So I had Word opened and Microsoft AutoUpdate ran and I saw that there were updates to install. Being curious as I was, I went to the link listed about the "security update" and saw that there were exploits that allowed for the possibility of remote code execution in various versions of Excel. To see the table showing which are exploitable, check this link out. That is where I also found the two CVE numbers that were associated with the version of Excel that I'm running: Excel 2016 for Mac. I went to exploit-db.com to check out the CVE's listed: CVE-2015-2520 and CVE-2015-2523. Being the curious type I am, I downloaded the linked files and saw that they were excel files. Tried opening them, but Excel just warned me saying that they were corrupt or that there may be some missing data; no crashes. I'm still pretty new to this world but I'm wondering, does that just mean that my Excel is vulnerable but requires a different approach than what was done with the sample on db-exploit? Or does it just mean that it could be OS specific (I'm running OS X 10.11 which has added a lot of extra security features)? I'm also wondering how an exploit like this is made, is this something you can do with a hex editor? And how might you take something like this and insert a payload?
- Hot
- Active
-
Forum Thread:
How to Hack a Website to Edit It
19
Replies
11 hrs ago -
Forum Thread:
Hack Instagram Account Using BruteForce
194
Replies
1 day ago -
Forum Thread:
Android Doesn't Connect Back to Metasploit with App Payload?
18
Replies
1 day ago -
Forum Thread:
Hacking Facebook,Twitter,Instagram Account Passwords with BruteForce
156
Replies
1 day ago -
Forum Thread:
Kali Linux WiFi Problem?
41
Replies
2 days ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
173
Replies
3 days ago -
Forum Thread:
How to Start Listening Connections on Metaslpoit (WINDOWS)
8
Replies
4 days ago -
Forum Thread:
Grab Target's Webcam by Link
4
Replies
4 days ago -
How to:
HACK Android Device with TermuX on Android | Part #2 - Over WLAN Hotspot [Ultimate Guide]
24
Replies
5 days ago -
Forum Thread:
Complete Guide to Creating and Hosting a Phishing Page for Beginners
41
Replies
1 wk ago -
Forum Thread:
No Wireless Extensions in Linux Debian
3
Replies
1 wk ago -
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
6
Replies
1 wk ago -
Forum Thread:
Bruteforce Password Cracker (ghoster_brute)
6
Replies
2 wks ago -
Forum Thread:
Txpower Adjustment?
17
Replies
2 wks ago -
Forum Thread:
How to Controll Multiple Devices Using a Meterpreter ?
4
Replies
2 wks ago -
Forum Thread:
Delete Infected Apk from Victim Phone Remotely
1
Replies
2 wks ago -
How to:
Install Metasploit Framework on Android | Part #1 - in TermuX
81
Replies
2 wks ago -
Forum Thread:
The Most Anonymous Reconnaissance Technique?
1
Replies
2 wks ago -
Forum Thread:
Tp-Link wn8200nd
2
Replies
3 wks ago -
Forum Thread:
How to Identify and Crack Hashes
6
Replies
3 wks ago
-
How To:
Perform Keystroke Injection Attacks Over Wi-Fi with Your Smartphone
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How To:
Hack Android Using Kali (Remotely)
-
How To:
Phish for Social Media & Other Account Passwords with BlackEye
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How To:
Crack Password-Protected ZIP Files, PDFs & More with Zydra
-
How To:
Networking Basics for the Aspiring Hacker
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How To:
Hunt Down Social Media Accounts by Usernames with Sherlock
-
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
-
How To:
Spy on Traffic from a Smartphone with Wireshark
-
How To:
Brute-Force Nearly Any Website Login with Hatch
-
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To:
Find Anyone's Private Phone Number Using Facebook
-
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
-
How To:
Get an Internet Connection in the Middle of Nowhere to Hack Remotely
3 Responses
Yes these look like Windows only exploits because of the .dll and .exe file versions in the code. I can try these at some point if I have time
Right, but at the same time, Microsoft has issued a patch for Microsoft Office 2011 and 2016 for Mac, citing these two exploits as the reason for the patch, so there must be a way to use the exploits on the OS X versions as well, but I supposed it would be somewhat different if it was based off of a dll injection.
Maybe Microsoft still used DLLs for office for mac?
Share Your Thoughts