make the victims open the doors for them to enter the network.Client-side attacks require user interaction, such as enticing victims to click a link, open a document or somehow get to your malicious website.This attack is based on real life scenario.
Companies are trading and sharing documents every day, but I don't believe they're aware of the threats associated with their actions or they just don't take it seriously. What can I say :P Tools we'll use:1) Veil-evasion2) Macroshop3) Metasploit, Armitage or Cobaltstrike. Let's stick with Armitage just for the visual effects - they're nice, huh :PAll tools can be found by searching on Google. Methodology of the attack:We'll create a Excel file where macros will be enabled. What are macros? Macros are "mini-programs" that you create within an Excel worksheet. They're just a series of commands given in a certain order that Excel remembers. For more details, please search Google.In our macro command, we'll add a shellcode generated from veil-evasion. Before we add it to our Excel file, we "process it" with macroshop. You'll see what I mean later on.NOTE: We may have to use our social engineering skills to convince the victim to enable the macros (by default, they're are disabled). Otherwise, our attack won't work. The practical part:Run veil-evasion and create a powershell/meterpreter/reverse_https payloadMove that payload to Desktop for easy access.image 1         image 2 Now, let's use macroshop for the final result of our shellcode and add it to a .txt file for easy access later on.image 3 The next steps:We're done with the shellcode generation. Now, we need to add it to our Excel file. Let's move to our Windows machine - but first, we have to adjust a few settings on our Excel sheet.Choose the file --> setting --> customize ribbon --> and tick the developer tab on the leftimage 4 Afterwards, we'll see a new menu tab on our sheet named Developer. We need to go there. Then, go to  Virtual Basic on the left. Next, to ThisWorkgroup, where we'll paste the content of the cybraryIT.txt we created previously. After that, save the file as an Excel macro-enabled workbook.image 5image 6image 7image 8 Now. we're done with Excel. Let's go back to our pentesting machine, run Armitage and load multi/handler to catch any connections.image 9 See the notification on the victim's machine about disabled macros.image 10 After the activation of macros, we're able to get a meterpreter shell and own the machine. That's it.image 11 Hope you liked it. If you have any questions or comments, please use the form below.
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry