Sunday, January 4, 2009

MSF VBA payload Demo

Pretty good demo by Mark Baggett using the MSF Payload with VBA output and creating a malicious word document.

http://markremark.blogspot.com/2009/01/metasploit-visual-basic-payloads-in.html

Its a shame everyone can do this now, its been ol'reliable for quite awhile :-(
at

4 comments:

  1. AnonymousJanuary 6, 2009 at 2:14 AM

    Hi, I tried this method an dit works fine. But there still a problem. The macros are not enabled by default. Is there any way to bypass this by forcefully enabling macros when doc file is opened????

    ReplyDelete
  2. CGJanuary 6, 2009 at 6:38 AM

    probably not as macro behavior will be set by group policy for the whole domain and the default settings will be to prompt the user.

    dont worry, plenty of people will go ahead and run that macro for you.

    ReplyDelete
  3. AnonymousJanuary 6, 2009 at 6:54 AM

    Ok. Anyway thanks for great post!!!

    Regards
    Abhi

    ReplyDelete
  4. AnonymousJanuary 16, 2009 at 1:34 PM

    HI,

    few days back vba created by msfpayload were working fine. But after an update when I paste the macros in office it displays "out of memory".

    It was the same payload I used before. CAn you help me in this????

    ReplyDelete