This is a note for myself describing various Visual Basic macros construction techniques that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.
All of the below examples had been generated for using as a remote address: 192.168.56.101.
- Page substiution macro for luring user to click Enable Content
- The Unicorn Powershell based payload