office document analysis and exploitation
Any file with extension .docm, .xlsm etc is a macro embedded file
.xlsm
Using oletools, we can extract macro.
python3 -m pip3 install oletools
olevba FILE.xlsm.doc
Using Nishang Out-Word.ps1
REQUIREMENT:
Needs payload
Needs a Windows system to generate .doc
NOTE: Need local MS Word installation. Need to disable Defender.
PS> . .\Out-Word.ps1
PS> Out-HTA -Payload "PS_ENCODED_PAYLOAD" -Outputfile FILLE.doc
# file will be saved in DocumentsMicrosoft Exchange Email
MFA check
office365
OWA office webApp
search on metasploit
Last updated
Was this helpful?