Our goal for this project was to execute a phishing attack by exploiting Microsoft Excels macro functionality. We were motivated to replicate an attack like this one because one our internships rely heavily on excel for data management, and two is since the start of the COVID 19 pandemic, these attacks have increased by an order of magnitude due to the number of documents being shared online. As such we found a couple of papers online about how these attacks work and began working on building our own
The attack works by having Excel run a piece of code which initiates a connection with the attacking computer, so that the attacker can evade the target's firewalls. To do this, we used metasploit to generate a reverse TCP protocol payload which when run initiates a TCP connection with the attacking computer. Once Initiated, the attacking computer can gain access to the target's shell and has complete root access. For our purposes specifically, we wrote our payload file in python, then got Excel to write that python code to the targets computer and finally instructed excel to run that file giving us root access to a targets computer successfully completing the exploit.
This specific attack is very dangerous because as soon as you open up the malicious file, the connection is made. Also, it has a high target market of potential targets because of the amount of computers that have Microsoft Excel installed. To protect yourself from an attack such as this one the only real mechanism of defense is to not open up files unless you are 100% sure the contents inside are non malicious.