
Ready to Start Your Career?

By: Chilico
June 23, 2016
Launch a Client-Side Attack Using Excel Files
By: Chilico
June 23, 2016

By: Chilico
June 23, 2016

Companies are trading and sharing documents every day, but I don't believe they're aware of the threats associated with their actions or they just don't take it seriously. What can I say :P Tools we'll use:1) Veil-evasion2) Macroshop3) Metasploit, Armitage or Cobaltstrike. Let's stick with Armitage just for the visual effects - they're nice, huh :PAll tools can be found by searching on Google. Methodology of the attack:We'll create a Excel file where macros will be enabled. What are macros? Macros are "mini-programs" that you create within an Excel worksheet. They're just a series of commands given in a certain order that Excel remembers. For more details, please search Google.In our macro command, we'll add a shellcode generated from veil-evasion. Before we add it to our Excel file, we "process it" with macroshop. You'll see what I mean later on.NOTE: We may have to use our social engineering skills to convince the victim to enable the macros (by default, they're are disabled). Otherwise, our attack won't work. The practical part:Run veil-evasion and create a powershell/meterpreter/reverse_https payloadMove that payload to Desktop for easy access.











Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry