2. 2
Microsoft Office Injection
Microsoft Office
Microsoft Office is the most popular software on windows machines, it can be found
almost on every personal computer, and every organization is using it.
The Office software got a feature to run OS commands, this feature can be used by the
attacker to run a malicious code on the victim machine using office documents for
example word and excel.
Office is using a VBScript language code for running the OS commands.
VBScript ("Microsoft Visual Basic Scripting Edition") is an Active Scripting language
developed by Microsoft that is modeled on Visual Basic. It allows Microsoft
Windows system administrators to generate powerful tools for managing computer.
VBScript is builtin on all windows systems.
3. Formula Injection
Formula Injection
Formula injection known also as CSV
injection , it’s a feature that let the
attacker to execute a code when the
excel file is opened.
For Example:
Inject to the formula with the following
command.
=cmd|' /C calc'!A:AA0
This command will run the command
calc at the cmd.
3
4. AUTO DDE
AUTO DDE
Auto DDE is a legitimate feature give us
command execution on MS Office.
The Anti-virus doesn’t detect the malicious
code is stored on DDE.
For Example:
Inject to the DDEAUTO with the following
command.
Pressing Ctrl + F9
Write the following command:
{ DDEAUTO c:windowssystem32cmd.exe
"/k calc.exe“ }
This command will run the command calc at
the cmd.
4
5. Macro
Macro
Macro is a programming language (VB) which
embedded inside a software application such
as Word, Excel and etc.
Macro is a legitimate feature give us the
ability to program repeated tasks and save us
some work.
The Anti-virus doesn’t detect the malicious
code is stored on Macro
For Example: (VBA Script)
Pressing Alt + F11
Write the following command:
Sub OpenCMD()
Shell "CMD /K
C:windowssystem32calc.exe",
vbNormalFocus
End Sub
This command will run the command calc at
the cmd.
Save the file as doc extension.
5