Forum Thread: So, Can Metasploit Make a Doc File Trojan?

I mean the final file must be with a file extension of ".Doc" , and I want the trojan to be made by myself(not a metasploit one). Can I achieve that with metasploit ?

And another question, how do I find out all the exploits with MS Office? People of course always better use the most new ones,right?

Thank you!

4 Responses


Welcome to Null Byte!

Metasploit can create a trojan with a .doc extension. See this tutorial. As for using your own, Metasploit will accept your own trojan. You can create it, embed it a .doc and use Metasploit to deliver it.

Hope that answers your question.


Wow,Thanks OTW. That is awesome. Nobody will reject to open a .doc file. I am learning, does Metasploit allow us make use of the newest (or just new enough) vulnerabilities of MS Office? Or usually just some very old ones? And I don't assume there are a lot of vulnerabilities that can be taken advantage to create a embedded file with a .doc extension?(How does someone know they<like ms10 087 rtf pfragments bof> are able to be used for that?)

Thanks again for the swift reply!


Metasploit is a framework for exploitation. This means that it can be used by just about any exploit and payload, including brand new ones that you create.

New vulnerabilities are being found every week in Microsoft Word. Check out this tutorial.


Thanks OTW. wonderful. I hate myself I get to know this site late :)

Share Your Thoughts

  • Hot
  • Active