Link: Writing malicious maros using metasploit Carnal0wnage

Friday, November 14, 2008

Link: Writing malicious maros using metasploit

Good blog post over at securiteam on using the exe2vba portion of metasploit to embed malicious code into office documents. Fun!

http://blogs.securiteam.com/index.php/archives/1161

of course those attacks can be mitigated with proper group policy but most places "need their macros!" so enjoy the pwnings.

3 comments:

Anonymous said...: HDM published this new Metasploit "feature" few days ago on Pen-Test mailing list:

Click; November 15, 2008 at 4:47 PM
Nathan Keltner said...: Using VBA in Word/Excel to run commands: http://blog.invisibledenizen.org/2008/11/on-vba-in-excel-and-word-documents.html

To download files: http://blog.invisibledenizen.org/2008/11/vba-function-to-download-files.html

Running commands as system: http://blog.invisibledenizen.org/2008/11/running-commands-as-system-from-vba-in.html

Killing of antivirus: http://blog.invisibledenizen.org/2008/11/how-to-kill-antivirus-from-word-or.html

Modifying the windows firewall: http://blog.invisibledenizen.org/2008/11/modifying-windows-firewall-rules-from.html; November 16, 2008 at 10:58 PM
CG said...: thanks for the links; November 17, 2008 at 10:10 AM

Blog Archive

Blogs

Links

Friday, November 14, 2008

Link: Writing malicious maros using metasploit

3 comments:

Recent Posts

Popular Posts