Blog

Malicious ODT File Generator Metasploit Module

I decided that I’d have a go at writing a Metasploit module as it’s been a while since I’ve programmed anything in Ruby. When writing the python script which I previously posted, I created an odt file and then just added the modified content.xml file. Doing this in Metasploit and Ruby proved more challenging andContinue reading Malicious ODT File Generator Metasploit Module

NTLM Credential Theft via malicious ODT Files

CVE-2018-10583 https://www.exploit-db.com/exploits/44564/ A couple of days ago a piece of research was published by Check Point showing how NTLM hashes can be leaked via PDF files with no user interaction or exploitation. Their work was following on from recent discoveries that MS Outlook using OLE can be used to steal credentials also. Now Microsoft doContinue reading NTLM Credential Theft via malicious ODT Files