PDA

View Full Version : infected_word.doc_by_metasploit



zimmaro
06-25-2011, 10:49 PM
hello guys
my new (horrible) video comes from reading a wonderful, interesting, amazing BLOG.I just changed ONLY the "Scenario" (even more because my head would not be able to do anything else!) all the credit goes to him! many thanks for your jobs.Many, many thanks to a "BIG" g0tm1lk
ps (sorry for the quality but my old PC+old nvidia is dying ...)...my career as a "video director" is ending so maybe it's better !!! :):):)muahahahaha!
if you want to watch:
http://vimeo.com/25605168

svalluke
06-28-2011, 09:28 PM
interested...:rolleyes:

trisogono
06-30-2011, 02:42 PM
hey zimmaro!!
but, you can use openoffice? or only microsoft word??

zimmaro
07-01-2011, 06:05 AM
good point!
I used Word 2003 (lowering the macro security) I also tried with word 2007 and it seems to work! I repeat, I just followed the tutorial g0tm1lk! I have not done tests with OpenOffice! bye

trisogono
07-01-2011, 10:17 AM
thanks! I try this method....:)

BoogY
07-01-2011, 11:46 AM
But this is easy to do if you deactivate the antivirus ?

Do you have a way to make it passe antivirus detection ?

zimmaro
07-02-2011, 06:39 AM
hi, Boogy
in "video tutorials" the victim's machine had the AV disabled! but in the various tests of ""make-various-encoding"" to made ​​about 1 month ago, some free &"light"AV were bypassed during SCAN file is being OPEN files.! The right way (and I think possibly & temporary) to bypass AV I do NOT know, I try to run tests!:))
thanks to reply bye!:) (sorry for english-grammar-error:) :))

inj3ct0r
07-02-2011, 11:48 PM
reading a wonderful, interesting, amazing BLOG.
can you linked the blog here plz i want to read it
thx

zimmaro
07-03-2011, 02:09 PM
hi,inj3ct0r!
Internet is for everyone !!!!!
g0tmi1k (http://g0tmi1k.blogspot.com/)
bye :)

matrix75
07-06-2011, 07:24 PM
Hi zimmaro

How do you install word on Backtrack5?

zimmaro
07-07-2011, 04:53 PM
hi matrix75
There are many guides on internet of installing products "only for windows" on ubuntu-lucid using WINE !!!
Go to backtrack-Applications -> Wine -> Configure Wine, and make sure the Applications tab, under Windows version at the bottom there is "Windows XP".
Now, go and get an installer or a CD of MS Office. Enter it and click on the setup file, starting it with Wine with a doubleclick or by clicking the right mouse button choosing Open with WINE
Now follow the instructions to install MS Office without problems. Warning: If you arrived in the middle of the installation progress bar will appear to hang, without advancing. Do not worry, wait a few minutes and you will receive the message "Installation Complete".
Now you must go to Applications -> Wine -> Configure Wine, and go to the tab "Libraries". From the "New override for library", choose the library riched20 and click Add. Select the newly imported library and clicking Edit checked the "Native (Windows)".
This procedure will allow PowerPoint,word,exel and other tools to be launched properly.

Well, start Word, Excel or whatever you want via backtrack-Applications -> Wine -> Programs -> Microsoft Office.
to open a file "microsoft office" you can also use the right click> open with wine!
I translated what I used (google translator) excuse any syntax errors and I hope to check out was of help!bye :) :)

Bouchi
09-24-2011, 09:23 PM
I have done Exactly the same thing but I got error when Running the VBA !! Any Idea ?

zimmaro
09-26-2011, 01:19 PM
hi,
what is the "type"of error???

Shadowdots
02-04-2013, 02:56 PM
hi,
what is the "type"of error???


I have the same issue i created a vbscript copied the first part into the macro section in office 2007.
Second part in the document itself . Saved it as a 2003 document.

When i open it in officer 2007 on my test machine or my own machine then it says type mismatch error. ?

zimmaro
02-05-2013, 10:56 AM
I have the same issue i created a vbscript copied the first part into the macro section in office 2007.
Second part in the document itself . Saved it as a 2003 document.

When i open it in officer 2007 on my test machine or my own machine then it says type mismatch error. ?

hi Shadowdots
honestly, I had gone from my memory that video! :)
however I put BT5 (kernel 2.6.38) (VM), I rerun the procedure of the video,
I put DOWN AV! and everything worked!

http://imageshack.us/f/543/catturarb.png/

NB: I used BT5 kernel 2.6.38 Because in MY bt5-r3(kernel 3.2.6) the preparation of the "" "payload-vba> .txt" "creates some problems for me (i think) just tied to the kernel