module

Microsoft Excel .SLK Payload Delivery

Disclosed	Created
2018-10-07	2019-03-19

Disclosed

2018-10-07

Created

2019-03-19

Description

This module generates a download and execute Powershell
command to be placed in an .SLK Excel spreadsheet.
When executed, it will retrieve a payload via HTTP
from a web server. When the file is opened, the
user will be prompted to "Enable Content." Once
this is pressed, the payload will execute.

Authors

Carter Brainerd
Stan Hegt
Pieter Ceelen

Platform

Windows

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/windows/fileformat/office_excel_slk
    msf exploit(office_excel_slk) > show targets
        ...targets...
    msf exploit(office_excel_slk) > set TARGET < target-id >
    msf exploit(office_excel_slk) > show options
        ...show and set options...
    msf exploit(office_excel_slk) > exploit

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today