Disguising payload for victim to start through email
I am trying to find the best way to send my payload via email to the victim and then have them open it. However, with most payloads being .py, .bat,. or exe this does not seem like it would work easily or even at all. I saw some guides on how to embed a veil payload in an office document, but it does not seem to be reliable (and it requires the user to enable macros).
How do you guys recommend I disguise my payload so that the user opens it and does not have to do much else(such as enable macros?). I was trying to bind the exe file to a picture but that worked sometimes and not others.
What do you guys recommend? I was going to try an exploit specifically, as I know he uses Windows 7, office 2003, and uses IE. But with the exploit for 2003, I have no way of testing to see if they work, or if updates from microsoft stopped the exploit from working. And also, very few if any say they support Office 2003 and Win 7, usually 2003 and XP.
I was going to try pdf but again adobe has most likely blocked that, and I do not know if he uses adobe to open files.
Ill keep looking around, but in the mean time I wanted to ask the PRO's!