office document analysis and exploitation

Any file with extension .docm, .xlsm etc is a macro embedded file

zeltser.com/analyzing-malicious-documents/

.xlsm

Using oletools, we can extract macro.

python3 -m pip3 install oletools
olevba FILE.xlsm

.doc

Using Nishang Out-Word.ps1

REQUIREMENT:

Needs payload
Needs a Windows system to generate .doc
/samratashok/nishang/Out-Word.ps1
NOTE: Need local MS Word installation. Need to disable Defender.

PS> . .\Out-Word.ps1
PS> Out-HTA -Payload "PS_ENCODED_PAYLOAD" -Outputfile FILLE.doc
# file will be saved in Documents

Microsoft Exchange Email

dafthack/MailSniper

MFA check

dafthack/MFASweep

office365

blacklanternsecurity/TREVORspray

OWA office webApp

search on metasploit

Previousnmap Nextopenvpn

Last updated 3 years ago