当前位置:网站首页>Office doc add in - Online CS
Office doc add in - Online CS
2022-07-06 06:36:00 【zxl2605】
principle
The remote malicious template with macros will be loaded directly for use .
- shortcoming
The network speed of the target host determines the speed of loading the remote template . It is possible that the file will be opened very slowly ( For example, put the remote template in github), The victim may force the file to close halfway through the opening word. - advantage
Because it is loaded remotely , So the killing free effect is very good . Basically will not be blocked by anti-virus software .
Realization
First step : Make a malicious template and ensure that it can go online
Here we use cs The macro Trojan horse For example .
Get malicious VB Open after code word, Right click in an empty area of the toolbar , Click Customize Ribbon
Check the development tool option .
At this point, the development tools column will appear
Click here Visual basic, Copy malicious code to project The designated location of is shown in the figure below
Then close the code box , Put this word Save the file as a dotm Template file
At this time, you can test whether the template can be launched , Right click the template file , Double clicking cannot open the template file , Double click on the template file to create a new file with this template by default , Bear in mind .
Click enable content to go online .
Testing is completed .
The second step : Making malicious macro templates for remote loading docx file
1. Upload malicious files to the server
First, upload the template file containing malicious code that has just been made to the server , Here the github To do this experiment , Click the malicious file uploaded in the figure below .
You will enter the following page
Copy this page's url
And in url Followed by ?raw=true, The final results are as follows , Save this line and you'll use it later .https://github.com/shanfenglan/test/blob/master/Doc1.dotm?raw=true
2. Load malicious files on the server
open word Double click any template to use , Then save everything in any path without changing .
Rename the file , Change it to zip ending .
Unzip it
Get into word In folder _rels, find settings.xml.rels file
Edit this file , Put its target Change the value of the attribute to the one above url, That is to say
https://github.com/shanfenglan/test/blob/master/Doc1.dotm?raw=true, Then save to exit .
Next, compress the file just extracted and generated , And change the name to suffix docx The file of .
result
Direct double click 1.docx file
It will look like this after opening. We don't care about him , Just click OK , Then click enable content .
Found that the Trojan is online
Then throw this file to vitrual total Check and kill the virus , It was found that only the anti-virus software of two companies thought it was a virus
So the experiment is over .
summary
as everyone knows ,docx File cannot execute macro code , So send docx It's easy for the other party to relax their vigilance when filing , So as to improve the success rate of attack .
边栏推荐
- LeetCode 1200. Minimum absolute difference
- LeetCode 732. My schedule III
- A 27-year-old without a diploma, wants to work hard on self-study programming, and has the opportunity to become a programmer?
- An article was uncovered to test the truth of outsourcing companies
- Full link voltage measurement: building three models
- mysql的基础命令
- Lecture 8: 1602 LCD (Guo Tianxiang)
- Today's summer solstice
- Difference between backtracking and recursion
- Apple has open source, but what about it?
猜你喜欢
Transfert des paramètres de la barre d'adresse de la page de liste basée sur jeecg - boot
LeetCode 731. My schedule II
Mise en œuvre d’une fonction complexe d’ajout, de suppression et de modification basée sur jeecg - boot
It is necessary to understand these characteristics in translating subtitles of film and television dramas
SQL Server manager studio(SSMS)安装教程
Changes in the number of words in English papers translated into Chinese
Basic knowledge of MySQL
女生学软件测试难不难 入门门槛低,学起来还是比较简单的
How to translate biomedical instructions in English
LeetCode 732. My schedule III
随机推荐
私人云盘部署
论文翻译英译中,怎样做翻译效果好?
查询字段个数
【MQTT从入门到提高系列 | 01】从0到1快速搭建MQTT测试环境
Day 248/300 关于毕业生如何找工作的思考
University of Manchester | dda3c: collaborative distributed deep reinforcement learning in swarm agent systems
How much is it to translate Chinese into English for one minute?
基于JEECG-BOOT制作“左树右表”交互页面
The pit encountered by keil over the years
Py06 dictionary mapping dictionary nested key does not exist test key sorting
今日夏至 Today‘s summer solstice
LeetCode 732. My schedule III
The ECU of 21 Audi q5l 45tfsi brushes is upgraded to master special adjustment, and the horsepower is safely and stably increased to 305 horsepower
Simulation volume leetcode [general] 1249 Remove invalid parentheses
P5706 [deep foundation 2. Example 8] redistributing fat house water -- February 13, 2022
Delete the variables added to watch1 in keil MDK
Making interactive page of "left tree and right table" based on jeecg-boot
论文摘要翻译,多语言纯人工翻译
SourceInsight Chinese garbled
中英对照:You can do this. Best of luck祝你好运