Exploiting Microsoft Word Zero Day Vulnerability

The Microsoft Office zero-day attack, uncovered by researchers from security firms McAfee and FireEye, starts simply with an email that attaches a malicious Word file containing a booby-trapped OLE2link object.

 Now I will show you how to exploit HTA Handler Vulnerability in MS Word. 
In this first video I will show you how to make a HTA payload in Kali Linux which will initiate a reverse-tcp connection to the listener.
First you will have to create a HTA payload. Here I am using a tool called unicorn to create a HTA payload. Open up your terminal and download unicorn from git.
Download Unicorn From : https://github.com/trustedsec/unicorn
Now go inside the directory and execute
python unicorn.py

This will show you all the possible methods of using unicorn.

Just copy the HTA payloads line and paste it in the terminal. Only thing you have to change is the LHost address which is the IP address of the machine in which the listener is running. 
Our payload has been generated. All we need is this launcher.hta file. 
Now its time to test it. Now we have to copy this to /var/www/html/ so that it can be accessed using web browsers and make sure apache is running.

Start the listener using metasploit setting the payload windows/meterpreter/reverse_tcp
Next go to your windows machine and open our payload and lets see what happens.
The reverse TCP connection will be established and we get the shell. 
In this video I will show you how to  use this payload in MS Word Document.
First open MS Word and start a simple document.
Now go to insert tab and select object
on that select "create from file" and in this text box enter the url of the file that we created on the first part. tick link to file and display as icon. If u want you can give it a custom icon or you can even hide the icon.
Now save the file somewhere and close it.
When someone opens this document and click on the icon, the hta file will be downloaded and executed, initiating the reverse shell.
But the thing is, user interaction is needed here. the icon and text may look somewhat suspicious to the user. so some social engineering is required to get the user to run the payload as they must double click the icon

In the next video I will show you how to make the payload download and execute automatically when we start the document.

Dont forget to subscribe to my channel, just follow this link and click the subscribe button.