New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Office DDE RTF Generation & Injection #9282
Conversation
Generate / Inject existing RTF files with DDE Payloads!
Updated, fixed it up with default Options.
|
annd injecting...
|
I'll attempt to include docx injection, no guarantees though that I'm able to do it. |
@realoriginal The template injection is nice to have, but not required. When the Office macro exploit was first published, it didn't support template injection, either :-) |
Haha :D Yeah, I'm trying to get it, by basing it off that one you made, having some issues unfortunately, I guess wrapping my head around the parsing with Nokogiri + zipping those files back together hilariously. |
Works as advertised:
|
Release NotesThis module generates a Microsoft Office RTF document with a malicious DDE payload. |
In light of learning about RTF's, thought I'd revisit this PR #9120 and retry it. and YES! it worked haha
Module abuses a feature in MS Field Equations that allow an user to execute an arbitrary application.
Verification
List the steps needed to make sure this thing works
use exploit/windows/fileformat/office_dde_delivery
set PAYLOAD [PAYLOAD]
run