πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes 2.0
Search…
πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes 2.0
Introduction
Red Team
Red Team Techniques
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Active Directory
Active Directory
Active Directory Attacks
Red Team Infrastructure
RED TEAM INFRASTRUCTURE
Domain Name and Categorization
Reconnaissance
Weaponization
Macros
HTA
ZIP
ISO
Delivery
Situational Awareness
Credential Dumping
Persistence
Defense Evasion
Privilege Escalation
Lateral Movement
Powered By GitBook
Macros
To start let's use the information we have gathered from our current target. So, what do we have:
OS: Windows 10 Enterprise 19043 (Windows 10 Enterprise 6.3)
Computer name: DESKTOP-ECHO
Domain name: DOMINIONCYBER.local
Also, we know that we can deliver different types of payloads to the target from the information we have gathered in our passive recon it seems that they work with PDF and DOCX Files, the SMB port is open as well as some known SMB exploits exist that can help us gain access.
The Word metadata tells us they work with a pretty old version of Office, we can probably attach an exploit to a Doc and gain access
The approach will take in weaponizing this payload will be a DOCM Document with Macro-Enabled.
I will use a personal favorite tool to create a macro-enabled payload called MacroPack will grab our VBA payload this one is built with CS
While creating this payload I used common options and an obfuscation parameter built-in macro pack this method of weaponization is one of many I just decided to go with this approach but will leave examples of plenty of others. And with this, we have weaponized a working Macro-Enabled Document Payload
Red Team Infrastructure - Previous
Weaponization
Next
HTA
Last modified 5mo ago
Copy link