This is a short post about MicroSploit, an open source toolkit that helps you create custom office platform based backdoors using the Metasploit framework and the different payloads it supports.
It is a simple bash script that uses command line inputs and Zenity for creating GTK+ dialog boxes to accept additional input. As of now, MicroSploit supports the creation of backdoors for the following platforms:
- MS12-027 MSCOMCTL ActiveX Buffer Overflow
- Microsoft Office Word Malicious Macro Execution on Windows
- Microsoft Office Word Malicious Macro Execution on Mac OS X (Python)
- Apache OpenOffice Text Document Malicious Macro Execution on Windows (PSH)
- Apache OpenOffice Text Document Malicious Macro Execution on Linux/OSX (Python)
The toolkit is Metasploit v4.14.0-dev compliant and since this is all done via Metaspoit, the following payloads are supported:
All in all this version, code named “Mario Bros” is easy to use and supported on operating systems such as Kali Linux, Parrot Security OS and BackBox out of the box. You will have to install the necessary tools for this to work on your OS. This tool can also be customized to run other Metasploit supported client side attacks related to Adobe, and other software’s easily.
Start by checking out the GIT repository, browse to the directory created and run the following to access the tool:
chmod +x Microsploit && ./Microsploit