Sunday, January 4, 2009

MSF VBA payload Demo

Pretty good demo by Mark Baggett using the MSF Payload with VBA output and creating a malicious word document.

Its a shame everyone can do this now, its been ol'reliable for quite awhile :-(


Anonymous said...

Hi, I tried this method an dit works fine. But there still a problem. The macros are not enabled by default. Is there any way to bypass this by forcefully enabling macros when doc file is opened????

CG said...

probably not as macro behavior will be set by group policy for the whole domain and the default settings will be to prompt the user.

dont worry, plenty of people will go ahead and run that macro for you.

Anonymous said...

Ok. Anyway thanks for great post!!!


Anonymous said...


few days back vba created by msfpayload were working fine. But after an update when I paste the macros in office it displays "out of memory".

It was the same payload I used before. CAn you help me in this????