go-subdoc

A tool made in Go that injects a hidden malicious subdoc in a Word document.
This comes in handy on phishing campaigns for stealing the NTLMv2 hash of the victim.

Tested on Microsoft Office 2016 and 2019. Not guarateed to work on the latest Microsoft Office 365 version.

Usage

go-subdoc -input target.docx/docm -target example.com/127.0.0.1

  -input string
        Target document
  -target string
        Target server (only domain / ip address)

Please input only either a domain or an IP Address as the target. No UNC paths or locations.

References

https://rhinosecuritylabs.com/research/abusing-microsoft-word-features-phishing-subdoc/

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
ooxml		ooxml
.gitignore		.gitignore
.markdownlint.json		.markdownlint.json
LICENSE		LICENSE
README.md		README.md
compile.cmd		compile.cmd
compile.sh		compile.sh
go.mod		go.mod
go.sum		go.sum
howto_en.md		howto_en.md
howto_pt.md		howto_pt.md
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

go-subdoc

Usage

References

About

Releases 1

Packages

Languages

License

offsec-org/go-subdoc

Folders and files

Latest commit

History

Repository files navigation

go-subdoc

Usage

References

About

Topics

Resources

License

Stars

Watchers

Forks

Releases 1

Packages 0

Languages

Packages