Michael Haag
8ba1dc8a19
Private Keys - Find them DDE - Reference: https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/ Data Staged
20 lines
505 B
Markdown
20 lines
505 B
Markdown
# Dynamic Data Exchange
|
|
|
|
MITRE ATT&CK Technique: [T1173](https://attack.mitre.org/wiki/Technique/T1173)
|
|
|
|
|
|
### Microsoft Word
|
|
|
|
Open,
|
|
|
|
Insert tab -> Quick Parts -> Field
|
|
|
|
Choose = (Formula) and click ok.
|
|
|
|
After that, you should see a Field inserted in the document with an error “!Unexpected End of Formula”, right-click the Field, and choose Toggle Field Codes.
|
|
|
|
The Field Code should now be displayed, change it to Contain the following:
|
|
|
|
|
|
{DDEAUTO c:\\windows\\system32\\cmd.exe "/k calc.exe" }
|