Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 12:43:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 403 pages modified

Browse source
This commit is contained in:
CPol 2020-11-29 23:31:10 +00:00 committed by gitbook-bot
parent 29f1c996c2
commit 5acd0ac9ea
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 42 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
pentesting/pentesting-smtp/README.md
View file

@ -364,6 +364,17 @@ You can attack some **characteristics** of **mail clients** to make the user thi
**Find more information about these protections in** [**https://seanthegeek.net/459/demystifying-dmarc/**](https://seanthegeek.net/459/demystifying-dmarc/)\*\*\*\* **Find more information about these protections in** [**https://seanthegeek.net/459/demystifying-dmarc/**](https://seanthegeek.net/459/demystifying-dmarc/)\*\*\*\*
### **Other phishing indicators**
* Domains age
* Links pointing to IP addresses
* Link manipulation techniques
* Suspicious \(uncommon\) attachments
* Broken email content
* Values used that are different to those of the mail headers
* Existence of a valid and trusted SSL certificate
* Submission of the page to web content filtering sites
## Exfiltration through SMTP ## Exfiltration through SMTP
**If you can send data via SMTP** [**read this**](../../exfiltration.md#smtp)**.** **If you can send data via SMTP** [**read this**](../../exfiltration.md#smtp)**.**

31
phising-documents.md
View file

@ -1,5 +1,19 @@
# Phising Documents # Phising Documents
Microsoft Word performs file data validation prior to opening a file. Data validation is performed in the form of data structure identification, against the OfficeOpenXML standard. If any error occurs during the data structure identification, the file being analysed will not be opened.
Usually Word files containing macros uses the `.docm` extension. However, it's possible to rename the file changing the file extension and still keep their macro executing capabilities.
For example, an RTF file does not support macros, by design, but a DOCM file renamed to RTF will be handled by Microsoft Word and will be capable of macro execution.
The same internals and mechanisms apply to all software of the Microsoft Office Suite \(Excel, PowerPoint etc.\).
You can use the following command to check with extensions are going to be executed by some Office programs:
```bash
assoc | findstr /i "word excel powerp"
```
DOCX files referencing a remote template \(File Options Add-ins Manage: Templates Go\) that includes macros can “execute” macros as well.
### Word with external image ### Word with external image
Go to: _Insert --> Quick Parts --> Field_ Go to: _Insert --> Quick Parts --> Field_
@ -7,3 +21,20 @@ _**Categories**: Links and References, **Filed names**: includePicture, and **Fi
![](.gitbook/assets/image%20%28347%29.png) ![](.gitbook/assets/image%20%28347%29.png)
### Macros Code
```bash
Dim author As String
author = oWB.BuiltinDocumentProperties("Author")
With objWshell1.Exec("powershell.exe -nop -Windowsstyle hidden -Command-")
.StdIn.WriteLine author
.StdIn.WriteBlackLines 1
```
## Autoload functions
The more common they are, the more probable the AV will detect it.
* AutoOpen\(\)
* Document\_Open\(\)
*