Excel A Hackers Best Friend(Metasploit Payload Delivery)

I recently discovered an excellent way to use Excel macros to store and execute Metasploit payloads. I tested it out on a recent pentest and found that it also evades detection by the most recent version of Symantec enterprise. It is as easy as 1,2,3.

1. Create an excel document which entices users to enable macros. Below is an example:


The spreadsheet displays a warning informing victims that the document can not be viewed properly without macros enabled. Additionally, several cells in the spreadsheet appear to have calculation errors.

2.Using metasploit, export your desired payload in vbs format. I choose to used the meterpreter reverse shell. :)

3. Create your macro. Insert your vbs file into an excel macro as a string variable. Create a macro function which writes the vbs string to a file on the OS and then executes it. No, I will not give you the code. Finally create a function in your macro which fixes all of the "calculation errors" in the spreadsheet. Don't want your victim getting suspicious.

Its as easy as that. Excel provides a way to deliver and execute the entire Metasploit payload without AV or the victim ever knowing what hit them. Beautiful simplicity.