> For the complete documentation index, see [llms.txt](https://dmcxblue.gitbook.io/red-team-notes-2-0/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-infrastructure/weaponization/macros.md). # Macros To start let's use the information we have gathered from our current target. So, what do we have: OS: Windows 10 Enterprise 19043 (Windows 10 Enterprise 6.3) Computer name: DESKTOP-ECHO Domain name: DOMINIONCYBER.local Also, we know that we can deliver different types of payloads to the target from the information we have gathered in our passive recon it seems that they work with PDF and DOCX Files, the SMB port is open as well as some known SMB exploits exist that can help us gain access. The Word metadata tells us they work with a pretty old version of Office, we can probably attach an exploit to a Doc and gain access ![](/files/SXDsarMgTLaY6DiM1TEL) The approach will take in weaponizing this payload will be a DOCM Document with Macro-Enabled. I will use a personal favorite tool to create a macro-enabled payload called MacroPack will grab our VBA payload this one is built with CS ![](/files/yE88VBFFCOeilxPSEhbz) While creating this payload I used common options and an obfuscation parameter built-in macro pack this method of weaponization is one of many I just decided to go with this approach but will leave examples of plenty of others. And with this, we have weaponized a working Macro-Enabled Document Payload ![](/files/91LvQEsK4Crl2kW7Wg60) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-infrastructure/weaponization/macros.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.