Microsoft Office Exploit 2003, 2007, 2010, 2013 – Embed EXE in DOC or XLS

So, have you gone to school and studied up on all of your classes? Do you ever send or receive Microsoft Office documents in your daily life? I be sometimes you get so many different things in your email, there is a chance that you might open one that looks like it is coming from work or school… And THAT is when they are gonna get ya! Here, we have a simple step-by-step walk-through on how a hacker can take a malicious program, convert it to VB code, then put that VB code into a Microsoft Office Document and send it to be executed by the end user. Beware…


Step 1:

Download and install MetaSploit.

Step 2:

Open metasploit Console from start menu.


Step 3:

Open a system console within metasploit console.


Step 4:

place your infected exe in c:\metasploit\apps\pro\msf3\tools

Step 5:

Go to c:\metasploit\apps\pro\msf3\tools within system console, which you opened in Step 3.

and write this command.

exe2vba.rb infected.exe evil.vba

*change infected.exe‘s name to your exe filename.


Step 6:

check in c:\metasploit\apps\pro\msf3\tools, Your malicious vba file will be there with the name of evil.vba


Step 7:

Open Microsoft Word (Any Version).


And go to macros. Create a macro and put first portion of the vba file (Open the vba in notepad to view the code).


Now save it as Word97-2003Doc.


Step 8:

Close the Macro Panel (Visual basic editor), and past the remaining shellcode (Copied from the evil.vba file) into the document itself.


Now Save it.

Your infectious Word Document is ready to spread. You can send it in the email. Now, the user just has to enable the macros and they will be infected by your botnet/Rat/whatever. Send a lot of this document out to people and you are bound to have some takers.


Tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *