Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: H D Moore (hdmSECUREAUSTIN.COM)
Date: Thu Feb 22 2001 - 05:58:41 CST
-----BEGIN PGP SIGNED MESSAGE-----
If you have access to any of the Microsoft Office products, you already have
an easy way to execute commands, modify the registry, or create a network
backdoor. VBA macros can be used to do ANYTHING. Every office product
supports them and almost everyone can write them. For example:
1. Open Word.
2. Hit Alt+F11 or select the Visual Basic Macro Editor from the Tools menu.
3. Double-Click the ThisDocument object in the Project window
4. Select the Document object from the left drop-down in the code window
5. Select the New event from the right drop-down in the code window
6. Add the following line into the Document_New() subroutine.
7. Hit F5 and wait for your command shell.
I have used this to do everything from removing access limiting software to
creating remote command shells that use an outbound connection...
On Thursday 22 February 2001 04:11 am, Anders Ingeborn wrote:
[ snip ]
> Details: It can be exploited as:
> (1) write a program with main function DllMain() and compile it as a .dll
> that you give the
> name "ntshrui.dll"
> (2) Put your .dll in the same directory as a word document.
> (3) Close all Office applications
> (4) Double-click on the word document
> (5) When MS Word initializes it will use your ntshrui.dll instead of the
> one in %systemroot% and your code will be executed
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
-----END PGP SIGNATURE-----