Macros
To start let's use the information we have gathered from our current target. So, what do we have:
OS: Windows 10 Enterprise 19043 (Windows 10 Enterprise 6.3)
Computer name: DESKTOP-ECHO
Domain name: DOMINIONCYBER.local
Also, we know that we can deliver different types of payloads to the target from the information we have gathered in our passive recon it seems that they work with PDF and DOCX Files, the SMB port is open as well as some known SMB exploits exist that can help us gain access.
The Word metadata tells us they work with a pretty old version of Office, we can probably attach an exploit to a Doc and gain access
The approach will take in weaponizing this payload will be a DOCM Document with Macro-Enabled.
I will use a personal favorite tool to create a macro-enabled payload called MacroPack will grab our VBA payload this one is built with CS
While creating this payload I used common options and an obfuscation parameter built-in macro pack this method of weaponization is one of many I just decided to go with this approach but will leave examples of plenty of others. And with this, we have weaponized a working Macro-Enabled Document Payload
Last modified 9mo ago