current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Information Security Stack Exchange is a question and answer site for Information security professionals. It's 100% free, no registration required.
up vote 0 down vote favorite

I know how a buffer overflow works on a local network against an application running on a TCP port, assuming it doesn't drop the connection, but I would like some advice on an "exploit" I would like to try to develop. I would like to do a buffer overflow on word by injecting the appropriate script into the macro of a word doc and then sending it to the victim. I am wondering a few things. One, is this even possible? In answering this question, please disregard the fact that Word almost certainly has techniques of preventing this (ie disabling macros). Two, what software do I need to inject my script to the macro? And three, is is possible to write the program in Python and still have it work against a victim without Python on their computer?

share|improve this question

1 Answer 1

up vote 1 down vote

Why would you bother using a bufferoverflow when using Macros? It would be easier to just inject some VB script which does calls to, for instance, powershell (there is a really good exploitation framework here named PowerSploit).

Exploits which do target bufferoverflows within Word, are a lot harder to find and exploit. If the target has EMET installed, you're immediately completely out of luck.

share|improve this answer
    
OK, thanks. This is more a conceptual question than a "I want a practical attack" question; I am asking it because I would simply like to expand my knowledge. However, I did not know about PowerSploit and will be sure to check it out. If you have anything else to add I would love to hear it. –  KnightOfNi Jan 14 '14 at 2:18
    
Looking at PowerSploit and I have a couple of questions... First of all, I don't think this is VBS (which is an opinion based on an extremely limited knowledge of VBS, I pretty much looked for the word "Sub" and didn't find it 80000 times), and second of all I haven't the slightest idea how to edit this code such that it will connect to the handler I want it to... –  KnightOfNi Jan 14 '14 at 2:35
    
No, you use VB to stage your powersploit attack... –  Lucas Kauffman Jan 14 '14 at 5:44
    
OK, so you're saying I just use VB to start up the PowerSploit program? Assuming you are, would I inject PowerSploit into the macro too, even though it isn't VBS, or have my VBS download it first (if that's even possible... may have to read up on VBS)? –  KnightOfNi Jan 14 '14 at 23:38

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.