So I had Word opened and Microsoft AutoUpdate ran and I saw that there were updates to install. Being curious as I was, I went to the link listed about the "security update" and saw that there were exploits that allowed for the possibility of remote code execution in various versions of Excel. To see the table showing which are exploitable, check this link out. That is where I also found the two CVE numbers that were associated with the version of Excel that I'm running: Excel 2016 for Mac. I went to exploit-db.com to check out the CVE's listed: CVE-2015-2520 and CVE-2015-2523. Being the curious type I am, I downloaded the linked files and saw that they were excel files. Tried opening them, but Excel just warned me saying that they were corrupt or that there may be some missing data; no crashes. I'm still pretty new to this world but I'm wondering, does that just mean that my Excel is vulnerable but requires a different approach than what was done with the sample on db-exploit? Or does it just mean that it could be OS specific (I'm running OS X 10.11 which has added a lot of extra security features)? I'm also wondering how an exploit like this is made, is this something you can do with a hex editor? And how might you take something like this and insert a payload?
- Hot
- Active
-
Forum Thread:
How to Find Someones Location by Image
3
Replies
10 hrs ago -
Forum Thread:
Hack Instagram Account Using BruteForce
194
Replies
1 day ago -
Backdoor, Listeners:
How to Know if Your Computer or Smartphones Have One?
28
Replies
1 day ago -
Forum Thread:
How to Crack Instagram 6 Digit Confirmation Code When You Have the Password?
1
Replies
1 wk ago -
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
36
Replies
1 wk ago -
Forum Thread:
Boosting TX Power on Alfa AWUS036NHA
4
Replies
1 wk ago -
Forum Thread:
How to Gain Access to an Android Over WAN
22
Replies
1 wk ago -
Forum Thread:
HELP I Created an Apk for Hacking My Phone Using Kali Linux in Virtual Box How Can I Install That Apk on My Phone
16
Replies
2 wks ago -
Forum Thread:
How to Embed an Android Payload in an Image?
8
Replies
2 wks ago -
Forum Thread:
Complete Guide to Creating and Hosting a Phishing Page for Beginners
44
Replies
2 wks ago -
Forum Thread:
Learn to Hack an Android Device Over the Internet Remotely
4
Replies
2 wks ago -
Forum Thread:
Cracking Passwords Using John the Ripper
14
Replies
2 wks ago -
Forum Thread:
Hacking Facebook,Twitter,Instagram Account Passwords with BruteForce
161
Replies
2 wks ago -
Forum Thread:
Need Help with FatRat Over WAN
3
Replies
2 wks ago -
How to:
Embed MSF Payload in Original APK Files | Part #1 - Using TheFatRAT
22
Replies
2 wks ago -
Forum Thread:
Cant Login to Live Persistant Mood
1
Replies
2 wks ago -
Forum Thread:
Kali Wont Start, Stuck at Kali Login:
20
Replies
2 wks ago -
Forum Thread:
I Wan't to Learn Pentesting, and Planning to Learn Both C++ and Python. But I'm Not Sure About What I Should Start With?
2
Replies
3 wks ago -
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
8
Replies
3 wks ago -
Forum Thread:
Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom?
117
Replies
4 wks ago
-
How To:
Fingerprint Web Apps & Servers for Better Recon & More Successful Hacks
-
How To:
Hack Android Using Kali (Remotely)
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How To:
Exploit EternalBlue on Windows Server with Metasploit
-
How To:
Phish for Social Media & Other Account Passwords with BlackEye
-
How To:
Create a Persistent Back Door in Android Using Kali Linux:
-
How To:
Brute-Force Nearly Any Website Login with Hatch
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To:
The Hacks Behind Cracking, Part 1: How to Bypass Software Registration
-
How To:
Crack SSH Private Key Passwords with John the Ripper
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
-
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To:
Crack Shadow Hashes After Getting Root on a Linux System
-
Steganography:
How to Hide Secret Data Inside an Image or Audio File in Seconds
-
How To:
Brute-Force Email Using a Simple Bash Script (Ft. THC Hydra)
-
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
-
Hack Like a Pro:
How to Crack Passwords, Part 4 (Creating a Custom Wordlist with Crunch)
3 Responses
Yes these look like Windows only exploits because of the .dll and .exe file versions in the code. I can try these at some point if I have time
Right, but at the same time, Microsoft has issued a patch for Microsoft Office 2011 and 2016 for Mac, citing these two exploits as the reason for the patch, so there must be a way to use the exploits on the OS X versions as well, but I supposed it would be somewhat different if it was based off of a dll injection.
Maybe Microsoft still used DLLs for office for mac?
Share Your Thoughts